Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b67ee425-0bd9-425b-8e2c-4356aec33473.roa
File:                     b67ee425-0bd9-425b-8e2c-4356aec33473.roa (raw, json)
Hash identifier:          chzbxf+2YCB0hzCCHBU7GiSCD8LrTRXxBYn2dpA8QZ8=
Subject key identifier:   70:9D:CD:F1:40:66:35:D8:F8:3C:3F:7C:83:86:9C:9B:21:B3:88:13
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       01AC681C9F3381C50307DB770C68FE91391C1601
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b67ee425-0bd9-425b-8e2c-4356aec33473.roa
Signing time:             Sat 22 Mar 2025 00:21:04 +0000
ROA not before:           Sat 22 Mar 2025 00:21:04 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.64.0/20 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:ac:68:1c:9f:33:81:c5:03:07:db:77:0c:68:fe:91:39:1c:16:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 22 00:21:04 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: serialNumber=85fb9374c20556625d9faa5366702638c07290e320c26edcf091183d60c9c7b4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:40:d7:40:8b:8f:4b:d3:65:d8:2a:4b:2d:f3:
                    69:20:44:42:f1:ab:08:ee:7a:ef:94:2b:51:1c:92:
                    c9:94:c0:f3:55:9b:b4:cd:32:b9:50:10:18:5b:05:
                    d1:48:da:42:14:9a:68:87:85:f6:14:3e:09:f4:19:
                    2f:a4:85:39:f9:5f:33:ad:18:ff:61:a8:f2:3f:c6:
                    cb:e0:f0:c6:4e:87:66:f5:c6:85:83:2c:0d:83:ea:
                    a8:65:c5:a9:98:a5:6e:9f:ce:ae:42:db:6c:46:de:
                    14:94:5a:d2:90:98:ca:2f:29:61:da:86:1d:ca:08:
                    dd:f5:d1:38:78:fd:d4:26:00:54:90:9a:e1:d8:54:
                    1f:7a:05:c5:78:39:a5:11:d6:8f:61:1e:b5:14:fe:
                    66:94:13:e7:f4:20:23:d4:03:13:5a:43:cb:1b:da:
                    1c:e1:83:ed:32:02:f2:de:f7:54:de:7b:62:d1:54:
                    36:20:db:0a:bf:07:a9:67:30:05:83:77:2e:67:42:
                    01:15:49:db:d8:21:2f:fb:23:f6:75:c1:7b:95:06:
                    4c:85:dd:5a:7f:5c:94:8f:0d:f2:3e:61:ed:fc:d6:
                    32:95:da:31:42:4e:49:a5:c0:bb:fb:c1:3d:04:28:
                    73:62:56:29:40:ba:5f:e4:b3:7f:28:77:dc:0c:ca:
                    ff:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:9D:CD:F1:40:66:35:D8:F8:3C:3F:7C:83:86:9C:9B:21:B3:88:13
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b67ee425-0bd9-425b-8e2c-4356aec33473.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         74:6d:29:51:39:47:51:6b:50:99:5d:b0:a1:ca:36:99:f7:46:
         de:ed:77:21:74:c4:07:0c:17:db:32:01:c1:32:b8:81:16:3c:
         1a:34:11:43:ae:6c:a3:25:9e:f7:e1:a3:04:1d:e2:d1:4f:48:
         0b:48:23:c2:a1:17:93:8d:ce:72:1a:0d:48:96:28:40:29:c2:
         15:56:a1:68:15:60:56:bc:29:6f:f6:4e:de:26:29:a5:89:88:
         eb:2c:13:45:bc:b0:d6:2d:c9:20:9b:3b:fb:d8:42:99:e1:fc:
         c2:51:0d:89:ea:f5:cd:05:c6:50:b9:6b:d0:47:0d:d2:b5:60:
         0a:c4:8b:5e:e8:e8:bf:b4:36:03:aa:e2:53:b1:64:b5:76:cb:
         4c:13:39:c2:f7:bc:41:80:ea:43:ea:68:8e:f4:c2:b2:d4:94:
         f4:d3:04:d3:8c:07:6c:0f:71:47:0b:98:cd:f4:c4:9f:cc:a0:
         ae:fc:ca:36:d7:47:fc:bc:9e:c4:b7:c2:cd:34:0f:14:06:8e:
         9c:03:30:e1:96:62:5b:85:b8:1e:cc:91:0e:9b:84:8d:a1:ef:
         96:01:63:38:33:ea:09:0e:f1:53:7b:9c:f3:38:88:c9:96:99:
         cb:31:96:93:a5:81:70:ba:42:99:d7:f9:f3:09:48:e1:a9:62:
         01:25:f6:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAaxoHJ8zgcUDB9t3DGj+kTkcFgEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzIyMDAyMTA0WhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWZiOTM3NGMyMDU1NjYyNWQ5ZmFhNTM2NjcwMjYzOGMw
NzI5MGUzMjBjMjZlZGNmMDkxMTgzZDYwYzljN2I0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaQNdAi49L02XYKkst82kgRELxqwjueu+UK1EcksmUwPNV
m7TNMrlQEBhbBdFI2kIUmmiHhfYUPgn0GS+khTn5XzOtGP9hqPI/xsvg8MZOh2b1
xoWDLA2D6qhlxamYpW6fzq5C22xG3hSUWtKQmMovKWHahh3KCN310Th4/dQmAFSQ
muHYVB96BcV4OaUR1o9hHrUU/maUE+f0ICPUAxNaQ8sb2hzhg+0yAvLe91Tee2LR
VDYg2wq/B6lnMAWDdy5nQgEVSdvYIS/7I/Z1wXuVBkyF3Vp/XJSPDfI+Ye381jKV
2jFCTkmlwLv7wT0EKHNiVilAul/ks38od9wMyv+7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcJ3N8UBmNdj4PD98g4acmyGziBMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I2N2VlNDI1LTBiZDktNDI1Yi04ZTJjLTQzNTZhZWMzMzQ3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQP3EAwDQYJKoZIhvcNAQELBQADggEBAHRtKVE5R1FrUJldsKHKNpn3Rt7t
dyF0xAcMF9syAcEyuIEWPBo0EUOubKMlnvfhowQd4tFPSAtII8KhF5ONznIaDUiW
KEApwhVWoWgVYFa8KW/2Tt4mKaWJiOssE0W8sNYtySCbO/vYQpnh/MJRDYnq9c0F
xlC5a9BHDdK1YArEi17o6L+0NgOq4lOxZLV2y0wTOcL3vEGA6kPqaI70wrLUlPTT
BNOMB2wPcUcLmM30xJ/MoK78yjbXR/y8nsS3ws00DxQGjpwDMOGWYluFuB7MkQ6b
hI2h75YBYzgz6gkO8VN7nPM4iMmWmcsxlpOlgXC6QpnX+fMJSOGpYgEl9rQ=
-----END CERTIFICATE-----