Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/375149f7-e114-4a3d-909c-534db70f752e.roa
File:                     375149f7-e114-4a3d-909c-534db70f752e.roa (raw, json)
Hash identifier:          B4aoBDz3wnIPOchepWoMSTziI7NlmJUXyMEkm7VFiUE=
Subject key identifier:   EA:7A:31:EE:C0:D8:F8:69:C5:5E:B0:ED:E5:B7:CB:EE:71:19:E7:7C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       481A0FCD43C7122356F793992EEDCF2ADB21F95D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/375149f7-e114-4a3d-909c-534db70f752e.roa
Signing time:             Fri 11 Apr 2025 00:20:59 +0000
ROA not before:           Fri 11 Apr 2025 00:20:59 +0000
ROA not after:            Fri 16 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.93.0.0/16 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:1a:0f:cd:43:c7:12:23:56:f7:93:99:2e:ed:cf:2a:db:21:f9:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 11 00:20:59 2025 GMT
            Not After : May 16 23:59:59 2025 GMT
        Subject: serialNumber=0b071182e71c3319c4a8ea005a6c91350738e4da5fb292fffb6712dfc3eb303b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b9:f6:cc:c8:84:e9:f2:cd:15:49:2b:8c:91:
                    46:0c:2a:e2:e1:f4:6f:5e:2e:f5:38:d2:88:b6:21:
                    a0:2c:71:fb:8e:65:3b:4a:b2:f1:f3:d2:64:25:70:
                    07:0c:66:1b:53:a8:57:f0:ae:ef:66:ce:9a:21:5b:
                    52:b1:5f:db:76:78:78:db:3a:96:7f:73:83:de:5a:
                    7a:5f:a5:76:77:fb:5b:4e:3b:26:ec:05:84:96:9d:
                    6c:59:d8:ae:13:3d:e7:c6:be:e0:9b:0f:5e:df:27:
                    b8:c6:6f:fd:fe:01:97:7a:cd:43:22:98:aa:31:93:
                    73:be:b8:9c:b2:35:a3:9e:8c:47:28:17:df:d3:aa:
                    75:1b:af:ab:a0:39:a4:31:64:e2:3a:c7:10:3f:11:
                    ef:a3:69:f9:f7:b0:5e:90:d0:9f:70:c6:84:5e:f6:
                    62:19:ab:1a:38:da:c9:c5:90:3a:10:09:53:4a:9b:
                    35:f7:82:08:82:80:e8:01:5e:48:5d:fe:24:e1:25:
                    91:1a:60:9c:b2:95:a2:8e:82:68:4a:9c:65:64:2c:
                    ce:40:6d:0d:45:41:d8:c9:84:6b:61:ae:e4:20:7f:
                    76:2c:ce:50:45:05:ef:8c:5e:0e:e0:a7:96:72:7d:
                    ac:db:f9:a9:0d:d4:17:65:56:09:72:2a:57:df:cf:
                    5a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:7A:31:EE:C0:D8:F8:69:C5:5E:B0:ED:E5:B7:CB:EE:71:19:E7:7C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/375149f7-e114-4a3d-909c-534db70f752e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4c:70:92:e8:b4:09:05:07:ef:2d:43:87:11:1f:4a:c0:d4:ac:
         6c:7b:32:0d:65:82:ab:d3:57:02:31:6c:09:75:ea:37:6a:f0:
         4c:18:de:36:ab:7a:01:5b:e6:70:e7:a3:e4:dc:84:3b:fb:46:
         27:c5:7d:f7:f5:16:39:1d:17:da:b8:d2:4a:e5:77:4a:17:f3:
         c4:8f:4b:da:d8:b0:da:41:80:b8:48:c9:34:f1:c2:e7:fe:1e:
         8e:aa:a2:0f:11:d5:fb:a4:a4:19:14:af:bb:f6:8d:fd:c8:db:
         7a:39:c2:d2:9f:f2:7a:7f:c3:d8:f8:02:48:80:a6:be:f0:f0:
         7e:75:fd:ec:3b:2f:73:7f:5f:e8:33:4d:b8:85:b6:6d:c6:d4:
         47:31:3a:9a:96:59:51:02:5c:ac:6d:aa:af:97:9e:23:04:df:
         d0:87:73:b4:0b:0d:96:32:27:06:e6:2a:41:eb:fd:fc:35:72:
         24:51:2e:a4:36:bb:74:47:57:a2:ad:32:34:20:c9:5f:b5:2e:
         0b:3d:89:d4:f9:61:b9:a7:f7:95:28:ff:41:52:9a:b1:56:a7:
         53:1e:96:1a:17:56:9a:38:f0:bd:44:07:9f:1b:54:c7:0a:78:
         4a:fd:80:1c:62:81:23:53:b8:70:06:3a:f7:0b:2c:9b:62:cb:
         61:09:91:fe
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSBoPzUPHEiNW95OZLu3PKtsh+V0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDExMDAyMDU5WhcNMjUwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjA3MTE4MmU3MWMzMzE5YzRhOGVhMDA1YTZjOTEzNTA3
MzhlNGRhNWZiMjkyZmZmYjY3MTJkZmMzZWIzMDNiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8ufbMyITp8s0VSSuMkUYMKuLh9G9eLvU40oi2IaAscfuO
ZTtKsvHz0mQlcAcMZhtTqFfwru9mzpohW1KxX9t2eHjbOpZ/c4PeWnpfpXZ3+1tO
OybsBYSWnWxZ2K4TPefGvuCbD17fJ7jGb/3+AZd6zUMimKoxk3O+uJyyNaOejEco
F9/TqnUbr6ugOaQxZOI6xxA/Ee+jafn3sF6Q0J9wxoRe9mIZqxo42snFkDoQCVNK
mzX3ggiCgOgBXkhd/iThJZEaYJyylaKOgmhKnGVkLM5AbQ1FQdjJhGthruQgf3Ys
zlBFBe+MXg7gp5Zyfazb+akN1BdlVglyKlffz1oPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU6nox7sDY+GnFXrDt5bfL7nEZ53wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM3NTE0OWY3LWUxMTQtNGEzZC05MDljLTUzNGRiNzBmNzUyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA0XTANBgkqhkiG9w0BAQsFAAOCAQEATHCS6LQJBQfvLUOHER9KwNSsbHsy
DWWCq9NXAjFsCXXqN2rwTBjeNqt6AVvmcOej5NyEO/tGJ8V99/UWOR0X2rjSSuV3
ShfzxI9L2tiw2kGAuEjJNPHC5/4ejqqiDxHV+6SkGRSvu/aN/cjbejnC0p/yen/D
2PgCSICmvvDwfnX97Dsvc39f6DNNuIW2bcbURzE6mpZZUQJcrG2qr5eeIwTf0Idz
tAsNljInBuYqQev9/DVyJFEupDa7dEdXoq0yNCDJX7UuCz2J1Plhuaf3lSj/QVKa
sVanUx6WGhdWmjjwvUQHnxtUxwp4Sv2AHGKBI1O4cAY69wssm2LLYQmR/g==
-----END CERTIFICATE-----