Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8072912d-03d4-4bf8-97f0-794c9732d554.roa
File:                     8072912d-03d4-4bf8-97f0-794c9732d554.roa (raw, json)
Hash identifier:          azC2jTbIG59yNzAS9U1Q3a0k8B3TWT6RM1JsV2rs7hs=
Subject key identifier:   98:B4:69:56:7F:DB:13:B6:42:67:83:60:47:51:51:66:F1:BC:12:6E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       020F06163D6221FE8BDD9563F6551B197427C209
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8072912d-03d4-4bf8-97f0-794c9732d554.roa
Signing time:             Fri 28 Mar 2025 17:40:54 +0000
ROA not before:           Fri 28 Mar 2025 17:40:54 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.230.206.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:0f:06:16:3d:62:21:fe:8b:dd:95:63:f6:55:1b:19:74:27:c2:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 28 17:40:54 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=66887bb503cd8e52b30b32e3f91c7f809af68a812eb32496e610b3823578cc08, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6e:76:0b:ea:2d:f6:51:d6:97:b1:e7:3c:c1:
                    f5:ee:49:76:8a:2b:58:0b:d9:08:eb:97:48:7a:1e:
                    10:4c:71:36:fd:16:09:4f:d3:e2:a9:7c:fb:48:75:
                    a1:9e:87:47:1b:c5:87:9a:29:b3:d2:99:49:c7:0f:
                    b0:52:c7:15:f3:03:8b:88:3b:ec:f2:59:03:9f:58:
                    c3:8d:48:f4:c8:7b:06:e0:12:3b:3e:7f:54:94:0a:
                    cc:00:e3:51:93:c3:ec:fb:aa:7a:d7:49:1a:5f:2b:
                    19:2b:ba:5b:a2:8f:bf:e2:03:c7:0a:f5:f9:9e:9b:
                    cd:78:5a:95:82:b8:6a:14:e0:ca:f7:e7:a2:3a:01:
                    9e:e3:f0:b2:27:a0:3e:b4:f9:63:c7:b4:81:e5:48:
                    e8:36:f3:68:4f:e6:98:a5:f9:7b:36:c1:a5:24:66:
                    38:1a:47:14:de:1d:df:05:53:44:6f:9f:49:25:c4:
                    78:1d:1d:85:02:e1:72:da:d6:61:74:24:d0:9c:fe:
                    43:1e:94:6c:69:e8:6d:0e:08:8e:28:5d:4a:50:a7:
                    3b:39:b2:55:7b:e5:26:b0:4c:05:68:22:8d:b4:90:
                    31:1c:cd:7a:ee:c8:93:02:2a:42:1c:47:06:49:82:
                    9d:e8:95:d3:70:60:7d:19:c0:82:21:e4:c0:8d:86:
                    15:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:B4:69:56:7F:DB:13:B6:42:67:83:60:47:51:51:66:F1:BC:12:6E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8072912d-03d4-4bf8-97f0-794c9732d554.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:ed:20:18:84:81:71:82:88:77:21:4c:12:cf:77:af:0d:2f:
         86:5c:69:5a:0a:2c:f1:4f:70:2c:a3:2e:fa:7d:4e:a9:04:55:
         ee:9b:ef:b1:e2:4f:4a:0f:54:e5:e5:41:8c:3d:ab:87:c0:1b:
         31:a1:30:59:e4:90:46:c3:57:b0:00:9c:b0:6a:ca:65:f0:6c:
         10:b5:31:cd:7e:24:0b:f1:35:be:c2:af:c1:3f:f7:c6:f7:da:
         fd:af:b5:0a:96:3f:5a:b7:25:8a:fe:cc:c7:e3:3e:07:05:7d:
         df:89:cd:00:d3:11:22:06:69:f4:f9:e3:94:ec:31:2b:84:11:
         47:93:7b:0a:dc:0c:a1:59:f5:c7:d1:5d:2e:fe:37:ff:25:fb:
         1f:78:bd:01:45:d3:15:a4:55:cd:26:c8:8b:1b:86:68:f5:84:
         06:ea:97:32:25:2f:6f:60:35:45:0b:5d:16:3f:74:11:81:28:
         15:b8:a7:d8:96:bc:00:62:91:12:a0:fc:76:36:9c:57:ba:e5:
         34:86:66:fc:22:d3:8d:a9:ad:4e:00:cd:e1:3c:68:93:13:13:
         56:21:fe:d8:c5:d5:d8:67:00:38:43:c3:bf:e9:d5:de:a6:ba:
         a8:36:fd:67:e7:ce:99:d2:d9:f0:65:26:a1:a5:d2:f7:93:18:
         20:a9:8c:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAg8GFj1iIf6L3ZVj9lUbGXQnwgkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI4MTc0MDU0WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2Njg4N2JiNTAzY2Q4ZTUyYjMwYjMyZTNmOTFjN2Y4MDlh
ZjY4YTgxMmViMzI0OTZlNjEwYjM4MjM1NzhjYzA4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNbnYL6i32UdaXsec8wfXuSXaKK1gL2Qjrl0h6HhBMcTb9
FglP0+KpfPtIdaGeh0cbxYeaKbPSmUnHD7BSxxXzA4uIO+zyWQOfWMONSPTIewbg
Ejs+f1SUCswA41GTw+z7qnrXSRpfKxkruluij7/iA8cK9fmem814WpWCuGoU4Mr3
56I6AZ7j8LInoD60+WPHtIHlSOg282hP5pil+Xs2waUkZjgaRxTeHd8FU0Rvn0kl
xHgdHYUC4XLa1mF0JNCc/kMelGxp6G0OCI4oXUpQpzs5slV75SawTAVoIo20kDEc
zXruyJMCKkIcRwZJgp3oldNwYH0ZwIIh5MCNhhWFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmLRpVn/bE7ZCZ4NgR1FRZvG8Em4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgwNzI5MTJkLTAzZDQtNGJmOC05N2YwLTc5NGM5NzMyZDU1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5s4wDQYJKoZIhvcNAQELBQADggEBAFrtIBiEgXGCiHchTBLPd68NL4Zc
aVoKLPFPcCyjLvp9TqkEVe6b77HiT0oPVOXlQYw9q4fAGzGhMFnkkEbDV7AAnLBq
ymXwbBC1Mc1+JAvxNb7Cr8E/98b32v2vtQqWP1q3JYr+zMfjPgcFfd+JzQDTESIG
afT545TsMSuEEUeTewrcDKFZ9cfRXS7+N/8l+x94vQFF0xWkVc0myIsbhmj1hAbq
lzIlL29gNUULXRY/dBGBKBW4p9iWvABikRKg/HY2nFe65TSGZvwi042prU4AzeE8
aJMTE1Yh/tjF1dhnADhDw7/p1d6muqg2/WfnzpnS2fBlJqGl0veTGCCpjFY=
-----END CERTIFICATE-----