Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/814f80c2-5037-4612-86b2-2fb89a950848.roa
File:                     814f80c2-5037-4612-86b2-2fb89a950848.roa (raw, json)
Hash identifier:          n1y75r75wI2ngMmcO3SKLq9OhT3xaTe/YeJW/FwShiE=
Subject key identifier:   CA:EC:D8:26:39:4C:72:AA:26:CF:B8:8B:16:49:E3:97:5B:F1:2C:7E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4FA4DF47B05E5EEF53881022598EDE10BF4A569F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/814f80c2-5037-4612-86b2-2fb89a950848.roa
Signing time:             Tue 08 Apr 2025 15:00:53 +0000
ROA not before:           Tue 08 Apr 2025 15:00:53 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        3.2.51.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:a4:df:47:b0:5e:5e:ef:53:88:10:22:59:8e:de:10:bf:4a:56:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  8 15:00:53 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=a89dd2e5d6df3b8ab0db4dd26550687dde3e52db19b8190d4c0f19fd06d7bc44, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d1:79:6e:f1:d9:4f:9b:9e:4a:95:f7:71:a4:
                    98:bb:01:ee:b5:3e:25:dc:6e:26:6f:68:5b:55:86:
                    53:a1:f0:91:12:79:e3:65:2f:e8:58:2f:f3:a6:38:
                    6f:e2:4c:91:27:80:e1:c0:e9:5d:06:ca:c9:df:b7:
                    e2:60:d4:f0:e2:91:31:76:72:4a:6d:db:c6:a4:dc:
                    8c:d2:7b:0c:1c:6b:57:2c:b0:06:e9:38:5e:bc:59:
                    4e:aa:24:1c:95:74:94:ac:00:cc:fe:85:4d:cd:c2:
                    b1:7a:af:67:07:c0:34:51:a9:5b:44:5b:61:99:ca:
                    81:a5:0c:57:ef:10:87:b1:15:2d:5b:c0:cb:0e:73:
                    45:d3:ae:78:fa:2a:36:2a:e6:75:6c:8b:6b:68:88:
                    4f:c6:08:2e:7e:41:48:9a:13:44:4c:7b:13:b3:63:
                    cb:cc:21:0f:76:25:16:07:f1:55:cf:42:74:4a:dd:
                    46:eb:dc:3b:9b:7e:44:69:f1:4a:78:17:26:50:9d:
                    de:99:6f:d2:9a:45:9d:1b:37:08:6e:83:44:09:be:
                    f3:3f:60:12:90:cd:35:10:dc:33:35:05:9b:3c:e4:
                    65:ac:15:55:c0:0e:cf:ff:9b:05:1a:d1:04:45:99:
                    66:47:61:33:b3:1e:a0:9a:7a:64:a2:44:f5:65:84:
                    94:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EC:D8:26:39:4C:72:AA:26:CF:B8:8B:16:49:E3:97:5B:F1:2C:7E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/814f80c2-5037-4612-86b2-2fb89a950848.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:a0:40:ac:c2:dc:47:c3:75:0a:2b:9c:b1:ff:27:9c:dc:f1:
         cc:d8:d3:6d:c6:3e:0d:73:44:51:95:00:2f:96:b5:be:ef:a9:
         d3:13:0a:06:8c:cf:9c:01:99:e0:9f:f6:a5:6d:c5:6b:0e:52:
         b8:43:cf:9c:0d:c2:64:63:aa:e7:31:2a:ee:c6:19:22:12:7a:
         a4:7c:a8:9e:24:78:15:9b:ca:93:b2:52:2e:8e:04:15:93:e1:
         f7:c8:9e:4f:41:80:4e:3a:ad:3d:79:47:d6:af:f0:f2:34:be:
         38:0e:3a:b1:3f:5c:e3:e2:47:05:a1:0d:ac:26:e2:30:f6:4b:
         4c:40:7a:98:10:6c:40:35:d3:cc:b1:a2:27:f1:3b:cf:ff:da:
         0c:9d:5c:18:45:8b:db:e6:d0:fd:ca:1d:6c:ac:7a:c1:6c:1a:
         ee:96:cb:51:9a:4c:97:f7:1c:19:65:fc:02:5f:74:54:9f:6a:
         f0:74:60:1e:80:4d:e9:48:03:77:1f:63:11:f9:33:b8:f9:cf:
         29:c2:b8:e1:42:8b:5f:dd:fe:1f:fd:7e:d3:62:4a:8e:ff:3c:
         11:81:e3:8f:9b:1c:31:84:0e:cc:43:98:89:88:76:01:82:ce:
         61:49:5f:0d:3b:55:cb:32:e3:67:db:7d:1a:ae:c6:2b:00:00:
         6f:5a:83:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT6TfR7BeXu9TiBAiWY7eEL9KVp8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDA4MTUwMDUzWhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhODlkZDJlNWQ2ZGYzYjhhYjBkYjRkZDI2NTUwNjg3ZGRl
M2U1MmRiMTliODE5MGQ0YzBmMTlmZDA2ZDdiYzQ0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDX0Xlu8dlPm55KlfdxpJi7Ae61PiXcbiZvaFtVhlOh8JES
eeNlL+hYL/OmOG/iTJEngOHA6V0Gysnft+Jg1PDikTF2ckpt28ak3IzSewwca1cs
sAbpOF68WU6qJByVdJSsAMz+hU3NwrF6r2cHwDRRqVtEW2GZyoGlDFfvEIexFS1b
wMsOc0XTrnj6KjYq5nVsi2toiE/GCC5+QUiaE0RMexOzY8vMIQ92JRYH8VXPQnRK
3Ubr3DubfkRp8Up4FyZQnd6Zb9KaRZ0bNwhug0QJvvM/YBKQzTUQ3DM1BZs85GWs
FVXADs//mwUa0QRFmWZHYTOzHqCaemSiRPVlhJRhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyuzYJjlMcqomz7iLFknjl1vxLH4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgxNGY4MGMyLTUwMzctNDYxMi04NmIyLTJmYjg5YTk1MDg0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAjMwDQYJKoZIhvcNAQELBQADggEBAKCgQKzC3EfDdQornLH/J5zc8czY
023GPg1zRFGVAC+Wtb7vqdMTCgaMz5wBmeCf9qVtxWsOUrhDz5wNwmRjqucxKu7G
GSISeqR8qJ4keBWbypOyUi6OBBWT4ffInk9BgE46rT15R9av8PI0vjgOOrE/XOPi
RwWhDawm4jD2S0xAepgQbEA108yxoifxO8//2gydXBhFi9vm0P3KHWysesFsGu6W
y1GaTJf3HBll/AJfdFSfavB0YB6ATelIA3cfYxH5M7j5zynCuOFCi1/d/h/9ftNi
So7/PBGB44+bHDGEDsxDmImIdgGCzmFJXw07Vcsy42fbfRquxisAAG9ag7c=
-----END CERTIFICATE-----