Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5128da0-dbfa-49fc-9c01-ebc6b79e03ff.roa
File:                     b5128da0-dbfa-49fc-9c01-ebc6b79e03ff.roa (raw, json)
Hash identifier:          ATHzq17olvVixXox2yEu7sLBONB1AyT9lWD1O2ee9Vg=
Subject key identifier:   5C:F1:1A:C6:82:28:50:72:A9:1A:8A:CD:CB:B3:1D:3E:C5:18:BD:2A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       785993C6CD6DC2F2CE1DA1D3CD0A29C9E04D4DF8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5128da0-dbfa-49fc-9c01-ebc6b79e03ff.roa
Signing time:             Fri 28 Mar 2025 17:50:15 +0000
ROA not before:           Fri 28 Mar 2025 17:50:15 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        161.188.182.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:59:93:c6:cd:6d:c2:f2:ce:1d:a1:d3:cd:0a:29:c9:e0:4d:4d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 28 17:50:15 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=731a7dd5edfda33157439f7ade059d892958fc356ba8a987ee33ba2d67f96c81, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f4:34:29:39:64:b5:9e:60:f9:39:af:85:09:
                    92:fe:c6:fb:64:cd:6e:c6:93:6c:ad:db:61:a1:47:
                    ac:df:7c:a1:06:db:ee:61:74:9f:51:a1:95:57:95:
                    e9:c2:2f:a7:e7:b5:c1:f8:c7:a8:77:d8:f5:26:57:
                    90:c3:1b:61:39:9a:b3:f4:91:02:a2:ea:7c:9c:58:
                    16:8e:e6:5b:bc:9f:01:1a:39:7f:a3:74:07:2f:e8:
                    ae:df:69:7e:6b:4d:59:40:0b:5b:37:ae:96:42:d8:
                    17:74:e6:bd:b9:6a:c8:90:e1:ba:b4:f4:24:21:48:
                    15:fe:9d:7d:49:33:9f:78:a1:80:27:28:0b:28:24:
                    1b:0f:06:94:e7:c7:f2:db:e5:74:50:f5:64:e7:03:
                    de:69:d8:8a:aa:dd:54:52:63:b0:7e:70:4e:1b:74:
                    d4:fa:fc:06:be:9b:02:87:7a:f7:07:3b:e0:19:6e:
                    b7:7a:1a:eb:df:84:cd:de:f2:00:53:e0:a1:c0:60:
                    43:af:87:6c:15:e9:c8:3c:a5:e2:6c:2d:a3:c0:89:
                    a9:f2:22:43:12:5c:eb:5d:4a:fe:0e:c3:c0:7c:91:
                    bc:9c:50:ad:77:9d:59:42:95:62:a8:9f:59:2d:18:
                    3c:95:d7:bf:1b:fa:72:c0:8b:77:26:ee:22:5f:cb:
                    3c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:F1:1A:C6:82:28:50:72:A9:1A:8A:CD:CB:B3:1D:3E:C5:18:BD:2A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5128da0-dbfa-49fc-9c01-ebc6b79e03ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.188.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:00:44:41:b3:a1:c2:2e:ae:f5:f9:8e:64:67:91:57:bc:37:
         52:59:93:c0:5c:6e:bd:59:fa:24:5c:2f:0f:6c:07:7e:d1:a1:
         fa:81:91:ed:4e:1a:b5:84:3d:8b:c7:1b:b2:e7:be:0c:53:55:
         7b:6d:92:c9:79:54:13:c3:6b:18:0c:6c:5f:00:6b:d0:02:df:
         7a:5f:1d:4a:83:d5:a6:63:2e:ca:76:62:60:4b:27:ef:47:15:
         a8:af:d7:fd:ff:da:69:73:37:32:82:04:83:83:fa:15:cf:7b:
         e1:12:b5:98:5e:ef:36:40:2b:3f:40:7b:02:5a:a5:f5:0a:d5:
         42:6c:15:e6:73:fe:7b:a4:ef:c4:b1:b5:7d:12:60:6f:17:17:
         3a:f5:89:41:41:01:7c:38:ee:d7:97:72:ef:83:9c:81:dc:3c:
         06:a4:cf:a2:8e:05:2b:50:e9:fb:c8:3a:e0:dd:b2:3b:8e:16:
         b6:07:a5:20:11:64:a2:34:95:3f:b1:cd:c7:38:25:89:b0:f1:
         6c:76:7d:4e:91:f9:00:a4:dd:a8:68:f7:0b:2a:c8:bd:3b:15:
         cf:12:2a:d7:b3:98:28:5c:37:8a:5e:ed:20:fb:ad:4d:41:6f:
         74:79:14:c7:49:75:0b:93:37:ea:c2:dc:d9:ef:ba:e6:a3:43:
         df:f3:5f:12
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeFmTxs1twvLOHaHTzQopyeBNTfgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI4MTc1MDE1WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MzFhN2RkNWVkZmRhMzMxNTc0MzlmN2FkZTA1OWQ4OTI5
NThmYzM1NmJhOGE5ODdlZTMzYmEyZDY3Zjk2YzgxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDh9DQpOWS1nmD5Oa+FCZL+xvtkzW7Gk2yt22GhR6zffKEG
2+5hdJ9RoZVXlenCL6fntcH4x6h32PUmV5DDG2E5mrP0kQKi6nycWBaO5lu8nwEa
OX+jdAcv6K7faX5rTVlAC1s3rpZC2Bd05r25asiQ4bq09CQhSBX+nX1JM594oYAn
KAsoJBsPBpTnx/Lb5XRQ9WTnA95p2Iqq3VRSY7B+cE4bdNT6/Aa+mwKHevcHO+AZ
brd6GuvfhM3e8gBT4KHAYEOvh2wV6cg8peJsLaPAianyIkMSXOtdSv4Ow8B8kbyc
UK13nVlClWKon1ktGDyV178b+nLAi3cm7iJfyzxPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXPEaxoIoUHKpGorNy7MdPsUYvSowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I1MTI4ZGEwLWRiZmEtNDlmYy05YzAxLWViYzZiNzllMDNmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGhvLYwDQYJKoZIhvcNAQELBQADggEBAGAAREGzocIurvX5jmRnkVe8N1JZ
k8Bcbr1Z+iRcLw9sB37RofqBke1OGrWEPYvHG7LnvgxTVXttksl5VBPDaxgMbF8A
a9AC33pfHUqD1aZjLsp2YmBLJ+9HFaiv1/3/2mlzNzKCBIOD+hXPe+EStZhe7zZA
Kz9AewJapfUK1UJsFeZz/nuk78SxtX0SYG8XFzr1iUFBAXw47teXcu+DnIHcPAak
z6KOBStQ6fvIOuDdsjuOFrYHpSARZKI0lT+xzcc4JYmw8Wx2fU6R+QCk3aho9wsq
yL07Fc8SKtezmChcN4pe7SD7rU1Bb3R5FMdJdQuTN+rC3NnvuuajQ9/zXxI=
-----END CERTIFICATE-----