Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4be5bf81-7974-4cac-8621-0cce3471aa2b.roa
File:                     4be5bf81-7974-4cac-8621-0cce3471aa2b.roa (raw, json)
Hash identifier:          Sc8bvkSphCD68uhUH6QdFgS+X6da6+hPmgb+0OwlNl4=
Subject key identifier:   47:34:CC:9A:37:71:31:4B:9D:98:09:95:A0:A8:57:BB:8D:90:BB:40
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       419755BA9C85578810AD6661E4D30A07F862D91B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4be5bf81-7974-4cac-8621-0cce3471aa2b.roa
Signing time:             Mon 24 Mar 2025 18:41:08 +0000
ROA not before:           Mon 24 Mar 2025 18:41:08 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.160.0/21 maxlen: 21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:97:55:ba:9c:85:57:88:10:ad:66:61:e4:d3:0a:07:f8:62:d9:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 18:41:08 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=d5db9f177a25f288a07db28fc00b258262e7dac7088595707695f1dbea87f0ee, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b3:66:e6:00:d0:fe:df:31:0a:88:ec:06:57:
                    8a:2d:e7:7a:70:42:b3:94:84:37:63:e1:d5:0b:50:
                    4e:a6:9d:4c:b6:65:dc:42:2b:d8:01:18:6a:96:e9:
                    4e:bb:c8:6e:42:e0:20:7f:c6:4a:e4:c0:80:10:f8:
                    82:f5:5b:95:c7:64:19:6f:c1:2f:32:6d:6f:66:01:
                    37:08:2f:05:a8:e1:74:07:ce:99:10:0a:0a:60:b4:
                    67:7a:8f:42:2a:49:7c:88:5a:ca:28:99:a4:d9:0a:
                    e2:36:ab:85:f0:97:d5:09:2c:01:c0:06:89:c2:f0:
                    bf:00:a1:65:33:4a:c6:67:88:0d:42:66:19:c2:a2:
                    56:a5:41:ae:3f:aa:d0:14:06:67:01:34:09:71:66:
                    d0:a1:ca:36:fb:35:0e:0b:a3:db:95:6c:24:96:50:
                    1a:01:61:0d:3d:de:82:ac:61:b5:b1:08:9f:0c:4c:
                    41:b6:6d:4e:9a:e7:b4:f1:f4:33:25:96:41:83:07:
                    86:a8:f5:1d:66:15:bc:97:bf:81:2f:8b:94:01:0d:
                    90:29:41:82:be:9a:e1:1e:8a:fd:b2:98:6b:de:a2:
                    87:da:65:44:f9:4b:f2:11:38:eb:59:bd:3b:b7:a3:
                    fd:88:d5:a9:3b:73:20:7e:0c:a4:e8:86:b7:10:02:
                    f6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:34:CC:9A:37:71:31:4B:9D:98:09:95:A0:A8:57:BB:8D:90:BB:40
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4be5bf81-7974-4cac-8621-0cce3471aa2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:8b:3f:8c:93:de:fb:29:0f:84:84:ee:12:f9:ce:d3:67:0f:
         27:4b:9e:a2:8c:7d:53:40:68:79:cf:03:83:f5:63:23:1d:f5:
         79:99:ec:ea:c0:99:73:51:fa:61:2e:01:a1:13:2f:1b:3b:69:
         33:16:de:4a:27:83:68:84:64:71:3f:90:6c:66:05:77:43:1f:
         88:bf:da:ea:b6:d1:a7:97:56:c5:23:c0:5c:9a:8f:02:5a:f8:
         78:ff:11:27:9e:37:bb:f3:45:a7:4d:ef:1c:ae:d1:ec:9e:69:
         79:79:3c:71:76:86:98:e8:bc:17:fb:bf:f6:c8:cc:c2:00:2d:
         d7:9b:73:0b:b8:e7:05:3b:5d:32:09:39:7a:cd:2a:45:ee:7b:
         7d:65:38:ae:9f:71:2f:e9:e6:f4:20:ae:42:ff:75:03:2b:bd:
         2b:41:46:8c:da:a8:9d:93:d9:3e:53:a4:4e:ff:c8:9e:b9:ef:
         e0:39:5c:58:94:0e:28:f9:90:4b:0a:36:2c:27:d7:09:41:20:
         39:3b:93:18:9a:19:f3:61:a9:b1:fe:5c:56:2b:17:39:59:43:
         30:f3:24:c6:da:a9:56:6c:a0:83:eb:ce:1a:f4:85:1d:a1:9b:
         2e:12:a0:5d:b3:f9:c4:b4:bf:36:6e:13:21:89:a0:7c:aa:80:
         3d:c0:c1:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQZdVupyFV4gQrWZh5NMKB/hi2RswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTg0MTA4WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNWRiOWYxNzdhMjVmMjg4YTA3ZGIyOGZjMDBiMjU4MjYy
ZTdkYWM3MDg4NTk1NzA3Njk1ZjFkYmVhODdmMGVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2s2bmAND+3zEKiOwGV4ot53pwQrOUhDdj4dULUE6mnUy2
ZdxCK9gBGGqW6U67yG5C4CB/xkrkwIAQ+IL1W5XHZBlvwS8ybW9mATcILwWo4XQH
zpkQCgpgtGd6j0IqSXyIWsoomaTZCuI2q4Xwl9UJLAHABonC8L8AoWUzSsZniA1C
ZhnColalQa4/qtAUBmcBNAlxZtChyjb7NQ4Lo9uVbCSWUBoBYQ093oKsYbWxCJ8M
TEG2bU6a57Tx9DMllkGDB4ao9R1mFbyXv4Evi5QBDZApQYK+muEeiv2ymGveoofa
ZUT5S/IROOtZvTu3o/2I1ak7cyB+DKTohrcQAvZ/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURzTMmjdxMUudmAmVoKhXu42Qu0AwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRiZTViZjgxLTc5NzQtNGNhYy04NjIxLTBjY2UzNDcxYWEyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM29aAwDQYJKoZIhvcNAQELBQADggEBAC+LP4yT3vspD4SE7hL5ztNnDydL
nqKMfVNAaHnPA4P1YyMd9XmZ7OrAmXNR+mEuAaETLxs7aTMW3kong2iEZHE/kGxm
BXdDH4i/2uq20aeXVsUjwFyajwJa+Hj/ESeeN7vzRadN7xyu0eyeaXl5PHF2hpjo
vBf7v/bIzMIALdebcwu45wU7XTIJOXrNKkXue31lOK6fcS/p5vQgrkL/dQMrvStB
RozaqJ2T2T5TpE7/yJ657+A5XFiUDij5kEsKNiwn1wlBIDk7kxiaGfNhqbH+XFYr
FzlZQzDzJMbaqVZsoIPrzhr0hR2hmy4SoF2z+cS0vzZuEyGJoHyqgD3AwXw=
-----END CERTIFICATE-----