Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a65cf723-c70a-4002-b651-326842f3c5a9.roa
File:                     a65cf723-c70a-4002-b651-326842f3c5a9.roa (raw, json)
Hash identifier:          PFiveVvNRVcQval5L3sp1JluYJl6S/yuKhzslwgBgqE=
Subject key identifier:   2C:9D:FA:FE:F6:7A:CA:45:A9:DA:8C:12:72:60:C7:AF:00:7E:85:26
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       33322922F5F99047A14BCB327A7709608E426061
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a65cf723-c70a-4002-b651-326842f3c5a9.roa
Signing time:             Mon 31 Mar 2025 17:00:52 +0000
ROA not before:           Mon 31 Mar 2025 17:00:52 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.244.1.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:32:29:22:f5:f9:90:47:a1:4b:cb:32:7a:77:09:60:8e:42:60:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 17:00:52 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=bdd297d60d3d603afacd5404b74bc7986357f110e8c750f485a2c35413d4b346, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:62:bf:4f:dc:c5:7f:6b:7d:19:4e:71:49:c1:
                    10:e1:8a:b6:d0:c2:75:07:ce:22:9b:3b:f5:1c:01:
                    59:85:ed:03:87:0e:a7:b8:b2:b5:8d:00:c1:7f:f6:
                    d6:2a:2c:dc:3a:a9:85:bc:e8:00:73:e9:ff:96:f3:
                    cf:f2:a9:66:b3:5b:2b:57:34:26:f8:99:4f:de:1d:
                    d7:f3:5b:1b:6f:7e:bf:bc:e0:88:c9:97:d3:80:b4:
                    df:5e:7c:35:25:1c:58:18:68:cd:64:03:3d:02:ae:
                    6b:5f:0a:b3:59:9f:9e:88:22:e9:34:9b:c1:e0:76:
                    f3:4a:62:da:91:bb:3f:c4:f2:fd:6d:b3:71:af:6d:
                    a7:6b:d1:c3:fe:e7:fa:a2:fd:a5:b8:4b:7b:bf:95:
                    71:6b:da:88:09:34:48:5a:6d:c0:f9:81:60:ce:a2:
                    a2:60:aa:7f:d9:d2:fc:eb:3c:44:03:8b:af:e1:7c:
                    3a:b7:95:0d:42:4b:fc:0e:0f:43:b6:ca:18:91:c3:
                    ed:cb:2d:62:33:81:a4:19:a3:fb:26:4b:cd:4e:65:
                    67:3c:1e:06:6a:2a:61:4b:cf:bd:30:51:92:51:1c:
                    14:04:ae:e0:f0:42:ff:50:69:51:14:15:63:3d:57:
                    91:48:95:b9:ba:7d:d8:0b:9a:0f:11:6d:63:19:db:
                    4b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:9D:FA:FE:F6:7A:CA:45:A9:DA:8C:12:72:60:C7:AF:00:7E:85:26
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a65cf723-c70a-4002-b651-326842f3c5a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.244.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:6f:6b:f6:61:82:b6:e1:ff:c6:34:8e:b1:4d:15:80:53:42:
         7e:6b:88:76:ee:51:72:dc:94:23:54:b2:21:d4:01:0a:17:1c:
         08:14:5c:34:34:b0:0f:5b:04:17:0e:95:09:f2:ad:3f:c8:78:
         99:a5:72:f8:c8:7f:ad:bb:bb:42:9d:0a:6a:86:65:40:fd:3e:
         a3:e0:e0:2c:c0:9a:6c:15:65:b8:7b:ed:ad:d6:86:b9:c8:10:
         92:77:0d:29:28:e8:44:aa:fd:fc:89:b8:ab:cb:45:02:33:69:
         6d:73:ce:25:4c:85:0c:7c:5d:4e:55:bc:3e:27:3a:81:70:b4:
         a9:23:e6:d6:5c:d9:9b:09:ad:4b:d7:08:68:12:ee:64:2f:51:
         b0:dd:58:6f:9c:42:37:ea:fe:ea:1f:c6:5f:e4:11:34:eb:83:
         00:09:81:a2:f6:05:6b:e2:e3:28:26:08:8c:74:27:9f:21:f8:
         a7:0e:23:f8:81:36:e7:de:80:0b:c5:bc:9c:07:42:ef:a2:b5:
         1c:c2:c3:a9:a4:88:f1:1e:d4:05:32:9a:59:6a:53:9f:d5:a0:
         21:ab:4e:96:9f:ba:d0:2d:75:43:6b:2f:2c:e7:48:5b:27:2b:
         d8:2d:f1:98:77:6a:8b:90:0e:49:76:7c:e8:28:d7:cd:6c:ae:
         0d:da:36:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMzIpIvX5kEehS8syencJYI5CYGEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTcwMDUyWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZGQyOTdkNjBkM2Q2MDNhZmFjZDU0MDRiNzRiYzc5ODYz
NTdmMTEwZThjNzUwZjQ4NWEyYzM1NDEzZDRiMzQ2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTYr9P3MV/a30ZTnFJwRDhirbQwnUHziKbO/UcAVmF7QOH
Dqe4srWNAMF/9tYqLNw6qYW86ABz6f+W88/yqWazWytXNCb4mU/eHdfzWxtvfr+8
4IjJl9OAtN9efDUlHFgYaM1kAz0CrmtfCrNZn56IIuk0m8HgdvNKYtqRuz/E8v1t
s3Gvbadr0cP+5/qi/aW4S3u/lXFr2ogJNEhabcD5gWDOoqJgqn/Z0vzrPEQDi6/h
fDq3lQ1CS/wOD0O2yhiRw+3LLWIzgaQZo/smS81OZWc8HgZqKmFLz70wUZJRHBQE
ruDwQv9QaVEUFWM9V5FIlbm6fdgLmg8RbWMZ20uVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULJ36/vZ6ykWp2owScmDHrwB+hSYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E2NWNmNzIzLWM3MGEtNDAwMi1iNjUxLTMyNjg0MmYzYzVhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN9AEwDQYJKoZIhvcNAQELBQADggEBAB5va/Zhgrbh/8Y0jrFNFYBTQn5r
iHbuUXLclCNUsiHUAQoXHAgUXDQ0sA9bBBcOlQnyrT/IeJmlcvjIf627u0KdCmqG
ZUD9PqPg4CzAmmwVZbh77a3WhrnIEJJ3DSko6ESq/fyJuKvLRQIzaW1zziVMhQx8
XU5VvD4nOoFwtKkj5tZc2ZsJrUvXCGgS7mQvUbDdWG+cQjfq/uofxl/kETTrgwAJ
gaL2BWvi4ygmCIx0J58h+KcOI/iBNufegAvFvJwHQu+itRzCw6mkiPEe1AUymllq
U5/VoCGrTpafutAtdUNrLyznSFsnK9gt8Zh3aouQDkl2fOgo181srg3aNnA=
-----END CERTIFICATE-----