Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5ae5210c-d469-43b7-8e47-3e4190af8c57.roa
File:                     5ae5210c-d469-43b7-8e47-3e4190af8c57.roa (raw, json)
Hash identifier:          OhkedFt80QqrhxJ6MMx6VRTWe/+gqC9WncgJ883Rteo=
Subject key identifier:   32:BE:F0:D3:D7:11:36:71:C5:F7:41:7A:13:26:7D:E3:07:DE:A4:5D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0A3969567449FEABAA4B5EB06CEE9B42239E4188
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5ae5210c-d469-43b7-8e47-3e4190af8c57.roa
Signing time:             Mon 24 Mar 2025 16:30:09 +0000
ROA not before:           Mon 24 Mar 2025 16:30:09 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.197.193.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:39:69:56:74:49:fe:ab:aa:4b:5e:b0:6c:ee:9b:42:23:9e:41:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 16:30:09 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=92841b4a4d9ded18cae5720fb1de466055242e989e274fe65cf0653b4fbad1f0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:dc:01:7f:b9:84:20:2e:89:b5:41:dc:e0:59:
                    44:bf:76:1c:c5:7f:69:66:34:93:57:3d:98:9c:95:
                    b9:43:16:f2:75:02:4d:8f:07:26:72:d6:f8:fe:c7:
                    e2:bb:ca:fb:f3:47:4f:6e:08:ef:91:7d:3f:2d:84:
                    9d:68:9d:47:5e:39:54:dd:b9:dc:e6:b1:8e:d3:53:
                    a3:75:d9:bb:3a:a8:46:66:94:69:0f:93:bf:32:83:
                    df:6a:01:31:ce:75:40:72:09:a3:d6:d6:4e:9c:4f:
                    96:02:05:fb:9b:a8:e2:24:44:f6:32:b5:54:d8:80:
                    b9:98:e2:fa:f0:4a:58:5b:b0:39:15:47:94:e7:c0:
                    54:66:5f:86:cf:bb:98:4e:35:eb:7f:a7:ac:66:88:
                    f3:f6:2e:9c:59:b1:28:0d:94:8e:e1:91:20:ba:1c:
                    0e:7a:09:09:63:80:ae:78:15:bc:03:10:21:d7:18:
                    46:36:2f:24:37:a8:bd:cb:88:cf:0a:b6:54:4a:bb:
                    bf:ce:04:45:9a:89:31:20:e8:e4:5d:85:77:af:87:
                    81:b3:5c:4d:5f:2c:64:59:9c:b5:dd:0a:75:54:a0:
                    39:d0:63:37:6d:a5:aa:16:44:db:60:6d:53:6d:96:
                    5f:71:f0:3d:b2:e6:32:ac:9f:21:7f:ff:20:ef:3a:
                    56:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:BE:F0:D3:D7:11:36:71:C5:F7:41:7A:13:26:7D:E3:07:DE:A4:5D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5ae5210c-d469-43b7-8e47-3e4190af8c57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.197.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:e7:35:19:e2:a9:92:a3:b9:ba:41:f6:26:c5:af:9f:3f:8b:
         65:e5:d1:53:aa:4f:f9:06:72:b0:6d:ad:9f:2b:cc:7d:4c:53:
         b1:a6:03:af:af:46:92:a5:a5:2a:18:f7:e2:30:8c:1d:e1:78:
         c5:c0:ba:97:e4:3d:7e:49:4f:62:f5:ea:30:e9:c7:39:ff:84:
         98:82:f8:03:eb:f6:3c:eb:a7:53:1d:f5:09:db:52:37:9e:b2:
         1c:56:33:4d:37:95:05:b5:89:2d:de:4f:f4:28:21:52:dc:54:
         c7:90:b6:37:40:97:ea:e4:0c:25:2a:d2:9c:78:a9:85:ea:96:
         1c:1a:7e:8e:0e:aa:35:90:5e:43:09:41:ba:d5:fb:8d:60:7d:
         13:ef:68:64:bf:74:5d:88:32:32:da:9c:ba:9b:d8:a4:11:05:
         b5:3d:f3:b8:6d:4d:f1:b3:e3:f3:84:45:25:2f:2f:8e:5d:83:
         f4:6f:25:0a:79:ca:54:1c:21:32:4b:ef:53:64:b2:cc:2c:74:
         8f:29:69:2d:f9:6a:84:63:4b:3f:a4:b2:1c:d6:47:5c:5e:d4:
         87:15:93:08:42:68:b1:95:37:96:6e:fd:07:10:ee:8b:38:06:
         08:7d:bb:eb:92:ce:65:9a:8d:e2:8d:12:28:19:6a:89:42:39:
         70:4f:96:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCjlpVnRJ/quqS16wbO6bQiOeQYgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTYzMDA5WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Mjg0MWI0YTRkOWRlZDE4Y2FlNTcyMGZiMWRlNDY2MDU1
MjQyZTk4OWUyNzRmZTY1Y2YwNjUzYjRmYmFkMWYwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD3AF/uYQgLom1QdzgWUS/dhzFf2lmNJNXPZiclblDFvJ1
Ak2PByZy1vj+x+K7yvvzR09uCO+RfT8thJ1onUdeOVTdudzmsY7TU6N12bs6qEZm
lGkPk78yg99qATHOdUByCaPW1k6cT5YCBfubqOIkRPYytVTYgLmY4vrwSlhbsDkV
R5TnwFRmX4bPu5hONet/p6xmiPP2LpxZsSgNlI7hkSC6HA56CQljgK54FbwDECHX
GEY2LyQ3qL3LiM8KtlRKu7/OBEWaiTEg6ORdhXevh4GzXE1fLGRZnLXdCnVUoDnQ
YzdtpaoWRNtgbVNtll9x8D2y5jKsnyF//yDvOlbLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMr7w09cRNnHF90F6EyZ94wfepF0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVhZTUyMTBjLWQ0NjktNDNiNy04ZTQ3LTNlNDE5MGFmOGM1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2xcEwDQYJKoZIhvcNAQELBQADggEBADLnNRniqZKjubpB9ibFr58/i2Xl
0VOqT/kGcrBtrZ8rzH1MU7GmA6+vRpKlpSoY9+IwjB3heMXAupfkPX5JT2L16jDp
xzn/hJiC+APr9jzrp1Md9QnbUjeeshxWM003lQW1iS3eT/QoIVLcVMeQtjdAl+rk
DCUq0px4qYXqlhwafo4OqjWQXkMJQbrV+41gfRPvaGS/dF2IMjLanLqb2KQRBbU9
87htTfGz4/OERSUvL45dg/RvJQp5ylQcITJL71NksswsdI8paS35aoRjSz+kshzW
R1xe1IcVkwhCaLGVN5Zu/QcQ7os4Bgh9u+uSzmWajeKNEigZaolCOXBPloU=
-----END CERTIFICATE-----