Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41b455b0-d4ec-45f7-87bb-597fb62d7277.roa
File:                     41b455b0-d4ec-45f7-87bb-597fb62d7277.roa (raw, json)
Hash identifier:          Nsly2Gcsrr434Jt03fR6mE8luB7L4aZN58ht8PHlmUE=
Subject key identifier:   4A:D1:7A:AB:C6:4D:77:EE:77:F7:3E:48:CD:FF:5D:DD:85:DE:F1:C5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       14C1BDAA2090BCD463E941850CE1AD3B1C170937
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41b455b0-d4ec-45f7-87bb-597fb62d7277.roa
Signing time:             Mon 14 Apr 2025 17:21:28 +0000
ROA not before:           Mon 14 Apr 2025 17:21:28 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.219.248.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:c1:bd:aa:20:90:bc:d4:63:e9:41:85:0c:e1:ad:3b:1c:17:09:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 17:21:28 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=c3b95da470d01a046c358f8f323af52ecf8129b52623169b9d3c0350ec78eae7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f4:ea:7d:92:7c:aa:65:90:14:b1:80:7d:2c:
                    35:81:e0:e3:60:dd:49:8d:2a:7d:e5:b0:37:af:71:
                    42:d6:e7:b5:4c:8d:89:fc:36:08:a7:25:71:e6:0f:
                    b2:10:a4:7d:0f:3a:08:b8:bd:40:e1:2a:a8:66:6a:
                    2b:78:cc:31:05:ba:51:29:f3:54:39:c0:72:66:50:
                    66:28:fc:7d:0c:6d:64:b7:f1:6d:63:25:37:46:1b:
                    a7:62:83:b8:14:24:88:8a:16:54:aa:ed:24:ff:30:
                    18:08:53:d8:37:5f:f0:5f:df:b6:d9:03:d1:cb:3d:
                    1c:ca:91:01:05:ba:bb:47:92:39:41:d7:f4:cc:d5:
                    23:a4:4b:6b:d8:1f:29:3c:2b:e3:d2:7f:02:49:65:
                    d3:13:34:47:d4:0d:77:5e:1b:8d:bd:70:ff:8f:ec:
                    d5:20:24:e0:75:e8:21:0c:59:69:ef:4d:24:6f:21:
                    0e:13:69:85:22:84:b7:ea:d9:6e:ab:74:be:ce:d7:
                    b0:d0:b6:34:65:23:84:9c:93:e6:75:48:26:51:5a:
                    ba:92:86:d1:dc:64:5d:bc:84:b6:6d:30:54:6f:f6:
                    99:9b:4f:eb:67:0e:84:16:f3:d1:ad:65:30:e9:34:
                    8a:d2:8c:e3:07:8f:21:76:50:04:e2:ae:6f:26:e0:
                    67:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:D1:7A:AB:C6:4D:77:EE:77:F7:3E:48:CD:FF:5D:DD:85:DE:F1:C5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41b455b0-d4ec-45f7-87bb-597fb62d7277.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.219.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:cd:3e:57:76:b1:e0:c1:c1:3d:6d:45:b4:c0:d0:05:91:c2:
         76:33:67:de:4c:a8:b1:8c:39:10:80:68:b8:3b:8d:2a:69:6a:
         09:97:f3:0b:34:86:a0:66:98:43:38:ef:59:a4:a6:0e:b0:35:
         b2:60:16:39:75:05:31:27:7a:78:bb:65:f4:93:2c:c5:9f:36:
         32:4e:e9:1f:0c:87:e8:ad:fd:75:5c:91:d2:3f:c9:92:aa:bc:
         49:e5:79:c3:e3:74:71:bd:14:7d:20:86:6d:14:20:09:b1:de:
         ab:f8:8f:56:1f:f4:c1:fc:01:13:08:4a:da:12:65:ac:ff:a3:
         80:d1:08:1f:98:72:bc:e0:e7:a3:3b:1f:2f:c0:af:a1:b7:49:
         5d:4a:87:b6:7d:12:64:a9:a1:65:ad:6a:b3:9f:f9:13:3b:f3:
         92:66:1d:f8:dd:7e:69:03:58:1d:3c:da:7e:65:89:a2:5b:3f:
         c7:50:c3:fe:b8:d6:84:7a:ee:53:78:6b:e6:c6:1f:c9:70:83:
         9d:75:d2:85:63:9a:c3:a9:a9:8a:02:a2:c6:92:62:96:92:05:
         75:36:38:7d:e5:e7:80:aa:0f:f7:e0:b6:b2:2d:0e:bf:0f:ef:
         39:8f:2f:5b:f0:b0:e0:45:fd:10:29:18:fc:4e:97:91:29:25:
         43:3f:8a:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFMG9qiCQvNRj6UGFDOGtOxwXCTcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTcyMTI4WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjM2I5NWRhNDcwZDAxYTA0NmMzNThmOGYzMjNhZjUyZWNm
ODEyOWI1MjYyMzE2OWI5ZDNjMDM1MGVjNzhlYWU3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq9Op9knyqZZAUsYB9LDWB4ONg3UmNKn3lsDevcULW57VM
jYn8NginJXHmD7IQpH0POgi4vUDhKqhmait4zDEFulEp81Q5wHJmUGYo/H0MbWS3
8W1jJTdGG6dig7gUJIiKFlSq7ST/MBgIU9g3X/Bf37bZA9HLPRzKkQEFurtHkjlB
1/TM1SOkS2vYHyk8K+PSfwJJZdMTNEfUDXdeG429cP+P7NUgJOB16CEMWWnvTSRv
IQ4TaYUihLfq2W6rdL7O17DQtjRlI4Sck+Z1SCZRWrqShtHcZF28hLZtMFRv9pmb
T+tnDoQW89GtZTDpNIrSjOMHjyF2UATirm8m4GeTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUStF6q8ZNd+539z5Izf9d3YXe8cUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQxYjQ1NWIwLWQ0ZWMtNDVmNy04N2JiLTU5N2ZiNjJkNzI3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI22/gwDQYJKoZIhvcNAQELBQADggEBAHzNPld2seDBwT1tRbTA0AWRwnYz
Z95MqLGMORCAaLg7jSppagmX8ws0hqBmmEM471mkpg6wNbJgFjl1BTEneni7ZfST
LMWfNjJO6R8Mh+it/XVckdI/yZKqvEnlecPjdHG9FH0ghm0UIAmx3qv4j1Yf9MH8
ARMIStoSZaz/o4DRCB+Ycrzg56M7Hy/Ar6G3SV1Kh7Z9EmSpoWWtarOf+RM785Jm
HfjdfmkDWB082n5liaJbP8dQw/641oR67lN4a+bGH8lwg5110oVjmsOpqYoCosaS
YpaSBXU2OH3l54CqD/fgtrItDr8P7zmPL1vwsOBF/RApGPxOl5EpJUM/ihY=
-----END CERTIFICATE-----