Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55614c32-2a17-4b78-80f5-15ba7f57fc2c.roa
File:                     55614c32-2a17-4b78-80f5-15ba7f57fc2c.roa (raw, json)
Hash identifier:          jaBbuGfmQsTGOVHO7SUfnV4bfBTQp3wvMP7cpe95aGk=
Subject key identifier:   91:FA:79:32:F4:9E:F0:E2:C6:5A:DA:A0:5B:16:2C:DD:CC:92:48:8B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       632E3F94A3140F98738B7C4CA4CE377026CE2DE3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55614c32-2a17-4b78-80f5-15ba7f57fc2c.roa
Signing time:             Sat 22 Mar 2025 00:41:41 +0000
ROA not before:           Sat 22 Mar 2025 00:41:41 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.40.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:2e:3f:94:a3:14:0f:98:73:8b:7c:4c:a4:ce:37:70:26:ce:2d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 22 00:41:41 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: serialNumber=7e4b9ec89d904e8fa84505e421b59ce28b78b172d472f808d93e9babc54d4479, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:cb:47:98:1c:ba:d1:1e:50:1b:de:4f:3f:c4:
                    c1:c0:83:9c:ed:d2:b2:59:ad:cc:9c:30:95:67:c0:
                    d5:6c:6a:d4:e4:b6:cd:e1:c8:c3:f0:2e:c6:f1:58:
                    ae:fb:14:cf:2d:20:63:c2:6d:aa:53:08:37:93:e6:
                    14:34:64:71:c5:38:3d:45:0e:82:aa:35:ea:c8:11:
                    0b:2b:0e:27:3f:a5:6b:0c:de:99:24:5e:eb:ca:d1:
                    d5:c9:26:e9:5c:a4:7f:ed:04:fd:26:bc:47:c4:36:
                    46:62:2f:1a:4b:25:60:9e:38:d1:5c:96:7f:15:c6:
                    0e:6a:f1:b3:b2:ff:36:fc:8e:cc:8b:57:c3:37:ee:
                    58:80:db:48:87:3e:1c:00:77:27:25:11:97:63:98:
                    91:ca:4f:2f:90:85:3f:87:19:4f:e3:bf:dc:34:de:
                    02:fa:cf:49:2a:e1:94:8e:f1:85:6d:2f:25:cd:ff:
                    81:81:9e:6f:7f:9a:68:df:fa:ee:07:e5:3d:65:01:
                    63:bf:a8:79:22:c4:a3:05:d5:3f:09:2f:d2:c2:36:
                    7d:11:f2:8c:98:b9:60:19:c3:b2:19:fe:67:ae:e2:
                    9b:48:54:c6:07:26:36:bf:ab:af:fb:2d:56:d1:59:
                    a3:dd:59:e3:db:2f:fa:c0:12:c6:8e:78:f7:74:e0:
                    96:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:FA:79:32:F4:9E:F0:E2:C6:5A:DA:A0:5B:16:2C:DD:CC:92:48:8B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55614c32-2a17-4b78-80f5-15ba7f57fc2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:6f:60:c9:f9:55:15:5b:e7:19:fd:17:cd:5d:96:6d:87:e0:
         4e:fc:2d:ed:4b:ba:f1:b2:03:40:3b:c1:d0:0a:fb:4e:ef:0c:
         78:f2:ec:55:a0:c4:14:58:f7:eb:01:7e:a7:dd:0b:8c:7c:57:
         91:c4:a0:91:e7:f3:64:b5:fd:f2:a0:a4:96:65:d6:55:2d:73:
         16:c8:c7:b4:da:b9:1a:f8:3b:39:7a:2d:e7:56:a5:6c:d9:4f:
         ac:fe:01:be:c0:00:54:8c:e4:15:50:f1:27:74:37:90:11:4c:
         cb:0c:49:78:58:a7:b2:1b:bb:75:20:52:fd:0b:8c:69:48:31:
         7b:a7:94:d1:2d:41:ab:99:50:18:62:b0:ab:fa:72:8b:25:ba:
         04:b7:18:cf:02:f4:21:d1:41:6b:0a:47:fe:2c:de:35:30:70:
         f8:d6:79:6f:8a:cb:ac:51:ba:d1:89:78:44:c4:a5:a1:d7:10:
         24:05:30:98:ed:e0:28:f2:6d:32:cd:16:da:c1:c9:ee:19:ea:
         ad:d2:74:a8:ae:0e:26:4c:71:45:40:31:26:0e:2c:c3:e4:19:
         70:b3:fa:53:10:25:14:20:7e:d7:4d:80:54:f6:44:2d:84:56:
         fe:e7:24:38:32:4c:93:cd:28:fa:f7:bc:ae:de:3e:09:39:0e:
         5e:f6:91:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYy4/lKMUD5hzi3xMpM43cCbOLeMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzIyMDA0MTQxWhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZTRiOWVjODlkOTA0ZThmYTg0NTA1ZTQyMWI1OWNlMjhi
NzhiMTcyZDQ3MmY4MDhkOTNlOWJhYmM1NGQ0NDc5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKy0eYHLrRHlAb3k8/xMHAg5zt0rJZrcycMJVnwNVsatTk
ts3hyMPwLsbxWK77FM8tIGPCbapTCDeT5hQ0ZHHFOD1FDoKqNerIEQsrDic/pWsM
3pkkXuvK0dXJJulcpH/tBP0mvEfENkZiLxpLJWCeONFcln8Vxg5q8bOy/zb8jsyL
V8M37liA20iHPhwAdyclEZdjmJHKTy+QhT+HGU/jv9w03gL6z0kq4ZSO8YVtLyXN
/4GBnm9/mmjf+u4H5T1lAWO/qHkixKMF1T8JL9LCNn0R8oyYuWAZw7IZ/meu4ptI
VMYHJja/q6/7LVbRWaPdWePbL/rAEsaOePd04JZdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkfp5MvSe8OLGWtqgWxYs3cySSIswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU1NjE0YzMyLTJhMTctNGI3OC04MGY1LTE1YmE3ZjU3ZmMyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDISgwDQYJKoZIhvcNAQELBQADggEBAKhvYMn5VRVb5xn9F81dlm2H4E78
Le1LuvGyA0A7wdAK+07vDHjy7FWgxBRY9+sBfqfdC4x8V5HEoJHn82S1/fKgpJZl
1lUtcxbIx7TauRr4Ozl6LedWpWzZT6z+Ab7AAFSM5BVQ8Sd0N5ARTMsMSXhYp7Ib
u3UgUv0LjGlIMXunlNEtQauZUBhisKv6coslugS3GM8C9CHRQWsKR/4s3jUwcPjW
eW+Ky6xRutGJeETEpaHXECQFMJjt4CjybTLNFtrBye4Z6q3SdKiuDiZMcUVAMSYO
LMPkGXCz+lMQJRQgftdNgFT2RC2EVv7nJDgyTJPNKPr3vK7ePgk5Dl72kXo=
-----END CERTIFICATE-----