Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ad9eba0-b2ba-4340-9e95-cadc0ec6c378.roa
File:                     9ad9eba0-b2ba-4340-9e95-cadc0ec6c378.roa (raw, json)
Hash identifier:          Z8BzreHpFrd7mYFUkz6W+fTDJHMPF97TvAOvzx3lYlU=
Subject key identifier:   B8:0E:F7:58:9E:46:82:7F:92:1D:2C:1F:36:44:EC:99:34:F7:F0:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       723ACFB3E72A3F6916ED640F34D0FCB13B315FE0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ad9eba0-b2ba-4340-9e95-cadc0ec6c378.roa
Signing time:             Mon 24 Mar 2025 16:21:03 +0000
ROA not before:           Mon 24 Mar 2025 16:21:03 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.157.0.0/18 maxlen: 18

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:3a:cf:b3:e7:2a:3f:69:16:ed:64:0f:34:d0:fc:b1:3b:31:5f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 16:21:03 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=8c8ec3115894add9c4ac399ad0897b2111af2f5b8daeb2290109c796998f823f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:73:b5:e7:f2:73:bc:85:28:e2:c6:c6:13:59:
                    f2:c7:2b:fd:bf:5a:6e:61:ee:a4:c9:cc:55:94:26:
                    8e:83:9a:10:ec:24:a1:a8:d3:12:82:b9:f3:28:28:
                    66:a8:1a:41:27:d3:4f:03:b3:e3:e6:ae:d2:f3:b0:
                    d0:71:53:d2:51:d6:17:3e:d3:4a:6b:d4:61:76:35:
                    ac:c1:34:46:1f:4a:78:96:c0:03:24:0b:96:f8:bf:
                    33:37:58:f6:b9:9a:46:b2:23:27:b6:b1:56:40:c0:
                    64:a2:45:54:3c:1e:35:3b:54:90:6a:16:c2:b5:28:
                    15:b5:d4:42:c3:8e:29:c4:c5:e8:5c:e9:9c:48:12:
                    36:ba:ed:ca:29:eb:64:f9:d2:82:c7:88:06:0c:74:
                    3f:9a:71:a3:b7:94:7f:d9:b3:9e:96:5d:77:db:0f:
                    bb:2b:53:d6:93:db:d9:38:6c:5b:fd:62:cf:e2:77:
                    29:37:81:1b:b8:8c:cf:be:46:7a:0a:1f:94:5a:91:
                    6a:cc:41:8a:fd:31:cd:47:ac:06:51:be:62:65:4f:
                    e5:21:12:5d:0e:28:61:59:6f:5c:7f:73:0d:47:d0:
                    32:c3:19:8b:64:33:29:73:13:43:b2:e6:b2:69:40:
                    14:25:57:a5:2a:25:3a:f7:cd:95:a4:36:c3:f4:03:
                    cc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:0E:F7:58:9E:46:82:7F:92:1D:2C:1F:36:44:EC:99:34:F7:F0:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ad9eba0-b2ba-4340-9e95-cadc0ec6c378.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.157.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         86:82:80:4d:28:3e:88:0c:f0:06:c3:5a:fd:4d:55:f2:97:3f:
         1b:76:38:a1:d5:0a:f9:ce:67:ae:5d:0d:af:c1:b4:4d:5f:2a:
         e8:d2:10:7c:3d:5f:f7:65:71:05:63:a3:c6:e3:24:6f:1a:a2:
         f2:0e:2a:05:7f:58:58:34:65:cb:01:28:dc:0c:02:ef:8e:5c:
         82:b5:60:de:23:70:8f:ad:94:51:36:ee:7f:ca:70:3d:9c:e7:
         73:f9:c3:10:13:cc:1c:85:74:6b:36:97:16:e0:79:54:ac:69:
         09:28:7b:1c:9b:81:c6:d4:a0:aa:9a:97:ee:84:fd:47:33:71:
         ee:9e:a1:23:0a:94:00:bb:76:3b:12:59:27:2c:b9:da:4d:90:
         51:80:88:2b:ab:c6:9e:f2:16:37:62:b7:81:ef:da:44:b0:a0:
         95:5e:c0:b7:7a:36:81:87:70:9b:f6:49:e4:98:5d:61:c3:22:
         9e:49:db:83:f6:19:8a:01:79:69:b1:bb:e8:97:f4:f6:30:ab:
         96:93:fb:0b:71:43:c9:44:c0:4d:36:16:4c:f4:4a:dd:a3:6c:
         6a:f7:b2:c0:99:2c:24:20:2c:44:60:69:c5:c2:2b:31:f1:38:
         a2:d0:05:b8:96:ec:a8:3f:3d:51:84:aa:b9:cc:b9:31:8c:ce:
         be:1d:de:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcjrPs+cqP2kW7WQPNND8sTsxX+AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTYyMTAzWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzhlYzMxMTU4OTRhZGQ5YzRhYzM5OWFkMDg5N2IyMTEx
YWYyZjViOGRhZWIyMjkwMTA5Yzc5Njk5OGY4MjNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCac7Xn8nO8hSjixsYTWfLHK/2/Wm5h7qTJzFWUJo6DmhDs
JKGo0xKCufMoKGaoGkEn008Ds+PmrtLzsNBxU9JR1hc+00pr1GF2NazBNEYfSniW
wAMkC5b4vzM3WPa5mkayIye2sVZAwGSiRVQ8HjU7VJBqFsK1KBW11ELDjinExehc
6ZxIEja67cop62T50oLHiAYMdD+acaO3lH/Zs56WXXfbD7srU9aT29k4bFv9Ys/i
dyk3gRu4jM++RnoKH5RakWrMQYr9Mc1HrAZRvmJlT+UhEl0OKGFZb1x/cw1H0DLD
GYtkMylzE0Oy5rJpQBQlV6UqJTr3zZWkNsP0A8zzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuA73WJ5Ggn+SHSwfNkTsmTT38NUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlhZDllYmEwLWIyYmEtNDM0MC05ZTk1LWNhZGMwZWM2YzM3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2nQAwDQYJKoZIhvcNAQELBQADggEBAIaCgE0oPogM8AbDWv1NVfKXPxt2
OKHVCvnOZ65dDa/BtE1fKujSEHw9X/dlcQVjo8bjJG8aovIOKgV/WFg0ZcsBKNwM
Au+OXIK1YN4jcI+tlFE27n/KcD2c53P5wxATzByFdGs2lxbgeVSsaQkoexybgcbU
oKqal+6E/Uczce6eoSMKlAC7djsSWScsudpNkFGAiCurxp7yFjdit4Hv2kSwoJVe
wLd6NoGHcJv2SeSYXWHDIp5J24P2GYoBeWmxu+iX9PYwq5aT+wtxQ8lEwE02Fkz0
St2jbGr3ssCZLCQgLERgacXCKzHxOKLQBbiW7Kg/PVGEqrnMuTGMzr4d3q8=
-----END CERTIFICATE-----