Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a092f82c-3055-4fdd-916a-baf2fcb56fd3.roa
File:                     a092f82c-3055-4fdd-916a-baf2fcb56fd3.roa (raw, json)
Hash identifier:          nxcJ5O9mmobnkVtsnaK8MIgwuxFOg+gcB7EYeMJYu24=
Subject key identifier:   96:B7:A7:2D:AD:BC:08:E9:CF:A4:4F:49:8C:51:FC:13:4E:AD:56:42
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       52743A5D08F6AB071B63A7D84618FDC8FC62D22E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a092f82c-3055-4fdd-916a-baf2fcb56fd3.roa
Signing time:             Mon 24 Mar 2025 18:50:16 +0000
ROA not before:           Mon 24 Mar 2025 18:50:16 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.80.0/20 maxlen: 20

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:74:3a:5d:08:f6:ab:07:1b:63:a7:d8:46:18:fd:c8:fc:62:d2:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 18:50:16 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=9852a361979a2f8c7f5a8b24113e197b4bbdfdf5873ae98504fb26b60e644933, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c4:59:68:65:0b:6a:65:cb:80:39:85:1e:92:
                    94:01:9e:85:8a:13:40:83:6f:6c:df:de:c1:ba:fa:
                    b2:5d:3c:da:8e:c0:64:b3:8a:77:5f:bb:ba:af:78:
                    23:9c:80:f5:8c:d4:11:a5:5a:89:83:d0:23:53:27:
                    7b:2d:69:0a:c4:16:f1:0a:36:ad:04:af:44:29:83:
                    e3:e6:9f:c8:6c:74:b4:44:94:c1:2e:8c:32:f7:19:
                    f2:a6:10:12:82:3d:25:86:13:77:23:0b:02:87:7d:
                    9e:42:1b:33:21:cd:1c:55:d3:2e:c4:59:65:ac:8c:
                    40:bd:8b:69:cd:78:09:dd:32:00:a7:cd:9b:9f:ee:
                    45:1f:47:85:9e:e5:19:9c:1c:ca:15:3b:d7:d3:f5:
                    88:11:07:d5:45:b4:c0:ae:bb:9b:5a:ec:f3:83:44:
                    21:b3:3a:19:c6:55:ce:15:0b:10:07:92:66:1f:b7:
                    02:ef:09:7a:d7:29:81:ad:b7:80:7a:46:30:f8:ce:
                    ed:6e:8c:66:57:be:b4:7b:ad:87:74:f5:c0:fa:47:
                    df:24:54:08:4e:2e:c1:e3:7f:c5:e9:3e:ae:b5:40:
                    4d:91:d7:31:c7:f3:71:f5:a7:7d:83:82:12:63:f6:
                    d5:e5:5c:73:b0:5d:c5:69:ea:1d:a5:46:ae:f7:67:
                    b3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B7:A7:2D:AD:BC:08:E9:CF:A4:4F:49:8C:51:FC:13:4E:AD:56:42
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a092f82c-3055-4fdd-916a-baf2fcb56fd3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         23:13:9c:2d:e2:e5:41:72:e1:6d:ae:12:b5:56:08:0a:a9:3d:
         a4:78:d5:fd:6b:4c:08:57:2f:1b:cc:6a:3b:5e:5b:3e:af:c2:
         79:99:40:16:17:e0:87:b3:60:85:72:74:f8:ca:f3:85:49:d1:
         5f:60:54:e1:8a:ca:48:e1:72:6f:b8:b7:e3:b6:3a:4b:be:4f:
         62:ca:6a:47:13:86:5e:81:57:f1:b6:73:ba:dc:b3:e6:aa:b9:
         cf:49:ce:f6:4f:fc:da:20:8c:dc:6a:79:ce:e9:17:e4:bf:8d:
         39:c9:95:26:d0:ec:99:9e:06:99:02:c0:43:b1:39:fc:c4:dc:
         9e:2e:09:34:f1:cc:b5:ee:de:27:81:d2:74:58:2c:63:91:e8:
         f1:6e:ff:e7:0c:87:f6:43:a6:3c:0a:37:3c:b7:97:9c:47:47:
         5e:22:18:f4:be:8a:22:46:ea:b8:5d:3d:37:a8:8e:00:0d:d8:
         2c:56:2c:1d:bc:18:65:7b:51:9d:25:eb:92:ce:a5:9e:20:44:
         5d:c2:1a:f0:37:4c:58:00:d1:98:08:f0:8b:e0:d9:4a:59:1b:
         97:0c:fb:6c:c8:d1:eb:f8:bb:1e:a5:ac:0d:18:d4:53:d1:6f:
         48:84:99:5e:71:ae:f9:11:5c:20:24:98:06:00:18:1a:87:83:
         07:10:f0:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUnQ6XQj2qwcbY6fYRhj9yPxi0i4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTg1MDE2WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODUyYTM2MTk3OWEyZjhjN2Y1YThiMjQxMTNlMTk3YjRi
YmRmZGY1ODczYWU5ODUwNGZiMjZiNjBlNjQ0OTMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChxFloZQtqZcuAOYUekpQBnoWKE0CDb2zf3sG6+rJdPNqO
wGSzindfu7qveCOcgPWM1BGlWomD0CNTJ3staQrEFvEKNq0Er0Qpg+Pmn8hsdLRE
lMEujDL3GfKmEBKCPSWGE3cjCwKHfZ5CGzMhzRxV0y7EWWWsjEC9i2nNeAndMgCn
zZuf7kUfR4We5RmcHMoVO9fT9YgRB9VFtMCuu5ta7PODRCGzOhnGVc4VCxAHkmYf
twLvCXrXKYGtt4B6RjD4zu1ujGZXvrR7rYd09cD6R98kVAhOLsHjf8XpPq61QE2R
1zHH83H1p32DghJj9tXlXHOwXcVp6h2lRq73Z7P/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlrenLa28COnPpE9JjFH8E06tVkIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EwOTJmODJjLTMwNTUtNGZkZC05MTZhLWJhZjJmY2I1NmZkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ29VAwDQYJKoZIhvcNAQELBQADggEBACMTnC3i5UFy4W2uErVWCAqpPaR4
1f1rTAhXLxvMajteWz6vwnmZQBYX4IezYIVydPjK84VJ0V9gVOGKykjhcm+4t+O2
Oku+T2LKakcThl6BV/G2c7rcs+aquc9JzvZP/NogjNxqec7pF+S/jTnJlSbQ7Jme
BpkCwEOxOfzE3J4uCTTxzLXu3ieB0nRYLGOR6PFu/+cMh/ZDpjwKNzy3l5xHR14i
GPS+iiJG6rhdPTeojgAN2CxWLB28GGV7UZ0l65LOpZ4gRF3CGvA3TFgA0ZgI8Ivg
2UpZG5cM+2zI0ev4ux6lrA0Y1FPRb0iEmV5xrvkRXCAkmAYAGBqHgwcQ8BQ=
-----END CERTIFICATE-----