Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0be22303-2442-4285-a074-ef6dde8f2f97.roa
File:                     0be22303-2442-4285-a074-ef6dde8f2f97.roa (raw, json)
Hash identifier:          Pi7cF8ad3lhd7Sv64qYAwVeN//d/dw1Z4GYK6PVMnHg=
Subject key identifier:   3A:FA:98:4D:54:A4:BC:31:6D:D9:FC:3E:A6:AA:31:A7:9D:D3:18:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4CCD9399B77DA13DB06D267B6DB1127D08B4A2B2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0be22303-2442-4285-a074-ef6dde8f2f97.roa
Signing time:             Mon 31 Mar 2025 17:11:17 +0000
ROA not before:           Mon 31 Mar 2025 17:11:17 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.168.0.0/14 maxlen: 14

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:cd:93:99:b7:7d:a1:3d:b0:6d:26:7b:6d:b1:12:7d:08:b4:a2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 17:11:17 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=93642ff29cc487d9562636d04929f9e0913fc76bc4839fbff45ff16a9130f8c1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c3:04:aa:bf:10:36:b8:4c:a2:25:ca:74:f6:
                    6a:fb:2b:00:f4:5d:76:b3:54:8c:79:bd:96:d6:74:
                    48:52:f2:d6:da:25:cd:37:46:8a:5a:69:80:bb:39:
                    de:91:ff:71:67:10:d9:cc:10:45:46:a7:74:98:b5:
                    00:ce:7a:bc:00:a2:20:07:70:4c:c7:b9:68:5b:18:
                    1f:6b:87:e9:9f:e4:d0:f8:da:1b:7b:a2:c1:59:83:
                    c0:be:39:71:c6:66:29:9b:d4:2c:04:52:c2:63:56:
                    f9:b4:13:c0:7e:16:5c:af:3a:a0:67:75:3a:07:7a:
                    1a:d8:b5:db:ba:a8:ae:38:21:3a:e5:4c:15:46:6b:
                    34:22:4b:68:6f:24:3f:b9:11:3e:83:18:3e:42:77:
                    2e:37:06:4c:18:7b:d5:18:0a:d4:cd:cd:53:e7:4e:
                    5a:0b:f8:19:4d:e4:a9:ef:0a:54:65:10:b1:3a:49:
                    60:01:a0:bb:dd:f2:38:9f:32:bb:3e:93:14:a8:3f:
                    96:83:1f:d8:fe:2c:73:7c:4c:ae:a9:3b:a9:a8:07:
                    cd:e9:32:06:e4:10:97:df:60:00:25:d8:fa:90:d7:
                    4c:c2:f8:6c:2c:7e:04:65:75:a8:4c:a8:45:d3:94:
                    2e:db:6e:f2:59:0f:4c:4a:67:e8:dc:5a:91:a1:ef:
                    8a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:FA:98:4D:54:A4:BC:31:6D:D9:FC:3E:A6:AA:31:A7:9D:D3:18:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0be22303-2442-4285-a074-ef6dde8f2f97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.168.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         5d:1d:45:e1:68:e1:c8:83:3b:40:90:2a:f4:16:76:2b:95:49:
         b4:b8:3b:60:8b:19:bb:b5:cf:57:c3:ea:7b:d9:2e:4b:9c:22:
         b2:18:c1:84:c1:6c:4e:b1:c3:0b:35:d8:a4:8e:d8:b2:13:c6:
         b1:84:93:73:3e:c5:78:8c:c6:53:40:c4:12:1b:57:2f:b6:f6:
         cb:31:b4:53:c5:6c:19:19:a3:20:77:1c:f2:4e:b2:cf:9a:e5:
         81:95:11:08:cc:8e:fa:87:91:a0:f9:f5:9b:41:82:c4:57:13:
         b6:8f:75:95:03:47:a1:d2:08:6e:c1:b0:bf:b5:83:88:60:86:
         54:18:dc:c4:fb:20:b8:db:18:d4:75:c3:01:49:4c:2d:32:56:
         26:8e:6d:6e:cc:53:1a:ae:67:7e:e0:a2:15:16:c4:72:79:b7:
         3c:86:86:8c:8d:3e:e9:16:93:18:4f:c1:89:0f:b0:2b:4a:d6:
         d5:af:2f:1d:2a:97:5b:59:a0:c0:fa:8d:ed:e3:35:9d:88:5e:
         74:8e:54:e8:0d:0a:16:8e:9e:f0:f9:8c:5a:8d:53:0f:e3:e0:
         82:dd:6d:5d:26:bc:ae:a1:87:90:3f:7f:da:32:05:37:db:61:
         94:32:fb:c0:8c:e5:7d:92:f3:da:23:68:82:b7:e6:de:a8:cf:
         c9:bb:ed:fb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTM2Tmbd9oT2wbSZ7bbESfQi0orIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTcxMTE3WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzY0MmZmMjljYzQ4N2Q5NTYyNjM2ZDA0OTI5ZjllMDkx
M2ZjNzZiYzQ4MzlmYmZmNDVmZjE2YTkxMzBmOGMxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpwwSqvxA2uEyiJcp09mr7KwD0XXazVIx5vZbWdEhS8tba
Jc03RopaaYC7Od6R/3FnENnMEEVGp3SYtQDOerwAoiAHcEzHuWhbGB9rh+mf5ND4
2ht7osFZg8C+OXHGZimb1CwEUsJjVvm0E8B+FlyvOqBndToHehrYtdu6qK44ITrl
TBVGazQiS2hvJD+5ET6DGD5Cdy43BkwYe9UYCtTNzVPnTloL+BlN5KnvClRlELE6
SWABoLvd8jifMrs+kxSoP5aDH9j+LHN8TK6pO6moB83pMgbkEJffYAAl2PqQ10zC
+GwsfgRldahMqEXTlC7bbvJZD0xKZ+jcWpGh74phAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOvqYTVSkvDFt2fw+pqoxp53TGBowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBiZTIyMzAzLTI0NDItNDI4NS1hMDc0LWVmNmRkZThmMmY5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwISqDANBgkqhkiG9w0BAQsFAAOCAQEAXR1F4WjhyIM7QJAq9BZ2K5VJtLg7
YIsZu7XPV8Pqe9kuS5wishjBhMFsTrHDCzXYpI7YshPGsYSTcz7FeIzGU0DEEhtX
L7b2yzG0U8VsGRmjIHcc8k6yz5rlgZURCMyO+oeRoPn1m0GCxFcTto91lQNHodII
bsGwv7WDiGCGVBjcxPsguNsY1HXDAUlMLTJWJo5tbsxTGq5nfuCiFRbEcnm3PIaG
jI0+6RaTGE/BiQ+wK0rW1a8vHSqXW1mgwPqN7eM1nYhedI5U6A0KFo6e8PmMWo1T
D+Pggt1tXSa8rqGHkD9/2jIFN9thlDL7wIzlfZLz2iNogrfm3qjPybvt+w==
-----END CERTIFICATE-----