Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c8e35a4-55f4-42e9-9859-18c9e6fdc522.roa
File:                     3c8e35a4-55f4-42e9-9859-18c9e6fdc522.roa (raw, json)
Hash identifier:          n4PrFDstp5peJ4FFbz8mMznJRn/2z+rxsU+h4LHuJsA=
Subject key identifier:   85:AE:B4:FB:3D:BF:DA:D7:E0:93:A4:0D:C7:C8:7D:3D:F2:76:4E:ED
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21438F34721A245B578FAFE6A09EC98FB37768F6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c8e35a4-55f4-42e9-9859-18c9e6fdc522.roa
Signing time:             Mon 31 Mar 2025 17:20:23 +0000
ROA not before:           Mon 31 Mar 2025 17:20:23 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.234.33.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:43:8f:34:72:1a:24:5b:57:8f:af:e6:a0:9e:c9:8f:b3:77:68:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 17:20:23 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=a4b0b6b8c01177f5258f00532912f69afe3aa9ac3f4db295ba776c22a2c347c4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5e:9f:7a:09:e8:07:a4:bc:41:11:4b:fe:18:
                    58:2e:15:aa:61:85:ce:a5:fd:47:7d:3f:11:e9:c4:
                    b8:f1:ff:1a:3e:57:f3:f4:84:c6:e5:b9:42:e9:49:
                    3e:c9:07:a3:74:2a:b5:67:f1:92:5a:00:ae:3a:15:
                    0a:bd:43:76:11:57:f2:48:2d:df:90:ee:a1:33:1f:
                    f9:f0:d4:e0:12:52:e8:61:6a:a5:79:60:99:ac:19:
                    89:fc:b8:82:17:02:4f:8a:7c:9f:bc:3c:e0:23:9b:
                    41:51:cc:f2:29:d3:92:27:a2:3e:9c:a2:46:6c:cb:
                    e9:3e:12:90:de:3f:7f:5f:b9:72:e0:7f:c2:1e:48:
                    07:bb:4b:66:eb:b2:b3:60:1d:12:96:a5:05:84:ea:
                    d8:e2:39:8f:07:c3:13:c1:95:08:ae:ea:be:59:1d:
                    a6:ad:c7:33:1e:31:9c:8e:88:45:ec:de:a2:cb:46:
                    23:12:80:70:c8:54:3d:1b:81:e0:4a:8b:83:e1:f2:
                    57:1a:0a:32:61:d6:49:5c:a2:19:48:57:36:da:dc:
                    25:9b:97:70:d0:bd:3b:14:b8:d7:d5:35:9f:dd:2c:
                    11:e1:6f:66:1e:c5:f1:54:5f:0d:da:10:97:0f:f3:
                    7c:76:f3:ef:11:b8:fe:bf:b6:6c:fd:be:e6:0c:64:
                    65:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AE:B4:FB:3D:BF:DA:D7:E0:93:A4:0D:C7:C8:7D:3D:F2:76:4E:ED
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c8e35a4-55f4-42e9-9859-18c9e6fdc522.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.234.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e4:ad:a7:d9:be:47:59:19:02:b4:06:bf:aa:ee:f2:af:16:
         f0:f6:16:2f:57:eb:3a:a2:05:73:9e:84:b1:4f:8e:20:bd:6d:
         c3:17:fe:f9:79:96:14:81:1a:b2:3d:c2:fa:ca:f8:ec:db:c8:
         9d:6e:c3:76:9c:fd:f1:3b:20:ef:aa:d3:2b:41:b3:2e:18:3b:
         c3:ef:2c:d5:65:88:2f:44:d7:66:4b:69:00:6b:46:f3:15:1a:
         2e:00:de:d6:a1:aa:2d:53:05:3a:40:3b:13:91:5e:65:53:24:
         2f:86:b8:18:ca:be:f5:96:6b:8b:5e:c2:ba:83:8c:a4:f2:6b:
         27:cc:9e:af:d8:17:d9:9a:80:65:a9:d4:e6:84:27:c1:4d:da:
         1f:5a:ab:dd:a9:e5:2b:58:91:6b:47:90:38:e1:f5:76:6e:29:
         c8:9b:31:16:81:ff:96:c9:cc:e0:5e:8c:e3:9a:55:d7:a6:bd:
         c3:d9:6d:a2:14:9d:8c:09:49:90:34:b0:2b:a4:4b:41:62:ca:
         8e:e5:ac:59:a1:cf:d0:51:f8:64:e8:fc:c1:a4:3b:2b:93:a1:
         45:a6:90:5c:dc:a6:9f:64:a7:9e:97:27:08:1b:68:91:fc:d4:
         ff:40:34:cb:e8:d0:37:f6:73:1a:b1:bd:a2:ce:eb:ab:6c:bb:
         fb:91:69:cb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIUOPNHIaJFtXj6/moJ7Jj7N3aPYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTcyMDIzWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNGIwYjZiOGMwMTE3N2Y1MjU4ZjAwNTMyOTEyZjY5YWZl
M2FhOWFjM2Y0ZGIyOTViYTc3NmMyMmEyYzM0N2M0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlXp96CegHpLxBEUv+GFguFaphhc6l/Ud9PxHpxLjx/xo+
V/P0hMbluULpST7JB6N0KrVn8ZJaAK46FQq9Q3YRV/JILd+Q7qEzH/nw1OASUuhh
aqV5YJmsGYn8uIIXAk+KfJ+8POAjm0FRzPIp05Inoj6cokZsy+k+EpDeP39fuXLg
f8IeSAe7S2brsrNgHRKWpQWE6tjiOY8HwxPBlQiu6r5ZHaatxzMeMZyOiEXs3qLL
RiMSgHDIVD0bgeBKi4Ph8lcaCjJh1klcohlIVzba3CWbl3DQvTsUuNfVNZ/dLBHh
b2YexfFUXw3aEJcP83x28+8RuP6/tmz9vuYMZGVvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUha60+z2/2tfgk6QNx8h9PfJ2Tu0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNjOGUzNWE0LTU1ZjQtNDJlOS05ODU5LTE4YzllNmZkYzUyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS6iEwDQYJKoZIhvcNAQELBQADggEBADTkrafZvkdZGQK0Br+q7vKvFvD2
Fi9X6zqiBXOehLFPjiC9bcMX/vl5lhSBGrI9wvrK+OzbyJ1uw3ac/fE7IO+q0ytB
sy4YO8PvLNVliC9E12ZLaQBrRvMVGi4A3tahqi1TBTpAOxORXmVTJC+GuBjKvvWW
a4tewrqDjKTyayfMnq/YF9magGWp1OaEJ8FN2h9aq92p5StYkWtHkDjh9XZuKcib
MRaB/5bJzOBejOOaVdemvcPZbaIUnYwJSZA0sCukS0Fiyo7lrFmhz9BR+GTo/MGk
OyuToUWmkFzcpp9kp56XJwgbaJH81P9ANMvo0Df2cxqxvaLO66tsu/uRacs=
-----END CERTIFICATE-----