Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/34f9e772-d466-4506-8155-76c7dea39153.roa
File:                     34f9e772-d466-4506-8155-76c7dea39153.roa (raw, json)
Hash identifier:          0wQZlKttYRybusp9wLn46bvzFHUhN4P9JmBvJyYwYr8=
Subject key identifier:   8E:A4:45:21:D9:D9:D7:F1:0D:01:9F:3C:F0:10:AA:87:CA:AB:E0:D2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3E2FF65C8C6DF61B3A3E200B9509C2902F865B9D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/34f9e772-d466-4506-8155-76c7dea39153.roa
Signing time:             Mon 24 Mar 2025 17:40:28 +0000
ROA not before:           Mon 24 Mar 2025 17:40:28 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.232.44.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:2f:f6:5c:8c:6d:f6:1b:3a:3e:20:0b:95:09:c2:90:2f:86:5b:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 17:40:28 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=25f46c9f7550ae6c15b8e3b97091167f10f286a0cc58d766675014882ed51ab9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:57:1b:5c:4e:89:7e:1a:c7:71:cc:ac:f3:dc:
                    e8:a9:af:bd:f6:20:cd:f5:c4:4a:3b:50:df:ef:d2:
                    d6:6b:42:17:56:da:59:8f:73:41:07:18:45:90:59:
                    c0:8a:d2:0d:1a:7d:e3:0a:ca:fd:5d:64:45:04:4a:
                    7c:9c:b4:ce:16:6c:5c:1b:4e:8a:b9:14:26:5a:d6:
                    39:8f:c0:59:aa:c9:15:cb:e2:52:8a:21:f2:5a:bd:
                    8f:ca:5a:c0:82:af:3d:0e:fb:82:fe:e3:da:c3:d7:
                    4b:91:41:fd:17:50:28:53:ec:30:7b:a9:55:09:4f:
                    84:87:bf:96:31:17:48:7a:1c:d4:b2:a4:07:5c:5e:
                    c2:de:ed:91:55:6c:45:b7:b2:9f:f3:10:4c:4c:a6:
                    81:4e:3a:2b:92:6f:bc:a6:79:07:ee:eb:fc:aa:9f:
                    ce:28:ac:20:8b:53:9d:48:34:a6:f9:81:57:be:9a:
                    af:f6:67:d8:c8:39:89:ea:5e:cc:e2:ee:cb:22:54:
                    21:2c:e2:56:38:6d:3a:94:a0:d1:46:b1:f3:51:fd:
                    0d:82:8b:f1:a2:68:38:0c:32:58:2d:78:c0:0d:be:
                    da:02:c3:98:43:e3:19:3d:17:b3:60:fd:c0:14:33:
                    67:96:97:3d:9f:01:6c:d8:4a:59:a3:9b:8a:17:26:
                    7c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A4:45:21:D9:D9:D7:F1:0D:01:9F:3C:F0:10:AA:87:CA:AB:E0:D2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/34f9e772-d466-4506-8155-76c7dea39153.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.232.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:c4:64:c9:ac:db:96:e0:aa:4c:95:05:be:0d:35:29:81:91:
         2d:1d:39:bb:1c:85:c3:7a:2d:a9:b0:ee:ab:29:ef:b9:83:3d:
         c0:e7:f9:59:b8:a5:fe:df:77:ef:04:25:f4:28:dc:fa:f5:dc:
         8c:5f:8b:2a:d2:92:c5:be:1a:9c:97:d1:42:3e:cc:1c:dd:0d:
         da:69:b0:3f:29:3a:a2:b0:4f:20:e2:0e:b8:e1:5c:ab:d4:36:
         81:5e:a5:35:12:61:75:40:df:ea:d5:6b:14:7c:7e:a1:fb:2d:
         ae:47:05:11:ba:ae:5a:8b:ce:01:32:17:0f:3f:48:ae:68:fd:
         8c:95:de:53:3c:61:b4:2d:dd:b7:67:0a:a8:6b:15:22:5b:86:
         0d:3d:f7:80:bd:e2:90:d3:4f:0e:ee:69:e8:5b:3c:1b:42:d4:
         e7:a5:71:ce:ad:d9:c8:9a:f6:8a:67:71:39:4d:af:6b:9b:58:
         99:6a:df:93:b5:d4:cb:c5:b0:dd:0a:db:ce:ba:2f:7b:61:20:
         ea:e3:bd:87:92:e0:40:7c:26:81:a1:08:c5:0d:99:09:32:68:
         e9:db:f0:e5:71:93:2d:41:57:de:97:46:df:8c:38:b5:03:34:
         2a:cc:ec:c0:2d:ae:1e:12:67:be:90:d1:d9:87:b1:ea:a0:51:
         db:b2:bc:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPi/2XIxt9hs6PiALlQnCkC+GW50wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTc0MDI4WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNWY0NmM5Zjc1NTBhZTZjMTViOGUzYjk3MDkxMTY3ZjEw
ZjI4NmEwY2M1OGQ3NjY2NzUwMTQ4ODJlZDUxYWI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVVxtcTol+GsdxzKzz3Oipr732IM31xEo7UN/v0tZrQhdW
2lmPc0EHGEWQWcCK0g0afeMKyv1dZEUESnyctM4WbFwbToq5FCZa1jmPwFmqyRXL
4lKKIfJavY/KWsCCrz0O+4L+49rD10uRQf0XUChT7DB7qVUJT4SHv5YxF0h6HNSy
pAdcXsLe7ZFVbEW3sp/zEExMpoFOOiuSb7ymeQfu6/yqn84orCCLU51INKb5gVe+
mq/2Z9jIOYnqXszi7ssiVCEs4lY4bTqUoNFGsfNR/Q2Ci/GiaDgMMlgteMANvtoC
w5hD4xk9F7Ng/cAUM2eWlz2fAWzYSlmjm4oXJnxHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjqRFIdnZ1/ENAZ888BCqh8qr4NIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM0ZjllNzcyLWQ0NjYtNDUwNi04MTU1LTc2YzdkZWEzOTE1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI26CwwDQYJKoZIhvcNAQELBQADggEBAJ7EZMms25bgqkyVBb4NNSmBkS0d
ObschcN6Lamw7qsp77mDPcDn+Vm4pf7fd+8EJfQo3Pr13IxfiyrSksW+GpyX0UI+
zBzdDdppsD8pOqKwTyDiDrjhXKvUNoFepTUSYXVA3+rVaxR8fqH7La5HBRG6rlqL
zgEyFw8/SK5o/YyV3lM8YbQt3bdnCqhrFSJbhg0994C94pDTTw7uaehbPBtC1Oel
cc6t2cia9opncTlNr2ubWJlq35O11MvFsN0K2866L3thIOrjvYeS4EB8JoGhCMUN
mQkyaOnb8OVxky1BV96XRt+MOLUDNCrM7MAtrh4SZ76Q0dmHseqgUduyvN4=
-----END CERTIFICATE-----