Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/525c9cd3-23c6-4487-859c-d061cf5c11cd.roa
File:                     525c9cd3-23c6-4487-859c-d061cf5c11cd.roa (raw, json)
Hash identifier:          JFOI4Blcnsad54eTv0tzUqCgO5jQfIhcoem0q5NHhiI=
Subject key identifier:   B0:94:FC:F0:CA:C1:24:A1:9E:81:8D:09:03:57:53:E3:F2:C2:FF:D7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4156F3DDADDB3850D32DBC9162FB7F9CA08DC9AA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/525c9cd3-23c6-4487-859c-d061cf5c11cd.roa
Signing time:             Sat 22 Mar 2025 00:31:16 +0000
ROA not before:           Sat 22 Mar 2025 00:31:16 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.3.5.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:56:f3:dd:ad:db:38:50:d3:2d:bc:91:62:fb:7f:9c:a0:8d:c9:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 22 00:31:16 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: serialNumber=ac020cb89059509495f974e9796bde39b264df6e03cd2c6dd892fa7664191afd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f1:74:1c:f1:51:55:71:eb:d2:4f:15:52:8c:
                    74:ac:ed:5e:3c:50:e9:de:1a:eb:d1:62:6a:ba:1b:
                    22:37:0d:18:97:c7:63:64:4b:2d:f5:d4:38:63:4f:
                    17:da:ad:aa:1f:59:15:7e:78:07:fc:24:42:d7:69:
                    87:76:f2:02:ed:ea:1c:a1:24:83:70:31:11:b0:4e:
                    ca:25:f1:20:e7:95:3f:08:12:ad:25:a0:47:4e:f9:
                    ea:1f:ad:e2:5d:db:23:bf:03:54:cd:93:b4:fa:b7:
                    ae:0c:c0:cb:a5:44:2a:de:61:5d:a3:68:9c:ff:15:
                    c9:58:c1:41:cc:c3:e9:c2:be:7b:7b:2d:41:32:7b:
                    79:17:a3:df:f0:e7:fd:a8:60:59:58:29:28:6f:6e:
                    dd:d9:ab:57:53:42:31:27:b8:8e:c1:16:1b:9e:e5:
                    bb:68:c6:22:75:14:8d:c4:c0:ee:f3:11:1a:40:5e:
                    f7:66:44:5d:b0:99:83:24:c3:21:3e:e2:07:b2:46:
                    85:ec:56:e9:5d:57:a6:1b:82:80:ca:97:f6:16:c4:
                    41:96:3b:b5:e2:ed:d6:74:16:31:1a:c1:30:8c:e1:
                    ba:25:30:9e:8b:2b:9f:27:7d:11:88:3c:46:06:f7:
                    8d:1b:93:e8:f9:77:c7:51:bb:7e:e5:9d:02:85:ed:
                    d5:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:94:FC:F0:CA:C1:24:A1:9E:81:8D:09:03:57:53:E3:F2:C2:FF:D7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/525c9cd3-23c6-4487-859c-d061cf5c11cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.3.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:6f:bf:84:6d:ee:83:d2:14:ca:48:98:28:e4:69:c8:50:9c:
         77:5c:fe:1c:de:ce:b5:1f:bd:7b:1d:64:e2:07:13:e4:8c:05:
         18:03:82:6e:a3:7d:5e:88:16:8c:26:fb:dd:5c:e9:9d:fe:a1:
         46:21:1d:63:b4:45:fc:15:61:06:5b:39:e5:d6:f9:00:06:81:
         66:17:45:9d:26:34:f3:7b:19:0d:66:2e:95:5f:9b:07:5d:04:
         b8:93:fe:42:41:5e:ec:d7:62:7a:81:0b:f6:4e:0f:05:da:f0:
         e7:71:ee:f7:74:42:8a:0e:3c:c5:a4:46:c9:88:51:c2:0c:c6:
         69:87:a1:b9:52:e8:2f:41:38:dd:31:c5:86:fe:b1:84:10:c4:
         05:85:ee:82:45:24:54:76:77:31:ac:2f:76:e9:0b:ed:16:34:
         36:57:1f:f0:7b:67:42:02:4b:42:7d:a9:d9:48:c9:1a:b1:3b:
         fc:6c:93:b3:04:a0:31:33:bd:5f:a1:16:d6:7f:54:72:d5:b9:
         c2:cd:e3:44:96:5b:37:ca:75:a7:15:1a:b8:e5:d1:fc:02:f8:
         a2:6e:82:94:fc:98:11:dd:6c:15:49:97:7d:1d:34:63:34:06:
         7c:91:8e:af:fe:ad:ab:57:64:5c:73:08:53:79:e8:b9:7b:96:
         71:12:f6:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQVbz3a3bOFDTLbyRYvt/nKCNyaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzIyMDAzMTE2WhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzAyMGNiODkwNTk1MDk0OTVmOTc0ZTk3OTZiZGUzOWIy
NjRkZjZlMDNjZDJjNmRkODkyZmE3NjY0MTkxYWZkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi8XQc8VFVcevSTxVSjHSs7V48UOneGuvRYmq6GyI3DRiX
x2NkSy311DhjTxfaraofWRV+eAf8JELXaYd28gLt6hyhJINwMRGwTsol8SDnlT8I
Eq0loEdO+eofreJd2yO/A1TNk7T6t64MwMulRCreYV2jaJz/FclYwUHMw+nCvnt7
LUEye3kXo9/w5/2oYFlYKShvbt3Zq1dTQjEnuI7BFhue5btoxiJ1FI3EwO7zERpA
XvdmRF2wmYMkwyE+4geyRoXsVuldV6YbgoDKl/YWxEGWO7Xi7dZ0FjEawTCM4bol
MJ6LK58nfRGIPEYG940bk+j5d8dRu37lnQKF7dXZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsJT88MrBJKGegY0JA1dT4/LC/9cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUyNWM5Y2QzLTIzYzYtNDQ4Ny04NTljLWQwNjFjZjVjMTFjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAwUwDQYJKoZIhvcNAQELBQADggEBAHtvv4Rt7oPSFMpImCjkachQnHdc
/hzezrUfvXsdZOIHE+SMBRgDgm6jfV6IFowm+91c6Z3+oUYhHWO0RfwVYQZbOeXW
+QAGgWYXRZ0mNPN7GQ1mLpVfmwddBLiT/kJBXuzXYnqBC/ZODwXa8Odx7vd0QooO
PMWkRsmIUcIMxmmHoblS6C9BON0xxYb+sYQQxAWF7oJFJFR2dzGsL3bpC+0WNDZX
H/B7Z0ICS0J9qdlIyRqxO/xsk7MEoDEzvV+hFtZ/VHLVucLN40SWWzfKdacVGrjl
0fwC+KJugpT8mBHdbBVJl30dNGM0BnyRjq/+ratXZFxzCFN56Ll7lnES9js=
-----END CERTIFICATE-----