Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8261ac7-fa13-4c2b-9215-83b6a9452681.roa
File:                     a8261ac7-fa13-4c2b-9215-83b6a9452681.roa (raw, json)
Hash identifier:          e8PGScKeMNL8bBcXhOCiZLZW1MfxnNNmJSxQi1N1vzU=
Subject key identifier:   97:7A:52:36:89:90:7A:33:F8:72:3E:1D:25:92:FA:46:66:F2:7D:DD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       67B062A2DD6D1962A797A461CFC813E8C632B96B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8261ac7-fa13-4c2b-9215-83b6a9452681.roa
Signing time:             Mon 24 Mar 2025 16:21:31 +0000
ROA not before:           Mon 24 Mar 2025 16:21:31 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.157.72.0/21 maxlen: 21

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:b0:62:a2:dd:6d:19:62:a7:97:a4:61:cf:c8:13:e8:c6:32:b9:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 16:21:31 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=1c146540217d12768a1899f5a2ae0d843cd4a8092847a5fe193cf964acb5f1f3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0b:e6:64:7d:57:59:73:04:e0:ff:38:03:81:
                    91:30:bb:15:5b:a3:7f:2f:04:23:cc:05:8c:d4:fe:
                    a0:77:89:e9:73:21:be:47:a6:80:21:7b:99:d1:fe:
                    fc:f5:4a:f8:f2:6c:b5:b7:bf:07:6f:f1:d4:7c:79:
                    45:55:e5:3a:2b:1e:09:32:fe:07:77:08:3c:ba:7e:
                    19:2a:09:5c:b5:64:4c:4a:b4:1c:57:42:20:b4:3e:
                    83:67:24:e7:04:ed:ca:6d:ee:da:5e:18:1c:dc:1c:
                    91:be:c0:b8:28:4a:fb:25:b5:35:17:ee:46:60:14:
                    c7:27:c9:92:21:03:98:f9:14:38:d3:e7:45:38:a0:
                    9c:a4:c3:d1:30:1d:8f:3c:83:a6:b6:6e:da:92:97:
                    cd:51:ab:37:c7:a2:a5:97:c9:80:f0:1d:2c:b2:1e:
                    86:75:0d:3a:11:9c:97:55:bd:ac:13:18:fa:f9:c7:
                    2e:bd:e9:82:70:dd:f1:a2:89:19:38:6c:14:4c:46:
                    9e:99:59:74:91:c5:0c:86:36:53:bf:ef:34:0b:c9:
                    19:6a:6c:e8:58:e2:b7:6e:a8:31:f0:a0:b9:d6:53:
                    be:7d:14:e9:68:19:d3:e8:2b:b5:43:47:2c:2b:aa:
                    f7:11:c9:06:aa:09:1c:01:99:ee:49:c9:56:f8:24:
                    1a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:7A:52:36:89:90:7A:33:F8:72:3E:1D:25:92:FA:46:66:F2:7D:DD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8261ac7-fa13-4c2b-9215-83b6a9452681.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.157.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8b:6c:ba:1c:17:a7:e9:31:0f:47:cc:46:d5:c4:bd:9c:bf:93:
         24:27:aa:20:50:fc:9a:4c:8c:73:35:1e:5d:0a:69:29:49:dd:
         75:19:bd:08:77:49:9d:e5:e7:bf:4c:18:8d:23:a3:85:8d:ec:
         7b:45:0c:cc:f5:5f:88:7f:f9:f5:d4:9e:22:bb:45:32:a7:30:
         50:2b:ca:8c:4b:ca:ac:15:64:14:21:03:45:8d:53:a8:80:66:
         b9:4a:5d:18:fe:d2:db:e9:37:87:a2:4c:1d:a2:c1:eb:f8:11:
         0b:a3:02:df:fd:fb:30:54:be:e3:44:4a:e4:e1:7c:7b:ae:5e:
         a6:77:fa:bd:80:59:a9:af:10:55:05:d1:d0:4e:a2:3a:ed:c5:
         a3:eb:91:83:c1:83:d9:1a:c8:3b:b6:e3:10:9d:2d:79:c7:3d:
         32:bd:5f:c2:90:56:52:1b:35:a3:fc:6a:77:ed:7e:6f:3a:13:
         c3:fe:9b:9c:9e:74:ef:74:07:87:c9:bd:4e:7d:e5:df:37:f2:
         ad:ab:1c:ee:31:7b:d6:62:00:af:5e:ed:0b:9f:b5:e9:75:b0:
         0f:2b:e6:39:19:aa:d3:4d:ce:64:cb:9b:32:c4:89:c2:a6:4f:
         d8:fe:c7:b7:fa:7e:2a:86:4e:41:fa:41:15:7f:f1:eb:31:38:
         95:f1:f0:c7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ7Biot1tGWKnl6Rhz8gT6MYyuWswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTYyMTMxWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzE0NjU0MDIxN2QxMjc2OGExODk5ZjVhMmFlMGQ4NDNj
ZDRhODA5Mjg0N2E1ZmUxOTNjZjk2NGFjYjVmMWYzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfC+ZkfVdZcwTg/zgDgZEwuxVbo38vBCPMBYzU/qB3ielz
Ib5HpoAhe5nR/vz1SvjybLW3vwdv8dR8eUVV5TorHgky/gd3CDy6fhkqCVy1ZExK
tBxXQiC0PoNnJOcE7cpt7tpeGBzcHJG+wLgoSvsltTUX7kZgFMcnyZIhA5j5FDjT
50U4oJykw9EwHY88g6a2btqSl81RqzfHoqWXyYDwHSyyHoZ1DToRnJdVvawTGPr5
xy696YJw3fGiiRk4bBRMRp6ZWXSRxQyGNlO/7zQLyRlqbOhY4rduqDHwoLnWU759
FOloGdPoK7VDRywrqvcRyQaqCRwBme5JyVb4JBonAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUl3pSNomQejP4cj4dJZL6Rmbyfd0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E4MjYxYWM3LWZhMTMtNGMyYi05MjE1LTgzYjZhOTQ1MjY4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2nUgwDQYJKoZIhvcNAQELBQADggEBAItsuhwXp+kxD0fMRtXEvZy/kyQn
qiBQ/JpMjHM1Hl0KaSlJ3XUZvQh3SZ3l579MGI0jo4WN7HtFDMz1X4h/+fXUniK7
RTKnMFAryoxLyqwVZBQhA0WNU6iAZrlKXRj+0tvpN4eiTB2iwev4EQujAt/9+zBU
vuNESuThfHuuXqZ3+r2AWamvEFUF0dBOojrtxaPrkYPBg9kayDu24xCdLXnHPTK9
X8KQVlIbNaP8anftfm86E8P+m5yedO90B4fJvU595d838q2rHO4xe9ZiAK9e7Quf
tel1sA8r5jkZqtNNzmTLmzLEicKmT9j+x7f6fiqGTkH6QRV/8esxOJXx8Mc=
-----END CERTIFICATE-----