Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4b310407-c808-4791-8d9d-9f59b7bf1873.roa
File:                     4b310407-c808-4791-8d9d-9f59b7bf1873.roa (raw, json)
Hash identifier:          XQp6XpgcIHv5sFATI+7+jt5/ssnc4/TkzIP6wvwNyIU=
Subject key identifier:   3D:71:B5:9A:48:09:33:A3:19:8D:F7:44:AB:12:34:EB:5F:24:4D:2D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2CCB9A0C635F4E18C082A2398E30F8B6DCCD6DED
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4b310407-c808-4791-8d9d-9f59b7bf1873.roa
Signing time:             Mon 31 Mar 2025 16:31:05 +0000
ROA not before:           Mon 31 Mar 2025 16:31:05 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.240.0/21 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:cb:9a:0c:63:5f:4e:18:c0:82:a2:39:8e:30:f8:b6:dc:cd:6d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 16:31:05 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=f571ad4fbd38e0b75dca57c605d89ea9365292e16fce7cd0d16eb9e396b22fbd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a5:4f:dc:c7:92:8e:85:b3:f9:6a:83:60:df:
                    b4:76:6e:20:b6:1c:2a:75:f6:3e:72:e3:17:e5:b6:
                    3d:c5:6f:54:41:ec:98:24:53:38:a2:9a:5f:1f:a2:
                    aa:39:4a:8a:ea:25:a4:26:90:e1:84:21:ac:bb:47:
                    c2:7a:93:9d:22:6e:0f:bf:f1:a5:6a:d0:77:22:78:
                    7d:a4:9d:28:81:8c:df:03:dd:52:87:50:d6:14:8f:
                    26:61:d8:83:af:62:60:d7:b5:8f:f5:dc:ad:49:bc:
                    4e:9c:46:4e:2c:9e:5e:bd:09:67:d3:7c:9a:27:84:
                    d8:1e:90:2b:03:0a:d6:ef:c1:82:19:14:03:42:31:
                    c4:80:a1:4a:78:94:ec:44:38:13:9a:62:24:d2:11:
                    aa:88:38:d0:06:20:73:c4:3f:c1:ef:5e:61:15:56:
                    ea:f5:9c:fd:90:18:84:49:79:7f:a4:46:f6:56:8c:
                    59:bb:84:d5:39:91:a6:40:ee:0e:8e:4e:b2:ac:54:
                    31:3c:50:0d:4e:9a:05:7f:f3:5c:b2:ac:55:4b:7d:
                    3e:1d:ab:16:5b:0c:36:6c:ca:16:47:2a:e3:a3:2d:
                    90:ea:f4:7b:39:09:26:a0:41:1d:8e:9c:dc:3f:c0:
                    14:2d:13:9f:00:6b:da:76:de:4b:5d:53:39:60:6c:
                    c5:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:71:B5:9A:48:09:33:A3:19:8D:F7:44:AB:12:34:EB:5F:24:4D:2D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4b310407-c808-4791-8d9d-9f59b7bf1873.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:c0:ac:85:7f:5c:68:f1:3d:fb:f4:52:57:f7:b1:3a:4a:cb:
         49:f7:0b:73:89:53:07:f2:06:be:63:7e:b5:25:be:f6:e5:3d:
         7b:c7:7e:f8:c9:df:e5:d2:da:0c:df:bb:bb:7b:aa:35:cc:2f:
         4b:2a:af:a6:d1:8a:06:26:dd:ee:df:14:eb:5d:5c:72:60:7d:
         ae:ab:6c:9f:cc:e9:dc:f4:d7:98:f5:44:f5:82:ac:5c:ec:4d:
         69:24:45:61:f8:87:a9:62:66:bc:3d:0a:bd:f3:7b:9d:7a:43:
         4d:45:8f:54:20:86:c7:6d:3f:42:75:56:71:60:88:7a:b0:4a:
         c6:84:12:e1:22:48:b2:ad:76:32:8b:76:59:c0:e7:9e:ec:e2:
         8d:51:16:b4:b0:0f:9e:17:98:d9:45:22:7a:65:52:83:09:3d:
         a4:0a:79:ac:cc:c5:23:af:c0:14:eb:01:a8:35:7d:b7:87:93:
         e6:b0:70:5d:69:f9:46:8f:a1:b4:7c:6f:62:6d:a9:c9:ac:6a:
         3b:84:2a:19:c7:ef:83:fc:d7:19:e5:58:a2:fc:b3:5f:31:46:
         7b:dc:a6:f0:31:87:f1:f5:1d:38:14:9c:82:81:d8:3e:ad:2c:
         a7:f7:1d:d3:cc:49:82:ba:45:e6:dd:9e:db:7e:1c:ce:bf:21:
         27:12:98:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULMuaDGNfThjAgqI5jjD4ttzNbe0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTYzMTA1WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTcxYWQ0ZmJkMzhlMGI3NWRjYTU3YzYwNWQ4OWVhOTM2
NTI5MmUxNmZjZTdjZDBkMTZlYjllMzk2YjIyZmJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhpU/cx5KOhbP5aoNg37R2biC2HCp19j5y4xfltj3Fb1RB
7JgkUziiml8foqo5SorqJaQmkOGEIay7R8J6k50ibg+/8aVq0HcieH2knSiBjN8D
3VKHUNYUjyZh2IOvYmDXtY/13K1JvE6cRk4snl69CWfTfJonhNgekCsDCtbvwYIZ
FANCMcSAoUp4lOxEOBOaYiTSEaqIONAGIHPEP8HvXmEVVur1nP2QGIRJeX+kRvZW
jFm7hNU5kaZA7g6OTrKsVDE8UA1OmgV/81yyrFVLfT4dqxZbDDZsyhZHKuOjLZDq
9Hs5CSagQR2OnNw/wBQtE58Aa9p23ktdUzlgbMXZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPXG1mkgJM6MZjfdEqxI0618kTS0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRiMzEwNDA3LWM4MDgtNDc5MS04ZDlkLTlmNTliN2JmMTg3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3PAwDQYJKoZIhvcNAQELBQADggEBAJXArIV/XGjxPfv0Ulf3sTpKy0n3
C3OJUwfyBr5jfrUlvvblPXvHfvjJ3+XS2gzfu7t7qjXML0sqr6bRigYm3e7fFOtd
XHJgfa6rbJ/M6dz015j1RPWCrFzsTWkkRWH4h6liZrw9Cr3ze516Q01Fj1Qghsdt
P0J1VnFgiHqwSsaEEuEiSLKtdjKLdlnA557s4o1RFrSwD54XmNlFInplUoMJPaQK
eazMxSOvwBTrAag1fbeHk+awcF1p+UaPobR8b2JtqcmsajuEKhnH74P81xnlWKL8
s18xRnvcpvAxh/H1HTgUnIKB2D6tLKf3HdPMSYK6Rebdntt+HM6/IScSmBE=
-----END CERTIFICATE-----