Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa
File:                     d725f87f-a86a-4fc5-843b-fa61c0834c10.roa (raw, json)
Hash identifier:          xPBSzlSWBOhtJyZqwOPsjECyle4Y8M5E+IuNd08SUk0=
Subject key identifier:   76:B3:3D:CD:A0:20:C7:76:62:A3:94:9B:85:B6:49:10:03:EC:AC:FD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5DACDCAB8970E80C035060DC9534A0AEA7A2DA0C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa
Signing time:             Mon 24 Mar 2025 16:20:55 +0000
ROA not before:           Mon 24 Mar 2025 16:20:55 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.159.0.0/18 maxlen: 18

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:ac:dc:ab:89:70:e8:0c:03:50:60:dc:95:34:a0:ae:a7:a2:da:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 16:20:55 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=a177c60666eb60f94917e27345eff5171a6e2c7f79433979ef6292e8c3f061a8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:26:f9:2f:dc:7b:b4:02:78:5c:ac:7f:5e:08:
                    15:ad:02:e3:ce:37:92:21:e7:3a:df:81:82:25:dc:
                    08:62:92:b6:74:9b:be:ce:15:e1:26:c2:29:12:57:
                    a4:cf:19:c8:ee:23:53:a9:05:b6:9f:b1:62:54:72:
                    41:6e:0e:f6:0e:b6:4d:15:dc:0e:1e:18:3e:1a:97:
                    98:5d:3c:b5:cd:e7:10:b8:81:7a:13:6a:ef:70:19:
                    fc:3a:b2:81:76:b4:bf:48:a1:a5:f6:0d:f1:1e:b0:
                    47:90:19:dc:58:3c:62:9c:7f:a7:c6:dc:1d:8d:57:
                    0a:ea:00:cc:41:f1:d5:ec:bf:57:bc:61:ae:8f:1f:
                    de:88:03:02:07:f1:3c:77:4f:6f:94:f4:05:4f:ec:
                    8d:96:24:14:f0:c2:da:30:6e:f0:5a:0b:bc:3e:df:
                    ba:cd:cc:dc:95:fc:5d:f2:cf:96:9f:11:67:5d:a2:
                    de:2e:6f:ff:17:cb:5f:26:9b:af:42:af:1b:89:be:
                    8e:62:20:41:da:c5:48:df:7f:a9:a5:d1:b5:eb:1b:
                    48:2a:0e:68:f8:0d:82:af:b7:5d:d4:74:41:92:e1:
                    24:27:66:34:41:96:f2:aa:61:bb:a2:f6:b9:7d:b7:
                    1e:c2:c7:31:f3:96:7f:cb:1a:a2:d5:10:3d:68:46:
                    d6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B3:3D:CD:A0:20:C7:76:62:A3:94:9B:85:B6:49:10:03:EC:AC:FD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.159.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         38:0d:a4:72:24:23:59:d4:7a:76:a8:3d:1a:a5:f5:2c:4c:5e:
         70:f8:be:5a:9a:13:02:15:5c:a9:da:d1:1c:d9:1b:33:62:7e:
         b4:a8:ee:b3:19:d5:1a:42:ab:93:57:2d:f6:9e:03:16:a0:0d:
         0d:e6:0a:87:ba:ac:a2:3e:e8:04:94:df:a4:3e:1d:03:1e:4d:
         5c:61:23:9d:39:0c:19:35:5d:99:a9:56:15:c2:6d:da:28:9e:
         d0:58:1f:95:61:ca:11:e3:2b:ee:ae:53:aa:1a:01:d4:73:84:
         5f:37:f5:83:7c:e5:09:05:f0:fb:e1:86:9b:65:84:cc:bc:99:
         7c:40:43:03:8a:d8:e0:c6:e5:68:98:1b:c5:6c:bf:b7:ff:f3:
         22:6e:31:fd:fc:cb:3b:2f:3d:0b:00:b6:4e:3d:eb:61:cf:5c:
         28:69:c5:4f:db:9a:20:f6:c1:16:af:ee:92:1d:80:5d:11:fe:
         6f:11:89:c5:9f:8c:86:25:06:4e:4e:2e:7e:76:1f:01:56:28:
         38:15:13:c2:28:77:3c:95:cb:ff:cd:5d:39:f7:0f:ff:f4:4b:
         de:b4:ad:88:73:71:44:d8:3d:2d:e7:94:55:1c:b2:21:c9:b1:
         3a:98:f4:d2:bb:0c:f3:db:c8:46:2b:2f:28:c7:22:d5:33:59:
         cf:54:0c:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXazcq4lw6AwDUGDclTSgrqei2gwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTYyMDU1WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTc3YzYwNjY2ZWI2MGY5NDkxN2UyNzM0NWVmZjUxNzFh
NmUyYzdmNzk0MzM5NzllZjYyOTJlOGMzZjA2MWE4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrJvkv3Hu0AnhcrH9eCBWtAuPON5Ih5zrfgYIl3AhikrZ0
m77OFeEmwikSV6TPGcjuI1OpBbafsWJUckFuDvYOtk0V3A4eGD4al5hdPLXN5xC4
gXoTau9wGfw6soF2tL9IoaX2DfEesEeQGdxYPGKcf6fG3B2NVwrqAMxB8dXsv1e8
Ya6PH96IAwIH8Tx3T2+U9AVP7I2WJBTwwtowbvBaC7w+37rNzNyV/F3yz5afEWdd
ot4ub/8Xy18mm69CrxuJvo5iIEHaxUjff6ml0bXrG0gqDmj4DYKvt13UdEGS4SQn
ZjRBlvKqYbui9rl9tx7CxzHzln/LGqLVED1oRtaDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdrM9zaAgx3Zio5SbhbZJEAPsrP0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q3MjVmODdmLWE4NmEtNGZjNS04NDNiLWZhNjFjMDgzNGMxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2nwAwDQYJKoZIhvcNAQELBQADggEBADgNpHIkI1nUenaoPRql9SxMXnD4
vlqaEwIVXKna0RzZGzNifrSo7rMZ1RpCq5NXLfaeAxagDQ3mCoe6rKI+6ASU36Q+
HQMeTVxhI505DBk1XZmpVhXCbdoontBYH5VhyhHjK+6uU6oaAdRzhF839YN85QkF
8PvhhptlhMy8mXxAQwOK2ODG5WiYG8Vsv7f/8yJuMf38yzsvPQsAtk4962HPXChp
xU/bmiD2wRav7pIdgF0R/m8RicWfjIYlBk5OLn52HwFWKDgVE8IodzyVy//NXTn3
D//0S960rYhzcUTYPS3nlFUcsiHJsTqY9NK7DPPbyEYrLyjHItUzWc9UDPM=
-----END CERTIFICATE-----