Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4b7356a7-4b64-4c13-b774-6d77ea599210.roa
File:                     4b7356a7-4b64-4c13-b774-6d77ea599210.roa (raw, json)
Hash identifier:          0OxBvE/NYO9XmOUlQcrvHc1fPWKVBnoM0jEOhMWYvIE=
Subject key identifier:   16:FC:8A:A7:CF:89:CE:C7:94:49:0B:D1:D3:97:52:AC:70:D7:C3:4E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       02B9ED057075199AB04457950CB0EA7EF8D3BCDF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4b7356a7-4b64-4c13-b774-6d77ea599210.roa
Signing time:             Mon 24 Mar 2025 17:41:26 +0000
ROA not before:           Mon 24 Mar 2025 17:41:26 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.228.20.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:b9:ed:05:70:75:19:9a:b0:44:57:95:0c:b0:ea:7e:f8:d3:bc:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 17:41:26 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=a3511b5d8d38d037b5a6ea2bd5f56678cd15def871cb81da649c89b3e4ee4eed, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:7e:3c:00:b9:e7:df:8e:df:b4:fd:7f:c0:18:
                    5f:5e:5c:d5:40:18:38:b0:5d:fd:d1:92:2c:e6:9c:
                    5d:4b:38:3a:2c:da:ee:c8:4f:42:b6:7d:07:35:78:
                    4d:3b:8c:0d:0e:c0:b1:e7:48:b2:31:bc:c9:2a:05:
                    0d:8b:bd:2f:43:c3:d2:c2:f1:7c:e5:f8:2d:aa:0d:
                    dd:b2:13:2c:f4:35:b4:8e:73:6d:fd:61:c7:eb:a0:
                    30:c2:d6:e6:b5:a4:0f:a1:08:47:2a:1c:44:bf:9b:
                    8f:03:60:a1:f9:9b:1c:7d:b2:d5:0d:1c:66:52:c8:
                    bb:91:29:89:47:13:f1:67:7d:a4:51:3b:77:92:df:
                    43:91:d5:d7:99:6f:8a:a2:ca:48:af:3e:15:ca:b7:
                    f1:db:66:c0:f2:13:e1:e0:75:f3:e8:c5:fe:55:2d:
                    e2:c4:09:49:4d:5a:5e:a5:25:01:00:41:ae:d0:e7:
                    37:26:09:0c:b9:30:99:30:9d:4a:87:fc:57:7f:23:
                    70:a7:f9:9a:a0:c7:56:2e:d1:b0:46:0f:7e:1b:e5:
                    f6:cc:ef:72:45:7d:62:3d:99:63:5d:43:06:17:0a:
                    87:4f:85:91:22:42:23:08:d7:57:3c:bb:63:84:87:
                    81:ed:be:dc:1c:8c:aa:54:58:cb:1d:32:1d:79:23:
                    7e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:FC:8A:A7:CF:89:CE:C7:94:49:0B:D1:D3:97:52:AC:70:D7:C3:4E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4b7356a7-4b64-4c13-b774-6d77ea599210.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.228.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:d4:8b:7f:b7:c4:2c:9e:21:02:9c:79:76:c2:fb:81:7c:3f:
         76:01:63:90:27:d5:50:c4:ca:20:22:0d:85:63:ac:47:a8:d5:
         04:d5:7b:43:a8:a0:0c:1a:30:d5:87:c8:89:09:80:9d:a6:3f:
         ac:15:83:2b:08:92:fe:10:71:51:96:36:39:96:05:5b:c1:2a:
         80:26:15:f6:a8:41:70:9e:33:3c:a6:b3:e0:ec:f2:e1:5d:41:
         96:5b:79:f1:d8:fb:45:ea:1d:c8:9d:8d:a1:78:4f:69:f9:3f:
         14:a3:81:3b:9f:07:5a:3a:ef:c5:ed:9e:2d:45:ad:39:66:81:
         e5:94:32:53:9c:b1:7e:bc:de:d3:e6:db:8e:a4:9f:9a:74:04:
         28:68:1e:a7:0d:3a:bd:7f:75:6c:d3:c2:8b:a0:95:f1:c1:cc:
         f9:37:65:e1:2d:63:77:65:2b:b4:13:79:fa:57:98:77:62:80:
         fc:ca:c7:4a:dc:d7:c7:57:00:2e:8e:76:4e:2a:1a:1d:3e:41:
         3b:b5:76:46:b1:e4:a0:b8:61:53:27:72:fd:d0:a9:7f:aa:3f:
         00:8c:e6:30:1b:32:82:47:38:e4:6f:3f:d7:1a:91:e5:6d:18:
         07:d0:08:b3:b0:60:b2:73:ed:9f:95:e9:d5:10:6e:96:9b:31:
         a6:b7:6e:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUArntBXB1GZqwRFeVDLDqfvjTvN8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTc0MTI2WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzUxMWI1ZDhkMzhkMDM3YjVhNmVhMmJkNWY1NjY3OGNk
MTVkZWY4NzFjYjgxZGE2NDljODliM2U0ZWU0ZWVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxfjwAueffjt+0/X/AGF9eXNVAGDiwXf3RkizmnF1LODos
2u7IT0K2fQc1eE07jA0OwLHnSLIxvMkqBQ2LvS9Dw9LC8Xzl+C2qDd2yEyz0NbSO
c239YcfroDDC1ua1pA+hCEcqHES/m48DYKH5mxx9stUNHGZSyLuRKYlHE/FnfaRR
O3eS30OR1deZb4qiykivPhXKt/HbZsDyE+HgdfPoxf5VLeLECUlNWl6lJQEAQa7Q
5zcmCQy5MJkwnUqH/Fd/I3Cn+Zqgx1Yu0bBGD34b5fbM73JFfWI9mWNdQwYXCodP
hZEiQiMI11c8u2OEh4HtvtwcjKpUWMsdMh15I36JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFvyKp8+JzseUSQvR05dSrHDXw04wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRiNzM1NmE3LTRiNjQtNGMxMy1iNzc0LTZkNzdlYTU5OTIxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI25BQwDQYJKoZIhvcNAQELBQADggEBAEzUi3+3xCyeIQKceXbC+4F8P3YB
Y5An1VDEyiAiDYVjrEeo1QTVe0OooAwaMNWHyIkJgJ2mP6wVgysIkv4QcVGWNjmW
BVvBKoAmFfaoQXCeMzyms+Ds8uFdQZZbefHY+0XqHcidjaF4T2n5PxSjgTufB1o6
78Xtni1FrTlmgeWUMlOcsX683tPm246kn5p0BChoHqcNOr1/dWzTwouglfHBzPk3
ZeEtY3dlK7QTefpXmHdigPzKx0rc18dXAC6Odk4qGh0+QTu1dkax5KC4YVMncv3Q
qX+qPwCM5jAbMoJHOORvP9cakeVtGAfQCLOwYLJz7Z+V6dUQbpabMaa3blo=
-----END CERTIFICATE-----