Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b9154403-782a-4457-b997-6db4700e8d30.roa
File:                     b9154403-782a-4457-b997-6db4700e8d30.roa (raw, json)
Hash identifier:          BeAnAF8vdnE/ThX3WVXpcjm5XF341y7JjxrH+HAZ5Xs=
Subject key identifier:   1B:37:00:DD:E4:AC:07:86:48:A5:12:2F:33:F8:8C:57:28:50:DE:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       47D61ACF7574E0159D7231F6BD97236CB68796BF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b9154403-782a-4457-b997-6db4700e8d30.roa
Signing time:             Mon 24 Mar 2025 18:31:05 +0000
ROA not before:           Mon 24 Mar 2025 18:31:05 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.60.0/22 maxlen: 22

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:d6:1a:cf:75:74:e0:15:9d:72:31:f6:bd:97:23:6c:b6:87:96:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 18:31:05 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=75b507e17a57b496b93a7e9a11df595eb9f58a2357d3765900215bceb44fc67f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b8:ab:04:5a:ac:cb:cd:d8:1b:7d:af:d7:4d:
                    59:81:c6:30:f4:bb:95:73:1d:72:38:65:88:b6:da:
                    7f:d0:d2:c6:00:e0:3e:a9:78:38:ff:0d:27:01:67:
                    82:fe:4c:6a:bf:78:c9:3f:57:ef:c8:8c:69:5e:b3:
                    82:e5:e2:38:27:81:45:ec:ba:ef:91:3f:9c:a3:51:
                    40:c0:eb:11:68:fd:53:34:23:3b:c4:9b:4c:9f:be:
                    18:f4:ad:80:35:bc:56:95:d8:30:a5:03:e0:7b:3c:
                    10:bb:93:72:42:43:c5:da:94:ed:6b:d5:b8:da:ea:
                    39:07:38:73:de:21:3e:f0:43:e2:6d:c5:d3:68:ba:
                    61:71:d7:e9:00:9d:da:17:9d:ad:4e:d7:89:21:73:
                    11:da:c4:66:88:31:22:7e:cb:4b:5e:86:2c:0e:8a:
                    b7:d5:fa:c2:33:40:39:83:8d:63:55:b3:ff:01:44:
                    87:c9:f3:68:2e:e7:14:28:f6:d5:99:dc:e4:e4:6f:
                    6f:e8:62:9b:95:1a:15:94:82:60:2f:b5:02:5c:fc:
                    c4:09:f1:4a:72:74:42:2f:fc:e7:0f:24:68:e7:ce:
                    46:46:1f:87:e1:b1:79:59:95:95:c0:cf:19:d1:f1:
                    8e:0c:b7:b3:47:c9:9c:69:b9:9d:82:20:c7:83:85:
                    9b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:37:00:DD:E4:AC:07:86:48:A5:12:2F:33:F8:8C:57:28:50:DE:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b9154403-782a-4457-b997-6db4700e8d30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:91:06:0b:24:26:fb:34:6a:79:ba:28:b6:37:7c:d8:1a:3d:
         50:58:1e:5b:27:20:15:c8:d5:0d:e8:b4:54:3b:29:05:dc:d0:
         8f:79:bb:69:bd:39:ee:65:e5:73:b4:fa:ba:8a:c3:cf:b9:d6:
         86:da:e8:f2:2f:20:38:c8:b9:af:0c:52:1b:d0:cc:cd:11:48:
         6a:75:ee:29:8c:dc:7b:f0:a6:b1:8e:4b:b8:02:5a:d7:da:e2:
         55:5b:bd:cd:73:a9:0b:58:06:45:48:7d:4a:35:a2:a1:5a:86:
         df:22:e6:f2:e6:6f:d0:fa:90:7a:6e:26:19:7a:73:83:c0:d1:
         f0:a2:13:22:ab:25:f5:e9:2b:cf:bd:af:26:b0:55:44:a3:8f:
         97:92:cd:91:d2:16:35:f5:61:8a:53:ed:5e:6e:12:51:77:be:
         3b:f0:0a:e7:45:98:bb:b6:cf:b4:1f:1c:b4:37:c1:0c:30:ba:
         53:b6:05:d6:f1:77:b3:2d:ec:cd:93:46:25:9e:2d:b7:96:94:
         e2:52:8c:37:67:b5:ce:9d:b8:ef:e1:59:e1:64:f7:00:f8:b7:
         e8:e2:95:12:20:1f:92:47:7a:7f:35:c3:36:ee:f4:b3:bc:c0:
         b3:47:bc:6a:e1:a2:3d:54:e8:c4:7c:15:1d:c3:cb:96:9c:95:
         cd:0a:b9:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR9Yaz3V04BWdcjH2vZcjbLaHlr8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTgzMTA1WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NWI1MDdlMTdhNTdiNDk2YjkzYTdlOWExMWRmNTk1ZWI5
ZjU4YTIzNTdkMzc2NTkwMDIxNWJjZWI0NGZjNjdmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHuKsEWqzLzdgbfa/XTVmBxjD0u5VzHXI4ZYi22n/Q0sYA
4D6peDj/DScBZ4L+TGq/eMk/V+/IjGles4Ll4jgngUXsuu+RP5yjUUDA6xFo/VM0
IzvEm0yfvhj0rYA1vFaV2DClA+B7PBC7k3JCQ8XalO1r1bja6jkHOHPeIT7wQ+Jt
xdNoumFx1+kAndoXna1O14khcxHaxGaIMSJ+y0tehiwOirfV+sIzQDmDjWNVs/8B
RIfJ82gu5xQo9tWZ3OTkb2/oYpuVGhWUgmAvtQJc/MQJ8UpydEIv/OcPJGjnzkZG
H4fhsXlZlZXAzxnR8Y4Mt7NHyZxpuZ2CIMeDhZtLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGzcA3eSsB4ZIpRIvM/iMVyhQ3qIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I5MTU0NDAzLTc4MmEtNDQ1Ny1iOTk3LTZkYjQ3MDBlOGQzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI28DwwDQYJKoZIhvcNAQELBQADggEBAK2RBgskJvs0anm6KLY3fNgaPVBY
HlsnIBXI1Q3otFQ7KQXc0I95u2m9Oe5l5XO0+rqKw8+51oba6PIvIDjIua8MUhvQ
zM0RSGp17imM3HvwprGOS7gCWtfa4lVbvc1zqQtYBkVIfUo1oqFaht8i5vLmb9D6
kHpuJhl6c4PA0fCiEyKrJfXpK8+9ryawVUSjj5eSzZHSFjX1YYpT7V5uElF3vjvw
CudFmLu2z7QfHLQ3wQwwulO2Bdbxd7Mt7M2TRiWeLbeWlOJSjDdntc6duO/hWeFk
9wD4t+jilRIgH5JHen81wzbu9LO8wLNHvGrhoj1U6MR8FR3Dy5aclc0KuRU=
-----END CERTIFICATE-----