Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0501046c-c40d-474e-b727-66909023d247.roa
File:                     0501046c-c40d-474e-b727-66909023d247.roa (raw, json)
Hash identifier:          f9U60Krsd/Z+Z3oZSe3tCXpfKDsvr7rT6enbmwvA5Lc=
Subject key identifier:   BB:81:A3:11:7F:C5:F0:FD:43:5F:CE:6F:7D:64:C4:71:C2:15:75:C6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       43023AE5BC9BF53B12780CEE66786C3DAEB412A6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0501046c-c40d-474e-b727-66909023d247.roa
Signing time:             Fri 28 Mar 2025 18:01:41 +0000
ROA not before:           Fri 28 Mar 2025 18:01:41 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.223.0.0/17 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:02:3a:e5:bc:9b:f5:3b:12:78:0c:ee:66:78:6c:3d:ae:b4:12:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 28 18:01:41 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=d3415c6189d8f728f8167c9428c0460c730d3f470abe8728a6af9df300ea6a76, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cc:3b:39:a0:11:49:ec:55:58:38:5b:10:46:
                    bd:b3:a1:23:60:5e:01:45:69:42:d4:6c:ee:04:33:
                    74:72:1f:a3:72:81:81:6d:dc:15:98:99:43:1b:31:
                    2c:c7:06:d7:59:f4:c9:ec:b2:ec:62:d3:3b:65:79:
                    61:12:72:df:ac:4d:d0:ab:e2:39:8c:82:a2:c4:51:
                    ad:c3:fa:f0:f0:95:5c:de:20:26:67:67:87:e2:94:
                    0d:3e:c4:18:7f:6b:70:06:23:88:76:09:05:e9:6e:
                    6e:53:53:32:be:d3:35:4f:bd:19:27:8d:b8:9c:8e:
                    f9:cd:98:ee:4c:d4:37:ed:d5:6e:bd:1a:ef:12:4d:
                    8f:c7:ef:c4:b8:5f:21:d0:a5:72:d5:9e:a5:0b:2d:
                    22:eb:1d:03:86:7e:2d:67:78:bb:97:eb:c9:99:19:
                    fb:1e:12:4a:2d:ff:32:35:b1:27:b6:72:ab:1b:64:
                    ae:56:d4:fe:ed:07:3e:53:e3:d2:a8:39:c5:71:f0:
                    76:8f:b0:a5:3e:9d:7b:3b:37:de:a9:b4:d4:7d:ae:
                    a6:18:6b:86:d7:83:fc:aa:b1:92:6a:cf:e0:34:4c:
                    0f:f8:d0:2a:e4:a5:91:1c:19:ab:82:db:09:1d:da:
                    5c:4c:9e:da:8d:0f:09:8a:ca:a0:30:58:c9:27:57:
                    15:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:81:A3:11:7F:C5:F0:FD:43:5F:CE:6F:7D:64:C4:71:C2:15:75:C6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0501046c-c40d-474e-b727-66909023d247.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.223.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         31:7a:d7:bd:c6:69:14:3d:f9:66:04:c6:d4:c7:36:f9:1f:1e:
         c4:87:34:e0:3e:c0:67:7d:a3:d5:88:09:89:f5:9e:7c:7a:70:
         f2:dd:43:0a:b5:6e:62:20:c1:54:72:e5:ab:d1:34:58:89:a0:
         cc:9f:06:1f:ec:de:7e:f9:90:1d:2d:9e:31:d6:b6:9f:53:75:
         9b:44:f7:be:6a:1d:d3:7e:a3:85:b3:c6:7c:12:d0:79:15:ed:
         fb:80:cd:f0:7b:1b:0d:a8:84:da:1c:5a:0a:c1:1f:01:5d:44:
         7d:e4:2b:ca:47:bd:43:0f:a3:34:d2:b9:48:b6:bb:a8:0d:e7:
         1a:a2:3e:8b:34:8f:5e:41:a3:c4:04:08:e8:47:de:c4:35:d4:
         7e:5a:9d:05:1f:e6:e1:4f:07:1a:67:44:b2:82:9a:ff:06:e0:
         e5:80:f5:26:82:5f:63:cf:dc:e3:24:47:14:2e:1a:f8:e8:8b:
         5f:5b:fa:e7:ac:8d:7c:80:0f:93:81:fc:b8:60:e3:5b:a9:80:
         68:1c:95:63:52:4e:e3:02:57:6f:cc:fa:e9:21:96:35:a1:cf:
         ee:29:e8:3d:75:33:53:34:59:8a:ac:42:a2:5f:ee:c5:c1:8a:
         89:0b:d6:49:6a:91:d4:21:14:ae:bc:5c:32:5e:33:85:bc:fe:
         8b:97:4a:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQwI65byb9TsSeAzuZnhsPa60EqYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI4MTgwMTQxWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMzQxNWM2MTg5ZDhmNzI4ZjgxNjdjOTQyOGMwNDYwYzcz
MGQzZjQ3MGFiZTg3MjhhNmFmOWRmMzAwZWE2YTc2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4zDs5oBFJ7FVYOFsQRr2zoSNgXgFFaULUbO4EM3RyH6Ny
gYFt3BWYmUMbMSzHBtdZ9Mnssuxi0ztleWESct+sTdCr4jmMgqLEUa3D+vDwlVze
ICZnZ4filA0+xBh/a3AGI4h2CQXpbm5TUzK+0zVPvRknjbicjvnNmO5M1Dft1W69
Gu8STY/H78S4XyHQpXLVnqULLSLrHQOGfi1neLuX68mZGfseEkot/zI1sSe2cqsb
ZK5W1P7tBz5T49KoOcVx8HaPsKU+nXs7N96ptNR9rqYYa4bXg/yqsZJqz+A0TA/4
0CrkpZEcGauC2wkd2lxMntqNDwmKyqAwWMknVxXTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUu4GjEX/F8P1DX85vfWTEccIVdcYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA1MDEwNDZjLWM0MGQtNDc0ZS1iNzI3LTY2OTA5MDIzZDI0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc03wAwDQYJKoZIhvcNAQELBQADggEBADF6173GaRQ9+WYExtTHNvkfHsSH
NOA+wGd9o9WICYn1nnx6cPLdQwq1bmIgwVRy5avRNFiJoMyfBh/s3n75kB0tnjHW
tp9TdZtE975qHdN+o4WzxnwS0HkV7fuAzfB7Gw2ohNocWgrBHwFdRH3kK8pHvUMP
ozTSuUi2u6gN5xqiPos0j15Bo8QECOhH3sQ11H5anQUf5uFPBxpnRLKCmv8G4OWA
9SaCX2PP3OMkRxQuGvjoi19b+uesjXyAD5OB/Lhg41upgGgclWNSTuMCV2/M+ukh
ljWhz+4p6D11M1M0WYqsQqJf7sXBiokL1klqkdQhFK68XDJeM4W8/ouXSkQ=
-----END CERTIFICATE-----