Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d489da28-9b7c-4eab-91b5-6553e8bd7602.roa
File:                     d489da28-9b7c-4eab-91b5-6553e8bd7602.roa (raw, json)
Hash identifier:          14UC2j39lkuyhQAu/yAz7/A8LxlcIO0FYvfb+o7/E14=
Subject key identifier:   51:57:6B:8A:CD:7C:88:6D:89:23:E5:29:4C:9D:FA:95:77:9D:2D:85
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       441814ECB390EEF085EF76E455ED08E484FD7947
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d489da28-9b7c-4eab-91b5-6553e8bd7602.roa
Signing time:             Mon 24 Mar 2025 16:30:23 +0000
ROA not before:           Mon 24 Mar 2025 16:30:23 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.197.223.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:18:14:ec:b3:90:ee:f0:85:ef:76:e4:55:ed:08:e4:84:fd:79:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 16:30:23 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=261c6409e94b5430ce72440d3719a819cfe419787b81da9cfe102bd54d1cbbcf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:71:ea:93:f2:1f:d1:18:00:53:7f:92:88:57:
                    6a:63:f0:cb:91:00:e8:9a:ae:0f:98:03:59:55:5b:
                    b6:10:88:fd:f8:04:88:24:10:3c:47:7f:af:a4:76:
                    da:0e:7b:1d:14:d5:58:c9:1b:c8:0c:9d:fd:00:4a:
                    d2:a6:74:45:f5:75:e4:79:f9:75:78:ba:e2:db:65:
                    2d:61:63:36:a4:7e:d7:28:d7:df:0d:97:13:d1:55:
                    f0:ee:e8:ad:2b:a4:c1:0c:48:85:71:60:33:2d:dd:
                    95:eb:27:9c:28:57:cd:57:cd:9f:d6:92:18:54:61:
                    4b:f2:91:c4:31:ea:23:65:82:b5:0d:5c:42:db:71:
                    16:19:b1:96:75:f4:9e:d1:d0:ad:da:6a:c7:b5:aa:
                    31:ba:23:29:47:ae:cb:ed:58:61:64:71:99:e5:bd:
                    eb:66:c9:1e:c2:77:47:77:17:df:cb:90:cf:28:e2:
                    3e:48:7b:7d:9f:0c:41:5e:fe:bf:28:ea:07:88:b7:
                    06:d8:c1:23:82:f9:41:83:21:9f:06:b4:a8:81:de:
                    16:e0:2d:f4:63:69:8a:4b:00:ac:ac:6e:c4:c7:2e:
                    ed:22:0d:5e:47:58:46:c8:86:b2:92:c8:5e:3c:2d:
                    16:a4:28:c5:d8:13:41:04:48:b7:72:1c:f5:0a:9b:
                    6b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:57:6B:8A:CD:7C:88:6D:89:23:E5:29:4C:9D:FA:95:77:9D:2D:85
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d489da28-9b7c-4eab-91b5-6553e8bd7602.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.197.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:96:da:ac:47:2a:3f:24:8d:a1:2d:38:f6:77:87:28:81:3c:
         32:79:07:80:65:30:2e:27:9e:d8:fe:eb:a0:db:06:1a:f0:a3:
         85:70:53:47:29:e6:0f:35:14:0f:38:91:dc:a6:3f:47:03:f8:
         c6:f6:94:a0:f1:21:3c:03:1c:84:6d:79:07:85:6c:79:f8:c8:
         d3:f1:83:0c:65:89:07:02:75:7b:78:20:92:47:fd:b0:47:0c:
         ee:d5:23:c9:12:6e:7f:b4:d3:1a:c0:23:08:53:65:64:4d:b8:
         36:14:b0:e7:c2:2f:0f:1b:72:a3:c4:11:dc:dc:04:a4:56:7d:
         00:a4:34:a9:aa:f0:17:71:7c:e9:32:f7:02:89:de:87:39:05:
         b8:c7:81:4e:8c:e3:73:b1:4d:26:d2:8f:20:db:3d:55:bc:69:
         3b:8d:04:bf:81:68:0f:d5:22:98:66:0c:2b:4f:1f:1d:11:ea:
         cd:fd:d6:b1:1c:c9:1e:49:f4:44:9c:35:02:9f:93:8d:a9:85:
         ee:1f:5a:fb:ab:3e:f2:3a:5a:db:bd:d8:4f:c4:16:71:85:3a:
         c3:ac:41:81:ba:7a:8a:da:f0:b2:47:de:00:04:96:c3:d9:49:
         0d:83:b4:39:27:02:57:36:e5:d3:06:a7:ba:19:81:1f:4c:1c:
         30:f6:18:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURBgU7LOQ7vCF73bkVe0I5IT9eUcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTYzMDIzWhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNjFjNjQwOWU5NGI1NDMwY2U3MjQ0MGQzNzE5YTgxOWNm
ZTQxOTc4N2I4MWRhOWNmZTEwMmJkNTRkMWNiYmNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ceqT8h/RGABTf5KIV2pj8MuRAOiarg+YA1lVW7YQiP34
BIgkEDxHf6+kdtoOex0U1VjJG8gMnf0AStKmdEX1deR5+XV4uuLbZS1hYzakftco
198NlxPRVfDu6K0rpMEMSIVxYDMt3ZXrJ5woV81XzZ/WkhhUYUvykcQx6iNlgrUN
XELbcRYZsZZ19J7R0K3aase1qjG6IylHrsvtWGFkcZnlvetmyR7Cd0d3F9/LkM8o
4j5Ie32fDEFe/r8o6geItwbYwSOC+UGDIZ8GtKiB3hbgLfRjaYpLAKysbsTHLu0i
DV5HWEbIhrKSyF48LRakKMXYE0EESLdyHPUKm2tdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUVdris18iG2JI+UpTJ36lXedLYUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q0ODlkYTI4LTliN2MtNGVhYi05MWI1LTY1NTNlOGJkNzYwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2xd8wDQYJKoZIhvcNAQELBQADggEBAIqW2qxHKj8kjaEtOPZ3hyiBPDJ5
B4BlMC4nntj+66DbBhrwo4VwU0cp5g81FA84kdymP0cD+Mb2lKDxITwDHIRteQeF
bHn4yNPxgwxliQcCdXt4IJJH/bBHDO7VI8kSbn+00xrAIwhTZWRNuDYUsOfCLw8b
cqPEEdzcBKRWfQCkNKmq8BdxfOky9wKJ3oc5BbjHgU6M43OxTSbSjyDbPVW8aTuN
BL+BaA/VIphmDCtPHx0R6s391rEcyR5J9EScNQKfk42phe4fWvurPvI6Wtu92E/E
FnGFOsOsQYG6eora8LJH3gAElsPZSQ2DtDknAlc25dMGp7oZgR9MHDD2GM4=
-----END CERTIFICATE-----