Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24aeafda-b7b1-4a9d-8bdf-3482feb88280.roa
File:                     24aeafda-b7b1-4a9d-8bdf-3482feb88280.roa (raw, json)
Hash identifier:          Y+dSbhXaQbaCtVUp0ci76cAljQv7PVdcc0I5QIa0j4w=
Subject key identifier:   BE:C2:B0:07:7D:3E:A6:96:F7:F8:24:0B:F7:5B:6C:26:1D:F8:EF:66
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2E39D0D347308199518C3BA3090A617C997DAF78
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24aeafda-b7b1-4a9d-8bdf-3482feb88280.roa
Signing time:             Fri 21 Mar 2025 00:50:35 +0000
ROA not before:           Fri 21 Mar 2025 00:50:35 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.188.142.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:39:d0:d3:47:30:81:99:51:8c:3b:a3:09:0a:61:7c:99:7d:af:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 21 00:50:35 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: serialNumber=945702e211365c4dd260d541c0ca1cc2ec2ac1880aec5d4a18496557b69d5c7e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:bb:67:10:71:65:53:c0:92:4c:d6:34:25:18:
                    34:65:1f:32:fd:13:65:02:27:62:43:18:40:d7:18:
                    54:31:d2:9f:37:43:7e:46:a2:27:c1:28:00:a2:b8:
                    f8:b0:d3:e4:40:0d:e7:9a:57:44:c9:ef:48:f9:eb:
                    24:06:cc:d9:15:9e:fa:7b:21:48:e3:c2:df:46:08:
                    7c:ae:26:58:1f:53:65:09:95:73:26:88:ff:35:8d:
                    29:7d:c5:cb:8d:e1:78:b3:0b:81:81:30:e0:e2:80:
                    9f:59:92:15:fe:59:e2:c6:f2:e7:b1:ea:68:d5:cf:
                    fc:3b:c3:73:7b:03:b1:bf:cc:2a:c1:01:6e:d2:a6:
                    e5:44:a7:9a:f0:45:ad:35:1f:67:07:28:7b:87:c8:
                    b7:3f:18:5b:24:9c:d7:54:d4:3c:b1:fc:a1:78:12:
                    4b:96:ef:71:53:ae:c7:06:bd:ab:df:e4:dd:b5:af:
                    12:54:e9:f6:28:68:79:1a:2c:20:33:5c:1f:23:0e:
                    a5:4c:86:9f:b1:cd:93:3a:eb:25:f6:f0:4c:ec:10:
                    6e:84:e0:88:93:eb:dd:d2:8c:64:fe:84:79:6c:70:
                    a0:30:4b:93:9a:35:ba:39:fa:19:74:d2:85:fb:0f:
                    9c:2f:62:70:1b:44:45:68:19:a0:68:1d:22:55:7a:
                    53:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C2:B0:07:7D:3E:A6:96:F7:F8:24:0B:F7:5B:6C:26:1D:F8:EF:66
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24aeafda-b7b1-4a9d-8bdf-3482feb88280.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.188.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:22:86:3e:28:28:fa:82:73:0c:90:83:22:96:26:00:f5:e7:
         53:15:71:e5:24:f1:67:bf:2a:64:53:81:9d:a8:c5:14:00:52:
         52:12:1d:f9:a7:94:24:46:b4:42:f8:66:56:43:88:97:1f:d7:
         40:d6:de:8a:81:9d:8d:98:96:3d:5d:0b:53:97:a1:58:b8:bb:
         67:44:01:83:2b:00:cf:17:ca:86:b2:d8:23:29:9d:03:82:e1:
         eb:5a:1d:ed:20:a3:cc:31:54:6f:c2:97:c4:9f:91:2d:82:be:
         df:06:d3:0c:63:ba:aa:c9:fa:47:8b:bd:4d:85:52:0b:4c:d1:
         53:83:d0:a6:26:85:22:b9:9b:31:cc:f7:ff:8d:3d:ac:7e:94:
         a1:da:18:45:d4:be:78:f7:5c:d9:e6:ab:3f:c9:8c:72:44:32:
         62:a3:b5:90:8d:17:09:17:16:89:93:76:d1:16:c1:a7:6f:2d:
         6e:af:42:79:1e:43:74:9d:2f:44:f6:49:e7:fa:66:8f:f5:15:
         41:66:88:d7:09:72:75:20:21:f2:c4:72:87:56:75:65:3b:f4:
         e6:47:f2:d7:77:c2:e5:75:ed:ce:6d:bc:b8:54:0a:66:36:24:
         fd:10:f0:e8:42:f3:b6:d5:4f:c8:73:bc:f0:69:22:b0:c3:7d:
         58:80:6c:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULjnQ00cwgZlRjDujCQphfJl9r3gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzIxMDA1MDM1WhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDU3MDJlMjExMzY1YzRkZDI2MGQ1NDFjMGNhMWNjMmVj
MmFjMTg4MGFlYzVkNGExODQ5NjU1N2I2OWQ1YzdlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKu2cQcWVTwJJM1jQlGDRlHzL9E2UCJ2JDGEDXGFQx0p83
Q35GoifBKACiuPiw0+RADeeaV0TJ70j56yQGzNkVnvp7IUjjwt9GCHyuJlgfU2UJ
lXMmiP81jSl9xcuN4XizC4GBMODigJ9ZkhX+WeLG8uex6mjVz/w7w3N7A7G/zCrB
AW7SpuVEp5rwRa01H2cHKHuHyLc/GFsknNdU1Dyx/KF4EkuW73FTrscGvavf5N21
rxJU6fYoaHkaLCAzXB8jDqVMhp+xzZM66yX28EzsEG6E4IiT693SjGT+hHlscKAw
S5OaNbo5+hl00oX7D5wvYnAbREVoGaBoHSJVelOxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvsKwB30+ppb3+CQL91tsJh3472YwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI0YWVhZmRhLWI3YjEtNGE5ZC04YmRmLTM0ODJmZWI4ODI4MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGhvI4wDQYJKoZIhvcNAQELBQADggEBABIihj4oKPqCcwyQgyKWJgD151MV
ceUk8We/KmRTgZ2oxRQAUlISHfmnlCRGtEL4ZlZDiJcf10DW3oqBnY2Ylj1dC1OX
oVi4u2dEAYMrAM8Xyoay2CMpnQOC4etaHe0go8wxVG/Cl8SfkS2Cvt8G0wxjuqrJ
+keLvU2FUgtM0VOD0KYmhSK5mzHM9/+NPax+lKHaGEXUvnj3XNnmqz/JjHJEMmKj
tZCNFwkXFomTdtEWwadvLW6vQnkeQ3SdL0T2Sef6Zo/1FUFmiNcJcnUgIfLEcodW
dWU79OZH8td3wuV17c5tvLhUCmY2JP0Q8OhC87bVT8hzvPBpIrDDfViAbHs=
-----END CERTIFICATE-----