Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/96153943-47a2-4e90-86d0-e9cc82f48310.roa
File:                     96153943-47a2-4e90-86d0-e9cc82f48310.roa (raw, json)
Hash identifier:          +lOhqslgJe5dOuZA2UYWHb8Cg0kazC2adKMHoi3Pfao=
Subject key identifier:   BC:14:9B:81:32:94:E5:7A:81:84:E8:FF:F5:05:96:38:76:D9:4E:15
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0F7F429F0E7D0248E0D8B3085BB69E58DCDB3472
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/96153943-47a2-4e90-86d0-e9cc82f48310.roa
Signing time:             Mon 24 Mar 2025 16:31:05 +0000
ROA not before:           Mon 24 Mar 2025 16:31:05 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.58.0.0/15 maxlen: 15

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:7f:42:9f:0e:7d:02:48:e0:d8:b3:08:5b:b6:9e:58:dc:db:34:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 16:31:05 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=fe59eaff945c84a8d9086a2daf42fa52f5b734e6f5df292ac60f5033d2434ca9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fc:d3:f6:34:0c:68:3e:e9:09:68:28:fb:8d:
                    02:f9:c8:7d:cc:b8:85:09:11:b7:52:54:44:29:08:
                    ad:0a:47:d0:7a:3c:ee:82:1a:a1:4e:b8:39:e9:e5:
                    4d:1a:ba:f2:52:fb:c6:52:ce:27:fa:34:23:ec:de:
                    d7:44:06:91:b8:60:d6:11:75:c6:5d:9c:b7:c4:05:
                    da:13:91:16:81:05:31:1e:85:60:6b:99:0f:c4:78:
                    0b:38:6f:07:b3:4c:0a:57:f0:1a:36:52:f7:3f:b7:
                    5c:f9:f0:34:20:84:ff:4b:2b:4c:81:d1:fe:45:e4:
                    f9:6f:5f:d3:b9:16:7b:38:4a:6e:16:42:77:5e:34:
                    23:bf:5a:40:eb:10:e1:be:44:14:56:d6:5e:8b:10:
                    9c:19:ce:3b:fb:ed:ca:d7:f0:ee:2b:a1:7a:9c:51:
                    60:46:fd:92:12:a4:c7:ba:a3:bb:f9:3f:b1:f9:c1:
                    2a:c9:b6:76:95:b6:de:1a:39:47:18:9b:05:36:f9:
                    7f:58:35:ed:12:15:a7:9d:64:bd:8a:b5:02:56:e0:
                    1e:74:85:4a:0d:71:bf:d3:fd:57:f8:5b:4d:75:f2:
                    4c:a2:72:76:46:d0:64:f6:ae:ef:49:3d:56:a9:26:
                    5f:13:18:a7:99:9b:81:6f:65:e8:46:a1:60:e2:4b:
                    10:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:14:9B:81:32:94:E5:7A:81:84:E8:FF:F5:05:96:38:76:D9:4E:15
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/96153943-47a2-4e90-86d0-e9cc82f48310.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.58.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a8:da:db:34:18:49:c7:12:a1:c5:3b:6c:21:33:a6:d1:74:32:
         ed:19:84:dd:7d:2b:4e:52:fd:b7:19:41:35:16:1e:89:38:bf:
         d0:bf:2e:79:b5:08:ad:36:83:c6:76:54:33:b9:61:0b:27:8d:
         13:66:3d:40:06:84:3e:8e:be:eb:74:b9:17:b9:21:00:3f:f9:
         14:0d:a8:5c:36:36:67:ad:ad:b1:b8:a2:56:ac:fc:fa:29:39:
         fc:3e:a2:53:6a:53:78:1e:65:67:27:a2:95:e5:a1:69:c0:0d:
         41:69:9f:8d:f7:df:45:37:a7:d4:99:53:50:e2:ce:39:3d:05:
         3d:14:7f:6a:98:79:3d:d7:fc:e3:cc:7c:11:ca:e1:07:8a:99:
         7a:d3:62:ef:9e:fe:0e:52:65:4d:27:3a:d9:60:83:50:1b:28:
         71:f5:9a:1c:00:20:1d:6a:1e:80:ef:cd:e3:9b:f7:e8:7c:c9:
         7d:96:9d:62:7d:af:ad:7e:f7:41:37:01:39:df:2f:89:a5:bb:
         05:39:69:3c:95:23:8f:4b:c7:52:bd:26:b2:08:fe:e8:c0:88:
         67:d9:1e:fb:77:41:9f:26:dc:31:ca:d9:f5:78:8b:52:eb:c1:
         68:29:1f:9e:cf:3f:6d:92:95:b5:3f:35:fc:ca:ad:ab:02:2c:
         90:45:1d:ee
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUD39Cnw59Akjg2LMIW7aeWNzbNHIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTYzMTA1WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZTU5ZWFmZjk0NWM4NGE4ZDkwODZhMmRhZjQyZmE1MmY1
YjczNGU2ZjVkZjI5MmFjNjBmNTAzM2QyNDM0Y2E5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD/NP2NAxoPukJaCj7jQL5yH3MuIUJEbdSVEQpCK0KR9B6
PO6CGqFOuDnp5U0auvJS+8ZSzif6NCPs3tdEBpG4YNYRdcZdnLfEBdoTkRaBBTEe
hWBrmQ/EeAs4bwezTApX8Bo2Uvc/t1z58DQghP9LK0yB0f5F5PlvX9O5Fns4Sm4W
QndeNCO/WkDrEOG+RBRW1l6LEJwZzjv77crX8O4roXqcUWBG/ZISpMe6o7v5P7H5
wSrJtnaVtt4aOUcYmwU2+X9YNe0SFaedZL2KtQJW4B50hUoNcb/T/Vf4W0118kyi
cnZG0GT2ru9JPVapJl8TGKeZm4FvZehGoWDiSxD5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvBSbgTKU5XqBhOj/9QWWOHbZThUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk2MTUzOTQzLTQ3YTItNGU5MC04NmQwLWU5Y2M4MmY0ODMxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE0OjANBgkqhkiG9w0BAQsFAAOCAQEAqNrbNBhJxxKhxTtsITOm0XQy7RmE
3X0rTlL9txlBNRYeiTi/0L8uebUIrTaDxnZUM7lhCyeNE2Y9QAaEPo6+63S5F7kh
AD/5FA2oXDY2Z62tsbiiVqz8+ik5/D6iU2pTeB5lZyeileWhacANQWmfjfffRTen
1JlTUOLOOT0FPRR/aph5Pdf848x8EcrhB4qZetNi757+DlJlTSc62WCDUBsocfWa
HAAgHWoegO/N45v36HzJfZadYn2vrX73QTcBOd8viaW7BTlpPJUjj0vHUr0msgj+
6MCIZ9ke+3dBnybcMcrZ9XiLUuvBaCkfns8/bZKVtT81/MqtqwIskEUd7g==
-----END CERTIFICATE-----