Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2e51eae0-8311-4076-b6ed-51a28de8a68e.roa
File:                     2e51eae0-8311-4076-b6ed-51a28de8a68e.roa (raw, json)
Hash identifier:          LHBlyKUeVDD+Rm6eObvtp9u+AZCrV3BnuXo3hQRTxqU=
Subject key identifier:   71:0D:EB:09:FE:93:62:58:65:2A:C9:12:9F:7C:AC:4E:54:F9:3E:BA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0DB0C9BBE962AFC7319AA4BAF572D29EA45E3D1D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2e51eae0-8311-4076-b6ed-51a28de8a68e.roa
Signing time:             Mon 31 Mar 2025 17:41:33 +0000
ROA not before:           Mon 31 Mar 2025 17:41:33 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.152.0.0/13 maxlen: 13

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:b0:c9:bb:e9:62:af:c7:31:9a:a4:ba:f5:72:d2:9e:a4:5e:3d:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 17:41:33 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=6ecfe9f80c970dd799eb1505f784633739e881095f91601b7d3890f0dc02c8bf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cc:00:e7:24:be:63:e4:c6:dd:5d:41:2a:e2:
                    75:e3:07:f4:69:8e:09:c0:1a:33:e8:ec:04:d4:34:
                    0d:35:ba:67:fd:e9:38:6d:bb:a7:97:34:d4:55:db:
                    d1:ba:45:92:d6:c6:92:b9:4a:1a:1a:44:05:74:08:
                    f4:b1:0c:27:34:42:94:89:49:02:c6:5d:db:38:2f:
                    78:ae:99:ff:48:e1:bd:c7:f4:3a:6b:19:ff:a3:3a:
                    80:8c:d4:db:32:18:27:cf:7d:2d:1f:cc:10:0d:d3:
                    ca:c2:8e:5c:36:04:99:ba:fc:25:2f:42:5c:a7:23:
                    88:9b:84:69:7b:8d:52:20:8b:fc:d3:33:8a:ef:27:
                    65:84:88:e1:36:31:ee:b5:32:0b:be:f3:2d:07:4f:
                    34:19:69:fe:04:de:ef:3a:6e:1d:6a:35:18:4c:00:
                    7f:51:66:11:eb:97:fa:6a:b2:96:06:30:7c:9d:57:
                    24:3f:7b:e4:db:4a:17:7a:33:2b:e9:a3:7c:ef:d1:
                    92:24:1f:4b:de:ee:77:55:5d:59:37:f3:74:66:12:
                    32:ec:4b:7c:8e:26:46:26:ef:be:41:33:62:68:12:
                    cf:0b:4f:94:de:a9:52:09:68:1c:08:ba:69:22:12:
                    3d:ec:a4:ba:ce:07:41:7c:e5:52:0e:15:8a:34:04:
                    fe:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:0D:EB:09:FE:93:62:58:65:2A:C9:12:9F:7C:AC:4E:54:F9:3E:BA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2e51eae0-8311-4076-b6ed-51a28de8a68e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.152.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         83:20:0e:82:18:6f:fb:80:e4:72:1a:98:97:40:4c:f8:77:12:
         52:1c:5d:6a:a1:2a:66:67:d2:e0:e4:26:47:a2:ce:4e:d5:47:
         b3:4f:71:7f:2f:87:ce:02:6d:36:fb:6e:34:a5:57:19:26:0e:
         bb:f2:a1:e8:62:d6:22:90:c4:40:b2:0c:6a:e2:64:ac:14:35:
         e3:e2:08:aa:02:4d:40:3d:9a:eb:70:fd:42:df:15:f1:7f:62:
         5a:59:8b:6b:e6:2d:39:9a:dd:e0:7f:90:3f:54:e2:07:8b:c4:
         70:f2:32:99:41:6b:5d:a3:6c:90:bb:4e:fb:cd:6e:f8:8a:d1:
         0b:49:62:e9:d3:9c:39:aa:cf:65:a1:7e:41:f6:6c:5b:b3:3c:
         87:ce:0b:55:7c:2a:dc:83:81:6c:6a:b1:46:a5:3d:7c:f9:22:
         76:9e:04:17:29:f7:2d:53:58:a0:88:28:d4:c2:8d:f1:99:1e:
         e0:57:da:a9:b3:41:7b:1f:e8:a6:65:71:e9:6b:2f:e0:58:1f:
         60:a8:a9:4e:7a:cb:63:05:e0:f9:f5:3c:7d:9c:ce:b4:e0:0a:
         d4:83:10:f5:9b:d7:d1:1d:5b:b9:3d:ee:c9:c0:f4:d5:be:a5:
         7b:b3:b4:ef:7f:de:13:ff:8b:ab:e3:0d:f0:b4:f2:4c:12:25:
         e7:79:7e:bd
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDbDJu+lir8cxmqS69XLSnqRePR0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTc0MTMzWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZWNmZTlmODBjOTcwZGQ3OTllYjE1MDVmNzg0NjMzNzM5
ZTg4MTA5NWY5MTYwMWI3ZDM4OTBmMGRjMDJjOGJmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9zADnJL5j5MbdXUEq4nXjB/RpjgnAGjPo7ATUNA01umf9
6Thtu6eXNNRV29G6RZLWxpK5ShoaRAV0CPSxDCc0QpSJSQLGXds4L3iumf9I4b3H
9DprGf+jOoCM1NsyGCfPfS0fzBAN08rCjlw2BJm6/CUvQlynI4ibhGl7jVIgi/zT
M4rvJ2WEiOE2Me61Mgu+8y0HTzQZaf4E3u86bh1qNRhMAH9RZhHrl/pqspYGMHyd
VyQ/e+TbShd6Myvpo3zv0ZIkH0ve7ndVXVk383RmEjLsS3yOJkYm775BM2JoEs8L
T5TeqVIJaBwIumkiEj3spLrOB0F85VIOFYo0BP57AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcQ3rCf6TYlhlKskSn3ysTlT5ProwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJlNTFlYWUwLTgzMTEtNDA3Ni1iNmVkLTUxYTI4ZGU4YTY4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwMjmDANBgkqhkiG9w0BAQsFAAOCAQEAgyAOghhv+4DkchqYl0BM+HcSUhxd
aqEqZmfS4OQmR6LOTtVHs09xfy+HzgJtNvtuNKVXGSYOu/Kh6GLWIpDEQLIMauJk
rBQ14+IIqgJNQD2a63D9Qt8V8X9iWlmLa+YtOZrd4H+QP1TiB4vEcPIymUFrXaNs
kLtO+81u+IrRC0li6dOcOarPZaF+QfZsW7M8h84LVXwq3IOBbGqxRqU9fPkidp4E
Fyn3LVNYoIgo1MKN8Zke4FfaqbNBex/opmVx6Wsv4FgfYKipTnrLYwXg+fU8fZzO
tOAK1IMQ9ZvX0R1buT3uycD01b6le7O073/eE/+Lq+MN8LTyTBIl53l+vQ==
-----END CERTIFICATE-----