Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86b64faf-1f41-4db6-bca6-2dfc5923f01c.roa
File:                     86b64faf-1f41-4db6-bca6-2dfc5923f01c.roa (raw, json)
Hash identifier:          DANSCOyQJC32MQYW90saoXmHyT7l8Iu+M5XgEUtbOp8=
Subject key identifier:   CF:6A:AA:56:9D:82:0D:0C:27:BB:39:74:63:F5:5C:97:FC:5B:36:8F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5A5028479E0C0E5DCC3D04FDA85643C2F399F296
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86b64faf-1f41-4db6-bca6-2dfc5923f01c.roa
Signing time:             Mon 24 Mar 2025 16:50:23 +0000
ROA not before:           Mon 24 Mar 2025 16:50:23 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.203.244.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:50:28:47:9e:0c:0e:5d:cc:3d:04:fd:a8:56:43:c2:f3:99:f2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 16:50:23 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=ae125d0c08ae0883e95f7240588f9735fba21b619335280935d450c13cdea002, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:de:8f:f0:2f:b5:4a:bc:32:34:3b:ef:dc:92:
                    24:bb:85:7f:39:65:ef:46:4d:ab:36:2c:99:aa:5a:
                    35:8b:a0:e2:c1:1a:23:83:51:ab:ba:f5:59:1a:62:
                    50:cd:a5:78:2e:01:55:0a:0c:f6:9f:54:75:5c:0c:
                    5a:2f:de:08:f7:2e:f0:c9:bc:92:84:c3:44:71:2c:
                    4c:43:b5:08:eb:54:40:f0:61:ec:da:66:98:92:67:
                    80:e0:7f:4b:63:1f:46:9a:62:6d:1a:60:68:4a:70:
                    89:1d:46:6b:c0:14:ed:59:08:00:fb:a2:9c:6c:17:
                    b0:13:a0:00:96:47:d2:a9:89:f1:e5:4c:e3:4a:3b:
                    6d:eb:9f:b3:65:81:db:a4:65:db:3f:97:4b:27:5e:
                    9f:fa:c9:cb:61:bb:1c:d8:f4:ff:66:ab:da:2d:f9:
                    da:84:90:9d:e6:78:3c:83:db:ea:7f:68:54:08:45:
                    5e:8c:b5:00:4d:d7:e9:4b:8c:3e:1c:db:e2:2e:18:
                    1b:39:a7:83:07:5e:a5:cc:13:1f:7a:f0:5f:fe:94:
                    54:29:7e:77:e9:8b:5b:e6:30:61:d2:53:d2:e9:12:
                    5c:46:7b:11:63:39:f3:d2:77:47:53:7e:8e:b7:5a:
                    3f:4a:71:7f:be:3c:67:7f:cc:b8:58:09:03:fa:64:
                    5c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6A:AA:56:9D:82:0D:0C:27:BB:39:74:63:F5:5C:97:FC:5B:36:8F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86b64faf-1f41-4db6-bca6-2dfc5923f01c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.203.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:06:08:70:9c:17:9c:b8:8c:a5:0f:66:0b:86:38:d2:61:46:
         28:c9:7d:34:39:fc:be:3d:18:9e:1d:fc:2a:0b:b9:ed:98:b7:
         57:08:03:06:8e:c4:36:3e:30:38:69:76:31:be:63:06:3e:6a:
         d6:90:01:da:39:c6:33:7d:32:27:25:b6:f7:06:26:49:94:a0:
         92:76:cf:86:b6:68:31:1b:04:6e:89:f6:5d:a2:1c:2b:de:67:
         16:e9:6e:d4:c2:bc:19:cb:47:4c:ce:39:1d:c9:94:5e:5f:af:
         1b:38:a2:5f:62:f4:d9:ee:55:7a:7d:69:f6:f3:10:4a:46:dd:
         16:55:be:33:0f:95:bc:15:7b:8e:83:b7:86:e2:f5:4b:a9:b2:
         13:f6:05:0c:03:45:f9:15:66:bc:8f:e0:e1:1a:b7:de:5d:9f:
         cf:8f:05:f3:e1:2a:b4:f3:a7:94:bd:06:69:5a:b8:c2:82:45:
         bc:23:6f:40:5d:a7:02:fb:bb:e1:d0:51:2e:ed:68:82:e7:23:
         1c:9f:a2:46:4c:a7:7d:a1:f9:44:9c:b7:02:5f:ce:37:a3:3c:
         4d:90:b9:04:f2:c6:82:12:11:5c:c7:fe:e6:f6:80:78:2c:1a:
         c3:6c:c7:e5:c0:2f:f6:ad:b1:e2:2c:a5:ad:ce:ec:8a:2e:4e:
         95:8c:07:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWlAoR54MDl3MPQT9qFZDwvOZ8pYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTY1MDIzWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTEyNWQwYzA4YWUwODgzZTk1ZjcyNDA1ODhmOTczNWZi
YTIxYjYxOTMzNTI4MDkzNWQ0NTBjMTNjZGVhMDAyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCo3o/wL7VKvDI0O+/ckiS7hX85Ze9GTas2LJmqWjWLoOLB
GiODUau69VkaYlDNpXguAVUKDPafVHVcDFov3gj3LvDJvJKEw0RxLExDtQjrVEDw
YezaZpiSZ4Dgf0tjH0aaYm0aYGhKcIkdRmvAFO1ZCAD7opxsF7AToACWR9KpifHl
TONKO23rn7NlgdukZds/l0snXp/6ycthuxzY9P9mq9ot+dqEkJ3meDyD2+p/aFQI
RV6MtQBN1+lLjD4c2+IuGBs5p4MHXqXMEx968F/+lFQpfnfpi1vmMGHSU9LpElxG
exFjOfPSd0dTfo63Wj9KcX++PGd/zLhYCQP6ZFy9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz2qqVp2CDQwnuzl0Y/Vcl/xbNo8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg2YjY0ZmFmLTFmNDEtNGRiNi1iY2E2LTJkZmM1OTIzZjAxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI2y/QwDQYJKoZIhvcNAQELBQADggEBAKkGCHCcF5y4jKUPZguGONJhRijJ
fTQ5/L49GJ4d/CoLue2Yt1cIAwaOxDY+MDhpdjG+YwY+ataQAdo5xjN9MicltvcG
JkmUoJJ2z4a2aDEbBG6J9l2iHCveZxbpbtTCvBnLR0zOOR3JlF5frxs4ol9i9Nnu
VXp9afbzEEpG3RZVvjMPlbwVe46Dt4bi9UupshP2BQwDRfkVZryP4OEat95dn8+P
BfPhKrTzp5S9BmlauMKCRbwjb0BdpwL7u+HQUS7taILnIxyfokZMp32h+USctwJf
zjejPE2QuQTyxoISEVzH/ub2gHgsGsNsx+XAL/atseIspa3O7IouTpWMBx8=
-----END CERTIFICATE-----