Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9db14b78-91c8-4db8-9d24-248f35958ad0.roa
File:                     9db14b78-91c8-4db8-9d24-248f35958ad0.roa (raw, json)
Hash identifier:          GLjY78kemFP+tqrqVIG7SuMD7bNpDSnnikXKN+Zx9NM=
Subject key identifier:   07:76:DF:53:0B:51:FF:52:46:6F:50:D4:29:70:E3:98:EA:8A:56:5F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       70725875C29E4855B8E5955BF13F2A6A8CDBABDC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9db14b78-91c8-4db8-9d24-248f35958ad0.roa
Signing time:             Fri 28 Mar 2025 18:11:41 +0000
ROA not before:           Fri 28 Mar 2025 18:11:41 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.94.192.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:72:58:75:c2:9e:48:55:b8:e5:95:5b:f1:3f:2a:6a:8c:db:ab:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 28 18:11:41 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=dc6b585051858eefbb498e02018790c641be534725d544fbfbdd12db5d672632, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:42:a7:d6:f9:02:2d:48:ef:42:e4:af:0b:69:
                    6c:8e:79:76:83:15:78:fc:f8:34:35:71:7f:96:a7:
                    6f:e6:cc:3d:ee:ab:25:d1:8e:87:34:fe:3e:b6:3d:
                    c9:b7:d0:84:81:78:75:f2:36:20:f7:f6:ed:4d:4a:
                    d9:46:4a:93:a4:b3:a8:03:be:a3:41:63:37:c6:8e:
                    72:88:93:f4:f7:22:3a:5e:ef:8d:69:fd:83:f1:47:
                    b6:8c:b1:aa:60:23:07:2d:8e:7f:8f:b0:91:f6:bb:
                    f6:f3:fd:f2:d5:99:df:5c:c6:77:39:57:3a:dc:53:
                    3a:89:1d:4e:91:b7:59:1d:0c:08:b2:fa:50:49:35:
                    d4:e9:92:77:b5:ce:d1:e8:19:fb:a0:fd:c3:87:52:
                    53:aa:52:4d:a5:4b:30:19:e4:4f:b5:a1:00:7c:5e:
                    a8:c2:65:e9:a7:fe:b6:d6:bb:02:ed:c0:c4:e4:db:
                    db:eb:03:9d:09:bd:4c:32:bd:e5:86:a8:9c:df:e3:
                    c3:c4:4a:b0:d9:63:4a:8b:b0:09:8b:5f:41:46:85:
                    db:d8:0a:6c:c0:0e:cd:82:9e:3f:1a:57:f8:d5:75:
                    13:c4:59:18:ac:dc:3d:b5:5d:a1:1a:8a:3d:83:05:
                    b7:24:8e:6e:97:b5:d0:98:fe:af:48:be:1f:68:9d:
                    f5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:76:DF:53:0B:51:FF:52:46:6F:50:D4:29:70:E3:98:EA:8A:56:5F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9db14b78-91c8-4db8-9d24-248f35958ad0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:22:6e:ae:c7:60:10:ad:3a:3f:0e:a1:b0:d5:be:a5:a3:6d:
         dd:29:4d:a1:df:a6:d2:8c:47:3f:9b:c1:73:db:8b:4b:fb:54:
         7c:74:52:29:65:79:c7:1e:ee:43:98:c4:81:36:50:7a:5b:b0:
         2c:a0:81:ce:bf:4c:05:25:e0:e4:2c:97:1c:0b:e1:6c:02:b6:
         67:ab:68:40:1d:89:fe:4b:9b:c4:fb:46:f1:83:5a:24:16:44:
         22:8f:62:bd:d2:93:13:4b:6a:02:c1:bd:ca:5b:18:78:c5:a4:
         36:22:05:99:9a:3f:07:0f:bf:f5:8c:be:df:da:40:ba:f4:f3:
         5b:40:f5:38:55:a6:f7:86:0b:d9:0a:c3:5b:fc:f4:f6:87:f6:
         35:36:ee:67:27:94:dd:f4:21:7d:05:3c:f6:16:2d:09:cb:9e:
         06:f1:c4:92:c0:72:00:07:af:d5:f4:59:40:c8:9e:81:dd:ae:
         b7:9b:76:3e:e2:b4:12:f5:bf:84:d8:95:3d:4e:65:e8:ad:c1:
         0b:0e:24:c8:d2:9c:02:3d:48:b4:d7:04:9f:23:ca:f1:1c:f8:
         f2:45:76:bd:8b:b5:32:b9:8b:21:4f:1c:ca:c9:74:65:f6:74:
         5d:df:eb:5e:5e:91:8e:55:0e:00:5f:31:0a:2c:9e:ad:a4:57:
         08:b0:d8:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcHJYdcKeSFW45ZVb8T8qaozbq9wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI4MTgxMTQxWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzZiNTg1MDUxODU4ZWVmYmI0OThlMDIwMTg3OTBjNjQx
YmU1MzQ3MjVkNTQ0ZmJmYmRkMTJkYjVkNjcyNjMyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVQqfW+QItSO9C5K8LaWyOeXaDFXj8+DQ1cX+Wp2/mzD3u
qyXRjoc0/j62Pcm30ISBeHXyNiD39u1NStlGSpOks6gDvqNBYzfGjnKIk/T3Ijpe
741p/YPxR7aMsapgIwctjn+PsJH2u/bz/fLVmd9cxnc5VzrcUzqJHU6Rt1kdDAiy
+lBJNdTpkne1ztHoGfug/cOHUlOqUk2lSzAZ5E+1oQB8XqjCZemn/rbWuwLtwMTk
29vrA50JvUwyveWGqJzf48PESrDZY0qLsAmLX0FGhdvYCmzADs2Cnj8aV/jVdRPE
WRis3D21XaEaij2DBbckjm6XtdCY/q9Ivh9onfV3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUB3bfUwtR/1JGb1DUKXDjmOqKVl8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlkYjE0Yjc4LTkxYzgtNGRiOC05ZDI0LTI0OGYzNTk1OGFkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0XsAwDQYJKoZIhvcNAQELBQADggEBAAMibq7HYBCtOj8OobDVvqWjbd0p
TaHfptKMRz+bwXPbi0v7VHx0Uillecce7kOYxIE2UHpbsCyggc6/TAUl4OQslxwL
4WwCtmeraEAdif5Lm8T7RvGDWiQWRCKPYr3SkxNLagLBvcpbGHjFpDYiBZmaPwcP
v/WMvt/aQLr081tA9ThVpveGC9kKw1v89PaH9jU27mcnlN30IX0FPPYWLQnLngbx
xJLAcgAHr9X0WUDInoHdrrebdj7itBL1v4TYlT1OZeitwQsOJMjSnAI9SLTXBJ8j
yvEc+PJFdr2LtTK5iyFPHMrJdGX2dF3f615ekY5VDgBfMQosnq2kVwiw2HI=
-----END CERTIFICATE-----