Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d997d40-5423-4f39-a3a2-b9e9cbd1a476.roa
File:                     2d997d40-5423-4f39-a3a2-b9e9cbd1a476.roa (raw, json)
Hash identifier:          wqo43bkG+oXlx9kaMuW9uUNvadFrHpVtXr2eWjCwU/c=
Subject key identifier:   8D:14:98:4A:0F:9B:EE:10:1C:E1:A1:AF:6D:B1:CC:BE:7C:36:1D:3C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       10359CA0BB069C47F6425C6E9ED8A429F7A95842
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d997d40-5423-4f39-a3a2-b9e9cbd1a476.roa
Signing time:             Mon 24 Mar 2025 17:42:04 +0000
ROA not before:           Mon 24 Mar 2025 17:42:04 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.150.0.0/17 maxlen: 17

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:35:9c:a0:bb:06:9c:47:f6:42:5c:6e:9e:d8:a4:29:f7:a9:58:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 17:42:04 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=7fd089680d9470866b45e9eda5cd743102c7eb158117c10da28f57842755bf8d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:85:0b:2f:8b:6b:07:62:83:7d:37:ac:a2:b0:
                    11:19:91:f8:f2:a5:a9:63:96:0d:b5:9f:6e:09:d1:
                    cf:a6:c6:32:0b:0c:19:bb:c7:04:e1:9d:b9:82:5a:
                    70:7c:77:5b:cc:36:36:fa:0c:52:e6:88:48:6a:71:
                    9c:ab:e2:af:7d:a2:cc:d6:db:14:7c:c1:76:d1:52:
                    62:47:74:be:1a:93:6e:a4:6f:25:32:cb:95:fc:08:
                    1f:c1:f9:f5:e8:11:76:b3:11:b2:a7:a9:56:8a:b0:
                    5e:bd:88:8f:6a:2e:3f:4c:6f:d2:54:57:ec:44:7b:
                    62:8d:7b:4d:7b:ef:e9:ba:50:fa:34:f4:b3:c0:94:
                    1c:45:01:d7:f7:dd:73:03:18:30:a6:06:72:16:71:
                    04:7e:bf:ce:27:dd:49:fc:87:6c:28:53:9c:75:3c:
                    b7:4c:75:7d:3d:ff:62:db:5f:6b:f6:0a:e9:25:b6:
                    8c:fa:28:60:57:9c:86:17:36:00:62:1a:0b:82:aa:
                    f4:0b:b0:0e:c5:db:38:16:0b:d0:1c:ad:ff:bb:b2:
                    eb:14:c3:4e:02:7d:7d:07:e0:ed:a4:25:78:65:9e:
                    ee:c2:1f:e2:c3:87:99:39:b3:88:61:46:ee:32:f9:
                    84:66:37:e3:51:d2:b2:34:ab:20:e5:1c:fb:91:54:
                    75:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:14:98:4A:0F:9B:EE:10:1C:E1:A1:AF:6D:B1:CC:BE:7C:36:1D:3C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d997d40-5423-4f39-a3a2-b9e9cbd1a476.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.150.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         2a:8f:8b:f2:21:90:a5:83:08:03:2b:01:ae:71:a3:0c:c8:1d:
         7a:b1:d2:a2:d4:dc:85:63:e1:ec:84:f4:f5:aa:10:5e:6e:08:
         5b:6a:aa:2e:e3:c6:60:a9:cf:fc:88:cf:20:70:8a:b6:de:99:
         e3:ad:d2:0b:fe:3e:95:45:29:f2:d5:e3:8b:0c:0e:99:c1:ca:
         a9:f8:81:65:d6:e5:ad:d0:83:9d:44:8d:ff:76:de:a9:49:a5:
         81:7a:0e:af:0c:c5:00:87:40:d4:24:13:d0:b0:c5:78:d6:e5:
         1f:56:d5:cd:1a:5f:24:87:c8:89:88:28:95:44:f1:d3:a2:e6:
         8e:c4:39:79:d0:1d:d6:31:b8:4a:b1:74:3e:ac:be:ba:3c:c3:
         ff:01:e3:f7:1a:27:29:8b:7d:7a:06:8c:ff:b9:55:74:6f:84:
         ce:36:1d:30:c3:22:6a:39:f0:59:fc:ef:8e:fb:c7:e6:64:fc:
         a1:07:52:d1:9e:9f:5b:45:d2:94:63:0c:52:d1:bb:5e:b9:05:
         37:21:30:61:13:a9:0d:b4:ce:79:51:88:f0:68:e8:ca:df:bf:
         74:e7:a5:e6:82:c9:80:04:3c:c7:6f:64:ef:7f:a1:ec:ca:4d:
         cb:27:ed:6a:c1:05:11:ea:3d:c5:b8:2c:c7:ec:d6:a1:8f:1e:
         ce:bf:fb:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEDWcoLsGnEf2QlxuntikKfepWEIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTc0MjA0WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZmQwODk2ODBkOTQ3MDg2NmI0NWU5ZWRhNWNkNzQzMTAy
YzdlYjE1ODExN2MxMGRhMjhmNTc4NDI3NTViZjhkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyhQsvi2sHYoN9N6yisBEZkfjypaljlg21n24J0c+mxjIL
DBm7xwThnbmCWnB8d1vMNjb6DFLmiEhqcZyr4q99oszW2xR8wXbRUmJHdL4ak26k
byUyy5X8CB/B+fXoEXazEbKnqVaKsF69iI9qLj9Mb9JUV+xEe2KNe0177+m6UPo0
9LPAlBxFAdf33XMDGDCmBnIWcQR+v84n3Un8h2woU5x1PLdMdX09/2LbX2v2Cukl
toz6KGBXnIYXNgBiGguCqvQLsA7F2zgWC9Acrf+7susUw04CfX0H4O2kJXhlnu7C
H+LDh5k5s4hhRu4y+YRmN+NR0rI0qyDlHPuRVHWPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjRSYSg+b7hAc4aGvbbHMvnw2HTwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJkOTk3ZDQwLTU0MjMtNGYzOS1hM2EyLWI5ZTljYmQxYTQ3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2lgAwDQYJKoZIhvcNAQELBQADggEBACqPi/IhkKWDCAMrAa5xowzIHXqx
0qLU3IVj4eyE9PWqEF5uCFtqqi7jxmCpz/yIzyBwirbemeOt0gv+PpVFKfLV44sM
DpnByqn4gWXW5a3Qg51Ejf923qlJpYF6Dq8MxQCHQNQkE9CwxXjW5R9W1c0aXySH
yImIKJVE8dOi5o7EOXnQHdYxuEqxdD6svro8w/8B4/caJymLfXoGjP+5VXRvhM42
HTDDImo58Fn87477x+Zk/KEHUtGen1tF0pRjDFLRu165BTchMGETqQ20znlRiPBo
6Mrfv3TnpeaCyYAEPMdvZO9/oezKTcsn7WrBBRHqPcW4LMfs1qGPHs6/+wc=
-----END CERTIFICATE-----