Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70da6bc2-e462-43d0-ac70-d427cc8b20e9.roa
File:                     70da6bc2-e462-43d0-ac70-d427cc8b20e9.roa (raw, json)
Hash identifier:          IeQNsUbJwhg4BuVTh/8HVTHPoDze0m6vL/tSMq+x5fI=
Subject key identifier:   80:24:A6:45:AE:FA:60:A2:6A:75:E9:9E:F0:08:C3:3A:A1:9D:3A:D8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5CF8ECDBF520F1A3F20A47C3C350B96B8F2B9FBD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70da6bc2-e462-43d0-ac70-d427cc8b20e9.roa
Signing time:             Mon 31 Mar 2025 16:51:52 +0000
ROA not before:           Mon 31 Mar 2025 16:51:52 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.254.128.0/17 maxlen: 17

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:f8:ec:db:f5:20:f1:a3:f2:0a:47:c3:c3:50:b9:6b:8f:2b:9f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 16:51:52 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=420682530c5f680d044be5eb11428a6e26b57f86fe63df7dfc068af38622079e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:41:5d:69:10:79:00:1f:5e:e1:e7:3c:77:5b:
                    aa:ba:5f:34:d9:84:6c:8c:2b:ec:40:19:15:a2:f9:
                    c4:6a:1e:3d:20:49:f6:2d:64:9a:8f:1f:05:c4:87:
                    f6:5b:51:f9:76:f7:33:aa:12:ef:c6:2c:4e:90:f6:
                    a4:89:aa:cd:81:76:f3:90:43:fe:9c:b6:ba:cc:cf:
                    83:da:6f:fb:80:5c:c6:eb:34:aa:61:ed:a9:c2:90:
                    6f:47:bd:ff:cb:fd:3a:90:65:54:87:2a:a0:23:24:
                    40:2e:24:6e:30:04:1c:da:59:da:cd:dd:b7:36:4c:
                    e2:99:db:e5:30:b3:8e:b4:db:00:29:42:6a:c6:c1:
                    20:03:6b:a9:16:06:45:2d:eb:c7:ac:61:9c:b0:eb:
                    0d:00:28:a2:b9:3a:18:eb:fa:f3:fa:21:9f:81:dd:
                    37:fa:cd:21:70:f4:2b:ae:9f:bc:e7:62:9b:2a:f8:
                    9b:6c:0c:b7:b6:bc:3d:10:86:02:7d:3f:9b:1d:f6:
                    4c:f7:d3:fd:38:30:9e:92:7e:3e:bb:b9:d1:69:fd:
                    1c:03:33:c5:49:1f:68:bc:38:58:ab:9d:69:80:28:
                    be:7c:a5:db:37:71:57:71:45:ec:e3:d4:26:3d:68:
                    9e:33:03:49:f2:7f:93:23:b5:14:e8:ca:56:e7:a9:
                    8a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:24:A6:45:AE:FA:60:A2:6A:75:E9:9E:F0:08:C3:3A:A1:9D:3A:D8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70da6bc2-e462-43d0-ac70-d427cc8b20e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.254.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         8c:3f:97:a1:79:4c:92:2c:59:0d:e0:d6:9c:70:af:9f:85:bb:
         98:8a:5b:15:0d:95:45:85:4d:00:63:18:9a:cf:62:e8:31:dd:
         2b:e8:bf:84:50:c5:1a:c0:6b:bf:e6:c1:92:bb:33:cc:29:24:
         b5:cf:a5:79:19:fd:02:74:d3:72:be:5b:c1:d2:40:a5:59:24:
         16:fb:61:fe:65:cd:c4:0e:8f:df:02:cb:33:c9:f9:48:09:bc:
         5d:f2:14:fd:d9:f3:94:af:ca:85:f5:90:05:a9:51:99:04:d6:
         bc:6a:89:29:a9:2f:26:ea:b2:62:29:52:b0:81:de:2e:9d:09:
         22:94:eb:7c:7f:77:07:71:f2:53:6f:6f:9c:00:52:c0:6d:27:
         1d:9c:8b:dd:d3:2e:9a:18:fa:b7:be:3a:be:c3:ac:8d:41:03:
         a2:95:79:b2:2a:ca:c4:f5:74:f8:a0:08:bf:9f:a2:52:0e:ec:
         22:8f:2b:a3:35:dd:da:78:07:fe:1f:88:69:c7:02:66:a5:e7:
         e0:98:e1:19:21:41:0d:1a:30:0f:32:84:0c:cd:2e:de:d6:d6:
         bc:f1:46:6e:a0:28:fd:b8:81:97:a0:e2:78:09:5c:f6:64:0a:
         4c:08:b6:c1:df:67:27:20:af:e8:a0:e4:ff:52:b9:11:7c:4d:
         d0:7e:3c:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXPjs2/Ug8aPyCkfDw1C5a48rn70wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTY1MTUyWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjA2ODI1MzBjNWY2ODBkMDQ0YmU1ZWIxMTQyOGE2ZTI2
YjU3Zjg2ZmU2M2RmN2RmYzA2OGFmMzg2MjIwNzllMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmQV1pEHkAH17h5zx3W6q6XzTZhGyMK+xAGRWi+cRqHj0g
SfYtZJqPHwXEh/ZbUfl29zOqEu/GLE6Q9qSJqs2BdvOQQ/6ctrrMz4Pab/uAXMbr
NKph7anCkG9Hvf/L/TqQZVSHKqAjJEAuJG4wBBzaWdrN3bc2TOKZ2+Uws4602wAp
QmrGwSADa6kWBkUt68esYZyw6w0AKKK5Ohjr+vP6IZ+B3Tf6zSFw9Cuun7znYpsq
+JtsDLe2vD0QhgJ9P5sd9kz30/04MJ6Sfj67udFp/RwDM8VJH2i8OFirnWmAKL58
pds3cVdxRezj1CY9aJ4zA0nyf5MjtRToylbnqYqtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgCSmRa76YKJqdeme8AjDOqGdOtgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcwZGE2YmMyLWU0NjItNDNkMC1hYzcwLWQ0MjdjYzhiMjBlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcP/oAwDQYJKoZIhvcNAQELBQADggEBAIw/l6F5TJIsWQ3g1pxwr5+Fu5iK
WxUNlUWFTQBjGJrPYugx3Svov4RQxRrAa7/mwZK7M8wpJLXPpXkZ/QJ003K+W8HS
QKVZJBb7Yf5lzcQOj98CyzPJ+UgJvF3yFP3Z85SvyoX1kAWpUZkE1rxqiSmpLybq
smIpUrCB3i6dCSKU63x/dwdx8lNvb5wAUsBtJx2ci93TLpoY+re+Or7DrI1BA6KV
ebIqysT1dPigCL+folIO7CKPK6M13dp4B/4fiGnHAmal5+CY4RkhQQ0aMA8yhAzN
Lt7W1rzxRm6gKP24gZeg4ngJXPZkCkwItsHfZycgr+ig5P9SuRF8TdB+PK4=
-----END CERTIFICATE-----