Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa
File:                     29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa (raw, json)
Hash identifier:          Tp1fbDcccNkNkiX8HPufBhu2V1DIH383SLxXeag3rNU=
Subject key identifier:   B7:F5:46:CC:6A:75:53:09:11:E5:6A:C2:B5:EA:5E:E2:CF:E8:95:71
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0D515F9EEEDFE1A1064178A333C7E9B4D66776A5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa
Signing time:             Mon 24 Mar 2025 19:11:06 +0000
ROA not before:           Mon 24 Mar 2025 19:11:06 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.248.224.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:51:5f:9e:ee:df:e1:a1:06:41:78:a3:33:c7:e9:b4:d6:67:76:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 19:11:06 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=3b7e329f47451823e4f49a9f331391c3aad6c5572d2e3a98581b5f9e3334d523, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:67:1f:9c:0b:4a:16:b6:7f:b2:73:1d:b8:ad:
                    9c:34:fe:8b:83:3c:b9:0c:60:45:7d:a9:61:f2:d4:
                    6d:04:d6:99:8f:55:02:c3:8e:c9:f0:d9:0d:28:7d:
                    33:7f:74:bd:cd:90:b3:74:77:97:e5:22:21:fe:be:
                    16:9c:37:79:86:75:d7:22:15:dc:94:e7:07:05:9b:
                    74:5b:22:7f:05:75:e2:35:12:a8:57:89:d2:db:9c:
                    d7:ba:98:fe:90:ff:3c:df:b2:9f:01:c1:68:0c:28:
                    66:5e:b8:f6:a7:2e:0f:43:26:28:86:43:fb:e0:69:
                    c9:f6:3e:ef:c6:c0:0c:a3:f5:52:75:51:ec:a6:9b:
                    1c:33:fc:8c:c6:14:35:10:64:47:36:60:10:47:1d:
                    c2:b8:2c:88:33:77:03:a0:8b:31:76:8a:a6:80:d5:
                    d2:7b:9b:06:f1:62:09:b5:91:2e:67:8e:dd:00:d2:
                    c7:46:d9:49:25:bd:01:a4:28:51:c7:42:58:76:7f:
                    14:b3:62:90:27:83:a3:de:26:fa:e6:11:ca:f4:03:
                    35:18:89:ce:aa:81:b6:90:20:6f:33:27:70:2d:1e:
                    c3:f1:e3:d4:b7:1d:65:97:4d:e2:0f:66:c8:d9:a5:
                    36:33:c3:26:72:6f:65:60:52:a0:4e:0b:c3:48:b4:
                    d0:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:F5:46:CC:6A:75:53:09:11:E5:6A:C2:B5:EA:5E:E2:CF:E8:95:71
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.248.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         74:1c:44:f9:84:81:73:cb:4e:21:2e:75:4f:8b:ed:7c:12:08:
         80:e2:08:3a:81:80:37:04:ad:0d:f8:8d:cf:5d:91:f6:20:be:
         17:36:f2:e4:22:f3:54:ac:40:19:f0:be:6a:bd:25:6a:66:2f:
         b5:b1:c9:d2:45:4b:19:40:44:f3:27:6e:22:06:5d:d6:4d:6d:
         27:4b:1d:5e:17:b9:9b:6f:de:29:72:a5:b0:2a:af:0f:6a:49:
         1e:ba:71:20:f6:d4:7e:dd:ba:29:a2:0a:22:1c:e3:9d:fe:61:
         98:00:18:c0:c8:cd:b7:d6:a4:e0:90:9a:07:67:db:fa:9d:aa:
         30:45:c8:54:39:81:85:fd:92:79:7c:7d:64:88:dd:dd:2a:8b:
         40:88:e5:d4:32:a5:8a:d2:42:a5:87:0b:2e:dc:e2:f7:02:b3:
         0f:d9:f5:62:8e:df:a3:ff:07:0e:a5:62:ca:c5:3c:42:5e:81:
         97:31:ed:31:d1:37:32:12:87:aa:0e:5b:2f:3e:1c:95:74:bf:
         10:1e:fa:39:db:e2:fa:d0:03:d8:35:f6:3b:dc:e0:ce:71:48:
         e8:2d:ff:00:98:78:1c:d0:69:3d:4f:08:b0:80:29:cc:a3:6b:
         78:b0:36:b4:92:a8:cb:32:d1:4a:5f:d0:54:80:71:17:be:8d:
         dd:ac:dc:5b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDVFfnu7f4aEGQXijM8fptNZndqUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTkxMTA2WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjdlMzI5ZjQ3NDUxODIzZTRmNDlhOWYzMzEzOTFjM2Fh
ZDZjNTU3MmQyZTNhOTg1ODFiNWY5ZTMzMzRkNTIzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvZx+cC0oWtn+ycx24rZw0/ouDPLkMYEV9qWHy1G0E1pmP
VQLDjsnw2Q0ofTN/dL3NkLN0d5flIiH+vhacN3mGddciFdyU5wcFm3RbIn8FdeI1
EqhXidLbnNe6mP6Q/zzfsp8BwWgMKGZeuPanLg9DJiiGQ/vgacn2Pu/GwAyj9VJ1
Ueymmxwz/IzGFDUQZEc2YBBHHcK4LIgzdwOgizF2iqaA1dJ7mwbxYgm1kS5njt0A
0sdG2UklvQGkKFHHQlh2fxSzYpAng6PeJvrmEcr0AzUYic6qgbaQIG8zJ3AtHsPx
49S3HWWXTeIPZsjZpTYzwyZyb2VgUqBOC8NItNBHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUt/VGzGp1UwkR5WrCtepe4s/olXEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5YzBmYWI1LTVjYTktNGQzYi05MGNjLTcxZmFlMDlmZGUzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2+OAwDQYJKoZIhvcNAQELBQADggEBAHQcRPmEgXPLTiEudU+L7XwSCIDi
CDqBgDcErQ34jc9dkfYgvhc28uQi81SsQBnwvmq9JWpmL7WxydJFSxlARPMnbiIG
XdZNbSdLHV4XuZtv3ilypbAqrw9qSR66cSD21H7duimiCiIc453+YZgAGMDIzbfW
pOCQmgdn2/qdqjBFyFQ5gYX9knl8fWSI3d0qi0CI5dQypYrSQqWHCy7c4vcCsw/Z
9WKO36P/Bw6lYsrFPEJegZcx7THRNzISh6oOWy8+HJV0vxAe+jnb4vrQA9g19jvc
4M5xSOgt/wCYeBzQaT1PCLCAKcyja3iwNrSSqMsy0Upf0FSAcRe+jd2s3Fs=
-----END CERTIFICATE-----