Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/393be035-f403-42bb-8667-f8b643af501c.roa
File:                     393be035-f403-42bb-8667-f8b643af501c.roa (raw, json)
Hash identifier:          gVK2cN1kY6lj+f1I04vE+bnsZCqwOgsQLYgUsWZr1oY=
Subject key identifier:   BA:A3:45:C5:22:93:1C:55:DC:DD:D2:24:2A:64:E9:C7:98:8F:80:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       230BEEB17E13B5E27DE3CF84B3617868BDCE01D3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/393be035-f403-42bb-8667-f8b643af501c.roa
Signing time:             Mon 24 Mar 2025 18:11:13 +0000
ROA not before:           Mon 24 Mar 2025 18:11:13 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.226.0.0/15 maxlen: 15

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:0b:ee:b1:7e:13:b5:e2:7d:e3:cf:84:b3:61:78:68:bd:ce:01:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 18:11:13 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=9ca52239f67766cbb0799ad862ad4060799a9def49d8e70a4d435c76bf199579, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e4:46:a3:74:b6:dc:db:be:ae:28:7a:10:39:
                    c4:cc:03:e9:f8:ca:1a:1e:f3:45:84:1a:64:90:03:
                    c8:fc:65:7f:cf:4c:ae:04:c8:09:d8:0d:8e:ca:39:
                    19:dd:0d:26:2f:28:f0:e1:8a:41:38:48:ac:b7:9f:
                    5a:06:5f:f8:4c:67:e0:b7:9b:33:f2:15:d3:c1:5b:
                    1c:89:ad:ef:5e:dc:ed:75:96:8a:c6:51:89:2f:df:
                    4a:1a:a4:d0:77:b3:f9:88:ef:00:e7:16:70:27:87:
                    7f:06:aa:99:a6:17:a9:8e:df:da:d0:c7:e6:d5:e5:
                    8e:cb:c9:c6:78:af:a6:79:fa:e0:22:34:ea:6d:2a:
                    52:84:16:f5:6e:70:47:cc:38:a5:3f:db:73:cd:01:
                    00:e5:81:4d:e7:22:f6:68:70:fc:33:67:e1:ca:c0:
                    60:1b:c5:af:ea:82:d6:fc:21:d7:27:6d:dc:4a:a3:
                    b3:9f:fc:35:8d:6b:a2:05:c3:e8:f6:44:ce:61:18:
                    b6:80:30:8a:97:73:ad:d5:30:a7:dd:a1:16:3c:73:
                    a4:f3:1f:14:13:65:9f:58:d5:55:6e:6e:ae:d1:e1:
                    14:62:df:21:f1:44:2e:40:7c:29:65:1d:c5:70:b2:
                    c2:fc:7e:47:a6:6a:b0:7d:a2:06:a4:cd:73:94:12:
                    fa:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:A3:45:C5:22:93:1C:55:DC:DD:D2:24:2A:64:E9:C7:98:8F:80:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/393be035-f403-42bb-8667-f8b643af501c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.226.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         21:31:4a:dc:5e:61:51:20:bd:a0:bb:c5:24:4d:43:60:b1:ee:
         4f:c3:89:56:06:e8:03:64:d3:86:81:b2:d0:86:67:b0:99:3a:
         f5:41:8f:4b:2e:47:d5:77:7d:21:51:33:ca:fc:5f:2c:7a:9b:
         b8:91:58:a4:b8:7e:fc:12:e8:27:8f:44:91:1c:a5:81:68:e3:
         6a:90:f8:ee:9e:81:ed:42:00:18:c5:52:07:73:be:a6:79:94:
         e7:cc:d1:55:40:65:fb:0d:eb:53:a4:a7:d9:d5:5b:8d:60:28:
         82:56:90:d4:e4:e8:1e:94:8d:97:8c:f8:83:60:53:ba:e3:8b:
         d5:f3:12:92:08:07:fd:57:53:2a:fd:56:60:fb:17:8c:f3:e7:
         1f:d9:d2:e3:b3:ff:17:2e:08:8b:df:0c:18:4f:14:d5:3f:4c:
         24:b6:bb:df:f1:c5:bb:07:c5:6f:08:1e:80:7a:22:5c:6c:07:
         94:c2:41:66:a3:5d:23:80:94:df:c7:d7:59:07:29:05:a6:7f:
         97:7b:8a:97:b8:4c:ab:f0:cd:21:db:0e:7d:fd:70:7e:ea:8b:
         b6:6e:22:de:14:a2:aa:a0:1d:ce:7c:57:ba:8f:6b:04:e3:94:
         a2:02:6f:7c:25:59:f9:e8:55:90:6c:88:44:c8:1b:d8:70:7b:
         a5:9e:4d:1d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIwvusX4TteJ948+Es2F4aL3OAdMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTgxMTEzWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Y2E1MjIzOWY2Nzc2NmNiYjA3OTlhZDg2MmFkNDA2MDc5
OWE5ZGVmNDlkOGU3MGE0ZDQzNWM3NmJmMTk5NTc5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt5EajdLbc276uKHoQOcTMA+n4yhoe80WEGmSQA8j8ZX/P
TK4EyAnYDY7KORndDSYvKPDhikE4SKy3n1oGX/hMZ+C3mzPyFdPBWxyJre9e3O11
lorGUYkv30oapNB3s/mI7wDnFnAnh38GqpmmF6mO39rQx+bV5Y7LycZ4r6Z5+uAi
NOptKlKEFvVucEfMOKU/23PNAQDlgU3nIvZocPwzZ+HKwGAbxa/qgtb8IdcnbdxK
o7Of/DWNa6IFw+j2RM5hGLaAMIqXc63VMKfdoRY8c6TzHxQTZZ9Y1VVubq7R4RRi
3yHxRC5AfCllHcVwssL8fkemarB9ogakzXOUEvozAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUuqNFxSKTHFXc3dIkKmTpx5iPgHcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM5M2JlMDM1LWY0MDMtNDJiYi04NjY3LWY4YjY0M2FmNTAxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE24jANBgkqhkiG9w0BAQsFAAOCAQEAITFK3F5hUSC9oLvFJE1DYLHuT8OJ
VgboA2TThoGy0IZnsJk69UGPSy5H1Xd9IVEzyvxfLHqbuJFYpLh+/BLoJ49EkRyl
gWjjapD47p6B7UIAGMVSB3O+pnmU58zRVUBl+w3rU6Sn2dVbjWAoglaQ1OToHpSN
l4z4g2BTuuOL1fMSkggH/VdTKv1WYPsXjPPnH9nS47P/Fy4Ii98MGE8U1T9MJLa7
3/HFuwfFbwgegHoiXGwHlMJBZqNdI4CU38fXWQcpBaZ/l3uKl7hMq/DNIdsOff1w
fuqLtm4i3hSiqqAdznxXuo9rBOOUogJvfCVZ+ehVkGyIRMgb2HB7pZ5NHQ==
-----END CERTIFICATE-----