Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d768c91-2407-4895-8726-939904727a7d.roa
File:                     3d768c91-2407-4895-8726-939904727a7d.roa (raw, json)
Hash identifier:          WyZExzmgsVTB9c+IuHmJhWdRIxiLhZWz5p2jnBpP8IU=
Subject key identifier:   1C:AA:95:64:EC:40:B9:51:09:AB:2A:B0:60:1D:8D:7B:4D:18:97:C6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       32FF924C513E96AE48506A67B7B1A65E3F36207A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d768c91-2407-4895-8726-939904727a7d.roa
Signing time:             Mon 24 Mar 2025 17:31:14 +0000
ROA not before:           Mon 24 Mar 2025 17:31:14 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.8.168.0/23 maxlen: 23

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:ff:92:4c:51:3e:96:ae:48:50:6a:67:b7:b1:a6:5e:3f:36:20:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 17:31:14 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=da8eb86f7fa32782cb5ccb2d95eec937695c03cd6f30007c9e557fc56f0e505b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0f:c5:46:6c:d2:c0:19:40:71:f4:ec:c9:76:
                    60:51:e1:fc:77:d5:2b:80:85:65:a4:2d:2f:36:64:
                    2d:13:3e:e5:7e:65:1d:0d:7f:89:65:76:de:0a:f5:
                    4d:f1:4a:cf:65:03:1c:35:90:7c:8c:2f:e5:a7:a4:
                    d4:30:84:d8:5e:37:f7:30:b0:b5:d8:cc:bd:f5:b7:
                    40:bb:14:bd:cd:a2:d7:ec:56:84:cf:3d:ee:84:e3:
                    65:92:8f:c2:2a:af:2a:80:a0:87:32:d7:c8:9a:a1:
                    c9:c8:c0:3c:9a:50:ec:82:29:79:18:bb:8e:85:6e:
                    32:81:bf:3a:5b:0c:a6:cb:ea:17:39:4d:df:51:66:
                    6f:05:21:45:a5:93:6d:27:1f:02:c1:3a:06:29:fd:
                    df:1c:01:01:bc:c8:ac:f2:bf:82:94:29:91:0f:13:
                    fa:f9:4d:e2:4e:36:14:20:0f:7f:d4:9b:d5:d7:c7:
                    b6:56:dd:9d:23:cb:d7:36:c6:e3:f8:52:07:b0:76:
                    5e:31:08:11:71:d6:7d:34:f0:10:85:09:32:5c:16:
                    af:c5:96:d0:2c:24:43:27:87:9c:5a:10:e1:f1:2d:
                    38:c9:82:c7:93:39:fc:9e:6f:ad:3c:8a:0b:fd:f6:
                    da:9a:62:9e:b7:d1:78:7f:f2:4b:da:e8:f9:86:81:
                    a5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:AA:95:64:EC:40:B9:51:09:AB:2A:B0:60:1D:8D:7B:4D:18:97:C6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d768c91-2407-4895-8726-939904727a7d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.8.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:89:ef:06:ff:0e:f4:dc:dc:b7:2a:9e:da:bb:0c:ef:c8:86:
         2d:b6:e2:89:ab:00:7a:7d:87:25:23:db:43:91:fe:9c:9f:51:
         32:4d:2c:d0:70:e6:e8:ce:c8:2e:81:94:b9:0b:a4:f4:2f:1f:
         de:7b:b9:81:f4:a7:01:68:13:37:be:72:8b:48:11:c4:36:8c:
         2f:9d:bc:06:13:86:45:15:a1:df:f9:69:ea:72:c9:7f:bf:18:
         16:a8:37:9d:b4:53:8f:c5:17:75:46:92:5f:b8:f2:a1:a1:d1:
         3f:6e:ba:e1:f0:f3:dc:6d:14:a4:3a:7a:f7:d3:ec:c1:e6:ff:
         4b:8e:93:ef:95:6b:ba:12:8d:92:3d:a1:f1:a6:d3:a6:32:94:
         ef:b3:b1:bf:1d:b8:24:24:23:4a:00:8f:77:0d:fb:59:c7:f1:
         ac:2f:fb:bb:2f:f5:74:16:f9:d0:18:42:40:dc:72:d0:32:f8:
         d2:65:7f:a0:11:0a:8f:39:a6:31:fb:a8:ba:f6:34:04:fe:b8:
         f2:4f:72:e1:ca:c1:1c:15:3e:1e:03:dc:e3:e7:4f:02:0a:f9:
         4f:8e:0a:c6:5b:70:11:44:f5:16:c3:0f:85:2a:fe:e5:10:e3:
         a3:7e:bb:0f:88:e1:1c:64:1f:e7:bd:74:df:7d:67:fc:93:a6:
         c7:16:1b:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMv+STFE+lq5IUGpnt7GmXj82IHowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTczMTE0WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYThlYjg2ZjdmYTMyNzgyY2I1Y2NiMmQ5NWVlYzkzNzY5
NWMwM2NkNmYzMDAwN2M5ZTU1N2ZjNTZmMGU1MDViMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGD8VGbNLAGUBx9OzJdmBR4fx31SuAhWWkLS82ZC0TPuV+
ZR0Nf4lldt4K9U3xSs9lAxw1kHyML+WnpNQwhNheN/cwsLXYzL31t0C7FL3Notfs
VoTPPe6E42WSj8IqryqAoIcy18iaocnIwDyaUOyCKXkYu46FbjKBvzpbDKbL6hc5
Td9RZm8FIUWlk20nHwLBOgYp/d8cAQG8yKzyv4KUKZEPE/r5TeJONhQgD3/Um9XX
x7ZW3Z0jy9c2xuP4Ugewdl4xCBFx1n008BCFCTJcFq/FltAsJEMnh5xaEOHxLTjJ
gseTOfyeb608igv99tqaYp630Xh/8kva6PmGgaUhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHKqVZOxAuVEJqyqwYB2Ne00Yl8YwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNkNzY4YzkxLTI0MDctNDg5NS04NzI2LTkzOTkwNDcyN2E3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDCKgwDQYJKoZIhvcNAQELBQADggEBABKJ7wb/DvTc3Lcqntq7DO/Ihi22
4omrAHp9hyUj20OR/pyfUTJNLNBw5ujOyC6BlLkLpPQvH957uYH0pwFoEze+cotI
EcQ2jC+dvAYThkUVod/5aepyyX+/GBaoN520U4/FF3VGkl+48qGh0T9uuuHw89xt
FKQ6evfT7MHm/0uOk++Va7oSjZI9ofGm06YylO+zsb8duCQkI0oAj3cN+1nH8awv
+7sv9XQW+dAYQkDcctAy+NJlf6ARCo85pjH7qLr2NAT+uPJPcuHKwRwVPh4D3OPn
TwIK+U+OCsZbcBFE9RbDD4Uq/uUQ46N+uw+I4RxkH+e9dN99Z/yTpscWG3k=
-----END CERTIFICATE-----