Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b3a51bb-3b48-42e4-9305-dff0c17ee11a.roa
File:                     1b3a51bb-3b48-42e4-9305-dff0c17ee11a.roa (raw, json)
Hash identifier:          FEZKbJdOmRXzdyE9BCA8LxzD+YPjBsIPPoHqKdvqCwU=
Subject key identifier:   63:96:80:DC:7C:0C:F6:33:79:6F:F2:95:64:E9:94:72:76:B2:EB:7D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       61DEAE28ABE2AD4F66C93746FD24CC25E1F4C358
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b3a51bb-3b48-42e4-9305-dff0c17ee11a.roa
Signing time:             Tue 01 Apr 2025 00:30:14 +0000
ROA not before:           Tue 01 Apr 2025 00:30:14 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.240.0/20 maxlen: 20

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:de:ae:28:ab:e2:ad:4f:66:c9:37:46:fd:24:cc:25:e1:f4:c3:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  1 00:30:14 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: serialNumber=9232238d326029fcd4a0f09e3e2fe08644c54190561f9c2f43ed995fb176b98e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:03:79:c9:6f:d9:c2:05:97:48:fd:e2:d8:13:
                    3f:f9:15:a2:d6:7a:da:b6:28:8e:70:40:a1:b3:6b:
                    73:ac:6d:5e:d7:dd:e6:2b:a7:63:fb:db:96:3c:95:
                    ad:a6:85:15:c2:9b:c0:03:5d:57:18:ad:c4:08:81:
                    ef:59:d6:ef:fc:8b:3a:0a:f4:86:25:06:6c:27:22:
                    b3:98:77:a8:5e:b2:d1:ea:61:72:45:19:9b:a3:2c:
                    a4:7a:14:01:d2:aa:c5:f3:92:bd:c4:92:7b:b4:60:
                    8a:24:30:02:1f:1a:c2:c9:78:3f:1e:b2:a0:25:5a:
                    28:a4:d2:fd:b6:03:81:91:ff:b5:85:d4:ef:92:4d:
                    64:24:1f:c5:fd:dd:01:9f:21:d7:26:90:56:05:b2:
                    3d:b2:7f:5c:05:f7:a6:d7:a5:b6:e7:24:3d:f6:6f:
                    52:99:5a:76:f3:03:f7:ce:61:4c:cc:5c:23:21:4c:
                    d7:82:b2:cf:dd:38:11:dc:bb:8e:51:41:ac:b6:f6:
                    94:4f:ef:5b:c9:86:06:f1:9d:29:59:73:8c:a6:16:
                    95:04:13:69:f2:35:75:d9:1a:48:89:75:32:9b:a8:
                    e7:7d:e1:1c:10:91:dc:79:7b:2e:58:bc:59:d5:7f:
                    95:64:67:45:05:5f:29:a5:c6:ff:22:a2:7a:e9:53:
                    ad:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:96:80:DC:7C:0C:F6:33:79:6F:F2:95:64:E9:94:72:76:B2:EB:7D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b3a51bb-3b48-42e4-9305-dff0c17ee11a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5c:0c:d0:93:8c:f9:92:6c:a2:4e:9b:64:bb:3b:d4:95:26:c3:
         d7:7c:12:94:9e:c0:8d:12:01:be:cc:a9:21:3a:a8:47:e4:45:
         0f:ea:5d:d6:1a:e3:74:7c:25:ae:2f:00:bb:57:4d:0a:4c:00:
         03:ca:4e:9d:22:b3:4a:bd:7e:88:48:99:ed:24:be:a7:00:c4:
         2f:01:e9:2e:dd:dc:c5:08:d4:ed:4c:81:46:f8:20:99:27:e1:
         79:a5:76:7b:e0:53:1e:20:fc:5b:f2:f9:ab:9a:50:2b:45:f2:
         c2:98:83:80:60:c4:e2:44:06:aa:e0:19:43:0a:d2:30:f2:10:
         cc:c0:10:db:dc:d0:f3:8e:de:bb:78:30:2f:a8:c9:23:46:21:
         b5:fd:a3:8c:f5:e6:dc:0b:66:07:17:6b:9a:b0:95:01:03:6c:
         69:f0:74:4e:c2:3f:f3:3d:46:35:ff:ac:c3:75:42:62:f1:0b:
         12:0c:0a:fa:da:53:a3:3d:b9:2e:18:55:f5:71:fd:5f:2a:9d:
         0d:3c:61:0f:bf:ef:c5:b6:ac:03:05:c0:22:3c:3b:83:4e:c7:
         11:c1:85:b9:85:e3:5e:dc:a6:49:df:90:2d:c2:32:b5:1f:02:
         63:66:f5:54:a8:76:e8:3a:66:28:77:b4:ff:7f:eb:77:df:87:
         4e:9e:10:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYd6uKKvirU9myTdG/STMJeH0w1gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDAxMDAzMDE0WhcNMjUwNTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjMyMjM4ZDMyNjAyOWZjZDRhMGYwOWUzZTJmZTA4NjQ0
YzU0MTkwNTYxZjljMmY0M2VkOTk1ZmIxNzZiOThlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpA3nJb9nCBZdI/eLYEz/5FaLWetq2KI5wQKGza3OsbV7X
3eYrp2P725Y8la2mhRXCm8ADXVcYrcQIge9Z1u/8izoK9IYlBmwnIrOYd6hestHq
YXJFGZujLKR6FAHSqsXzkr3Eknu0YIokMAIfGsLJeD8esqAlWiik0v22A4GR/7WF
1O+STWQkH8X93QGfIdcmkFYFsj2yf1wF96bXpbbnJD32b1KZWnbzA/fOYUzMXCMh
TNeCss/dOBHcu45RQay29pRP71vJhgbxnSlZc4ymFpUEE2nyNXXZGkiJdTKbqOd9
4RwQkdx5ey5YvFnVf5VkZ0UFXymlxv8ionrpU62ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY5aA3HwM9jN5b/KVZOmUcnay630wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFiM2E1MWJiLTNiNDgtNDJlNC05MzA1LWRmZjBjMTdlZTExYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ0X/AwDQYJKoZIhvcNAQELBQADggEBAFwM0JOM+ZJsok6bZLs71JUmw9d8
EpSewI0SAb7MqSE6qEfkRQ/qXdYa43R8Ja4vALtXTQpMAAPKTp0is0q9fohIme0k
vqcAxC8B6S7d3MUI1O1MgUb4IJkn4XmldnvgUx4g/Fvy+auaUCtF8sKYg4BgxOJE
BqrgGUMK0jDyEMzAENvc0POO3rt4MC+oySNGIbX9o4z15twLZgcXa5qwlQEDbGnw
dE7CP/M9RjX/rMN1QmLxCxIMCvraU6M9uS4YVfVx/V8qnQ08YQ+/78W2rAMFwCI8
O4NOxxHBhbmF417cpknfkC3CMrUfAmNm9VSodug6Zih3tP9/63ffh06eEE0=
-----END CERTIFICATE-----