Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3213325f-ba9a-4cf5-81be-c3d9b5e232bf.roa
File:                     3213325f-ba9a-4cf5-81be-c3d9b5e232bf.roa (raw, json)
Hash identifier:          1J3/8bcpVTsgo860dNCEnUr8cQCfpmGpwnoOxlQTSDU=
Subject key identifier:   85:11:EC:0D:47:00:69:3F:2C:EC:9C:97:58:CD:D3:95:48:E0:AE:94
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       68F95D868E9802E42DEDC2B03433F37E7AD72163
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3213325f-ba9a-4cf5-81be-c3d9b5e232bf.roa
Signing time:             Mon 31 Mar 2025 16:50:19 +0000
ROA not before:           Mon 31 Mar 2025 16:50:19 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        156.64.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f9:5d:86:8e:98:02:e4:2d:ed:c2:b0:34:33:f3:7e:7a:d7:21:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 16:50:19 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=dfff7a0684f407526211fb89f0638f0bf194fa6f4d22ebf15ef8e3c2f4f51340, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:96:68:4b:04:a3:5f:1a:3c:2b:20:9c:c1:31:
                    44:ee:96:86:c5:70:1f:06:09:1e:b4:4d:78:01:6a:
                    1d:ee:da:34:b5:e2:d6:2e:37:cf:9b:28:ab:18:5c:
                    23:0b:d3:7d:1e:1e:c5:af:cb:48:50:87:61:cb:c9:
                    6a:cc:aa:9d:10:29:da:c2:d2:61:b5:9c:9a:7d:57:
                    5f:fe:03:a0:7f:2c:12:0d:5c:26:c3:1d:26:bf:0e:
                    0f:0e:9a:97:fb:77:50:24:e8:bd:cd:e1:26:4b:80:
                    fe:e0:51:11:f1:d1:db:2a:b8:dd:90:10:55:db:f9:
                    f3:ed:7f:a1:92:9f:dd:90:96:fa:37:20:1a:d0:42:
                    11:9e:ad:20:f6:f5:c7:a6:a8:8e:e0:8a:87:e7:98:
                    46:2f:6c:a0:40:f3:2c:10:fa:fe:d1:42:8a:af:91:
                    7e:68:41:3f:d9:81:b4:36:de:f3:29:59:f8:23:cb:
                    e3:a3:a8:9a:8d:42:2e:d5:73:fc:97:0a:de:78:7f:
                    74:39:f7:2f:b9:a4:32:d7:cb:89:0e:03:ef:34:7a:
                    f4:7a:1a:0b:92:53:61:5e:31:fd:b8:4c:38:f0:cb:
                    4d:f1:78:76:92:d2:03:bd:38:16:64:81:c7:6e:d7:
                    83:c8:b1:73:4c:f5:ee:e9:5d:55:98:aa:b9:38:11:
                    8b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:11:EC:0D:47:00:69:3F:2C:EC:9C:97:58:CD:D3:95:48:E0:AE:94
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3213325f-ba9a-4cf5-81be-c3d9b5e232bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.64.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         90:0a:5c:c7:9f:cb:41:96:2a:35:8e:95:bd:c2:7f:98:43:c1:
         2d:95:e3:3d:f0:d3:89:12:64:78:2c:15:2d:03:56:b6:21:8f:
         04:a6:77:89:51:ca:63:88:a5:66:be:d9:9b:93:d5:dd:bf:3b:
         25:d2:ad:b0:73:67:8d:ca:ff:11:3d:dc:3e:e3:15:10:5c:54:
         c7:f1:86:53:a9:f3:bb:00:6f:68:a6:75:08:2a:71:db:63:80:
         88:81:08:7f:87:60:3e:11:76:90:37:8a:f5:e5:c6:6c:27:af:
         c9:cf:9f:38:bd:5e:43:79:36:48:02:47:d1:c8:38:dd:3a:0b:
         a4:fb:0d:33:52:ff:74:6c:0b:b1:30:0b:27:c5:0b:9d:4d:6b:
         70:24:70:a4:8e:3b:74:34:57:dd:cc:d7:b1:60:66:7a:53:82:
         be:af:5a:97:8a:bc:c8:32:6b:ac:13:23:09:f0:00:8a:0a:3c:
         31:52:3c:95:8d:b0:57:ac:2b:17:80:be:b3:43:ec:4b:63:0d:
         56:5b:f3:1d:76:ee:4b:01:65:27:67:3d:88:df:2d:8e:63:fe:
         64:4b:04:18:c9:93:02:06:9e:b4:64:d5:b0:1d:f9:a9:a6:08:
         48:ba:a5:e7:e4:31:5e:e2:3b:cc:61:53:12:04:8d:df:9d:32:
         5f:ff:eb:6d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaPldho6YAuQt7cKwNDPzfnrXIWMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTY1MDE5WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZmZmN2EwNjg0ZjQwNzUyNjIxMWZiODlmMDYzOGYwYmYx
OTRmYTZmNGQyMmViZjE1ZWY4ZTNjMmY0ZjUxMzQwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXlmhLBKNfGjwrIJzBMUTulobFcB8GCR60TXgBah3u2jS1
4tYuN8+bKKsYXCML030eHsWvy0hQh2HLyWrMqp0QKdrC0mG1nJp9V1/+A6B/LBIN
XCbDHSa/Dg8Ompf7d1Ak6L3N4SZLgP7gURHx0dsquN2QEFXb+fPtf6GSn92Qlvo3
IBrQQhGerSD29cemqI7giofnmEYvbKBA8ywQ+v7RQoqvkX5oQT/ZgbQ23vMpWfgj
y+OjqJqNQi7Vc/yXCt54f3Q59y+5pDLXy4kOA+80evR6GguSU2FeMf24TDjwy03x
eHaS0gO9OBZkgcdu14PIsXNM9e7pXVWYqrk4EYunAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhRHsDUcAaT8s7JyXWM3TlUjgrpQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMyMTMzMjVmLWJhOWEtNGNmNS04MWJlLWMzZDliNWUyMzJiZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCcQDANBgkqhkiG9w0BAQsFAAOCAQEAkApcx5/LQZYqNY6VvcJ/mEPBLZXj
PfDTiRJkeCwVLQNWtiGPBKZ3iVHKY4ilZr7Zm5PV3b87JdKtsHNnjcr/ET3cPuMV
EFxUx/GGU6nzuwBvaKZ1CCpx22OAiIEIf4dgPhF2kDeK9eXGbCevyc+fOL1eQ3k2
SAJH0cg43ToLpPsNM1L/dGwLsTALJ8ULnU1rcCRwpI47dDRX3czXsWBmelOCvq9a
l4q8yDJrrBMjCfAAigo8MVI8lY2wV6wrF4C+s0PsS2MNVlvzHXbuSwFlJ2c9iN8t
jmP+ZEsEGMmTAgaetGTVsB35qaYISLql5+QxXuI7zGFTEgSN350yX//rbQ==
-----END CERTIFICATE-----