Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2ccedb4-bb26-4bd6-97ac-ba539997ddab.roa
File:                     b2ccedb4-bb26-4bd6-97ac-ba539997ddab.roa (raw, json)
Hash identifier:          DiUnBbgvlamgaS3oNXYvmZU2F3Fzwc6/g6cz9Byx3qc=
Subject key identifier:   33:1A:7E:6D:5F:C6:B7:DB:AB:CB:AD:DC:83:25:A7:46:F3:8D:C7:A7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       77953D833F2A2DCD25CA18CD51D5FD329045C520
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2ccedb4-bb26-4bd6-97ac-ba539997ddab.roa
Signing time:             Mon 31 Mar 2025 18:21:31 +0000
ROA not before:           Mon 31 Mar 2025 18:21:31 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.95.0.0/16 maxlen: 16

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:95:3d:83:3f:2a:2d:cd:25:ca:18:cd:51:d5:fd:32:90:45:c5:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 18:21:31 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=192af9d32a404c4cc3bad0fdbcfd35f026d69e91c35a0de04dcd45cef8baeb28, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b1:ec:44:90:31:24:2e:8d:f6:e2:cd:be:2b:
                    7f:0b:ff:dc:20:ad:3c:0c:4f:d0:6b:89:8e:c1:9a:
                    9a:76:cc:d6:90:73:14:31:14:68:8b:e4:9d:1d:de:
                    97:7f:a3:f5:99:c1:50:65:4d:43:75:f9:c6:fc:c6:
                    c6:e9:33:b0:c9:f8:8f:25:7f:ae:77:77:3e:ae:b3:
                    91:02:d7:5e:64:e8:d8:05:e6:70:af:18:ec:5b:44:
                    e4:0e:1d:2b:44:c0:55:23:f5:4f:8f:1a:61:1a:cb:
                    e9:48:86:a0:13:39:fb:10:b6:dc:3e:7c:c8:ee:2e:
                    43:11:72:00:23:1e:e5:6e:3c:a2:e3:10:4f:91:40:
                    d8:bc:4f:52:97:6f:9a:a8:14:21:bd:4f:40:37:24:
                    e3:99:44:8c:c8:8b:ec:1b:ba:4a:c3:75:96:8b:80:
                    8c:2f:f6:c5:b7:09:fe:f4:f9:66:27:5c:7e:25:4e:
                    75:f6:32:ce:cb:08:ae:4d:ed:a0:83:6e:90:b1:d8:
                    bb:8e:f5:e6:d6:d0:55:ed:d3:e9:1b:08:61:0c:c4:
                    d8:64:c5:39:00:dd:35:67:c9:cd:59:bf:4b:c9:f1:
                    83:4c:94:ba:f0:64:d7:a4:d7:f1:4b:6f:ce:64:87:
                    4f:1b:91:37:45:60:76:95:96:dc:ac:69:6e:af:69:
                    5d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:1A:7E:6D:5F:C6:B7:DB:AB:CB:AD:DC:83:25:A7:46:F3:8D:C7:A7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2ccedb4-bb26-4bd6-97ac-ba539997ddab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.95.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5d:39:da:b2:1a:6c:2e:9c:f6:b7:25:1a:87:1d:6b:6e:5e:51:
         9b:7f:8c:04:e9:59:07:9d:03:ff:bc:e5:47:9c:da:89:db:19:
         6d:0b:d9:d0:d4:68:51:ff:f7:a9:99:50:62:2d:d7:7a:7a:8b:
         37:89:a2:14:a7:f4:1b:87:a2:02:27:09:51:5f:ec:f0:32:23:
         f8:ea:d2:57:80:f2:3d:98:2b:70:e8:3f:bd:de:bf:8e:31:8e:
         2a:ed:7f:89:ef:3a:5d:80:14:95:2d:41:92:a5:cb:d5:9f:60:
         3a:f0:04:f6:04:52:30:05:51:05:cc:d5:06:a7:a3:43:4b:d3:
         ea:9d:e6:a2:29:b3:7a:64:35:88:84:b8:eb:8d:15:fd:f5:0f:
         9d:ac:81:0b:51:1e:6b:66:3c:43:d5:c6:5a:b8:5f:e6:7c:a6:
         60:ea:c6:aa:1b:bc:53:e6:45:cb:f8:8d:aa:1e:5c:37:6f:b1:
         3d:ce:6f:da:33:a3:23:c2:a1:65:43:b9:e2:08:15:6a:65:54:
         d5:f7:58:c5:b9:78:7a:dd:42:eb:5c:b6:0f:3e:5c:7a:92:50:
         3a:70:34:f0:af:e9:ef:5a:a8:38:be:df:a3:ce:1f:f5:ee:c9:
         b8:ab:0a:a9:ad:73:19:35:48:15:11:15:9d:b5:79:2c:f0:d0:
         dd:30:48:41
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUd5U9gz8qLc0lyhjNUdX9MpBFxSAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTgyMTMxWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOTJhZjlkMzJhNDA0YzRjYzNiYWQwZmRiY2ZkMzVmMDI2
ZDY5ZTkxYzM1YTBkZTA0ZGNkNDVjZWY4YmFlYjI4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxsexEkDEkLo324s2+K38L/9wgrTwMT9BriY7Bmpp2zNaQ
cxQxFGiL5J0d3pd/o/WZwVBlTUN1+cb8xsbpM7DJ+I8lf653dz6us5EC115k6NgF
5nCvGOxbROQOHStEwFUj9U+PGmEay+lIhqATOfsQttw+fMjuLkMRcgAjHuVuPKLj
EE+RQNi8T1KXb5qoFCG9T0A3JOOZRIzIi+wbukrDdZaLgIwv9sW3Cf70+WYnXH4l
TnX2Ms7LCK5N7aCDbpCx2LuO9ebW0FXt0+kbCGEMxNhkxTkA3TVnyc1Zv0vJ8YNM
lLrwZNek1/FLb85kh08bkTdFYHaVltysaW6vaV0pAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMxp+bV/Gt9ury63cgyWnRvONx6cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IyY2NlZGI0LWJiMjYtNGJkNi05N2FjLWJhNTM5OTk3ZGRhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2XzANBgkqhkiG9w0BAQsFAAOCAQEAXTnashpsLpz2tyUahx1rbl5Rm3+M
BOlZB50D/7zlR5zaidsZbQvZ0NRoUf/3qZlQYi3XenqLN4miFKf0G4eiAicJUV/s
8DIj+OrSV4DyPZgrcOg/vd6/jjGOKu1/ie86XYAUlS1BkqXL1Z9gOvAE9gRSMAVR
BczVBqejQ0vT6p3moimzemQ1iIS4640V/fUPnayBC1Eea2Y8Q9XGWrhf5nymYOrG
qhu8U+ZFy/iNqh5cN2+xPc5v2jOjI8KhZUO54ggVamVU1fdYxbl4et1C61y2Dz5c
epJQOnA08K/p71qoOL7fo84f9e7JuKsKqa1zGTVIFREVnbV5LPDQ3TBIQQ==
-----END CERTIFICATE-----