Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db3be233-1f71-45d1-8421-fcbf700976f3.roa
File:                     db3be233-1f71-45d1-8421-fcbf700976f3.roa (raw, json)
Hash identifier:          ieKq4GfNqf8MLUJNQ4018FCnXWFnIDQ5YLfgMsQfpOE=
Subject key identifier:   D8:DC:35:DE:5F:61:8C:19:56:33:CD:6D:A9:0D:A2:68:C5:CB:A8:63
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0CC9132A3D70B0702E7631ABA4ACF401019F440A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db3be233-1f71-45d1-8421-fcbf700976f3.roa
Signing time:             Mon 31 Mar 2025 18:11:02 +0000
ROA not before:           Mon 31 Mar 2025 18:11:02 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.83.224.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:c9:13:2a:3d:70:b0:70:2e:76:31:ab:a4:ac:f4:01:01:9f:44:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 18:11:02 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=52d1825dac9cadd9ccb7597ec2e96e62ba696c253e631b7dc23f678141f991b7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:cd:40:cb:db:ce:c1:68:95:4e:59:e5:54:bb:
                    a7:b2:fd:ce:e3:6c:34:e7:bc:ee:b2:1d:61:e3:ab:
                    6e:4c:5f:66:56:3c:c0:a1:7b:c9:13:10:a7:91:f8:
                    33:2a:6e:50:b0:c5:43:7a:6f:5b:f5:a9:85:a4:b4:
                    1e:77:2a:50:d7:d5:7d:b0:07:1a:3c:f3:77:a2:e8:
                    89:61:e2:a5:a3:14:49:a2:1b:fc:12:e2:c3:7e:6d:
                    59:e3:88:20:06:0b:71:cb:b2:6d:1a:46:39:aa:a7:
                    79:80:10:e5:3c:fb:bc:7f:b0:22:17:2c:70:dc:dc:
                    63:79:de:c1:47:5c:a5:43:9f:d8:0c:1e:69:3f:8a:
                    03:ad:36:57:4e:54:29:09:46:cd:cd:d1:0b:b4:7f:
                    37:ba:a6:39:51:e2:38:1a:ac:2f:d2:32:12:98:ce:
                    48:0c:ef:78:59:b8:a8:7a:dc:0f:bd:97:e3:47:dc:
                    20:9e:26:8a:15:37:05:ae:67:fd:b0:4b:cb:35:8a:
                    e0:4e:a1:74:17:8b:44:2c:e6:1e:02:1f:04:97:a6:
                    7f:a2:6e:5c:08:c7:43:38:ea:ba:21:5f:8c:90:dd:
                    df:f7:17:03:03:f6:12:f5:bf:2c:1d:51:6d:9b:fa:
                    7d:f3:a0:6e:0d:e5:81:b5:cd:69:73:ad:e7:36:0c:
                    f5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:DC:35:DE:5F:61:8C:19:56:33:CD:6D:A9:0D:A2:68:C5:CB:A8:63
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db3be233-1f71-45d1-8421-fcbf700976f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.83.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         03:e6:50:e8:4a:54:e3:52:a0:28:1d:f9:f2:43:7a:33:be:f9:
         a2:f0:36:4c:fa:a7:8e:f1:30:e9:32:1f:f6:66:e1:3f:8f:63:
         66:f2:a2:67:7d:3b:34:29:6d:21:3c:08:17:c4:10:db:58:ec:
         5a:eb:f1:ad:61:d4:69:38:a2:a7:70:88:dc:44:e8:25:15:16:
         52:7f:ee:c3:42:cb:8c:7c:84:bd:78:a7:e0:f2:61:97:aa:b3:
         82:9d:e7:71:1d:e1:1c:18:12:2a:e1:8a:00:b1:39:59:3d:6c:
         0a:d4:cc:d2:b7:c5:b3:ba:71:9d:3f:eb:0a:de:e7:53:24:55:
         05:1a:73:26:43:6d:74:0a:00:4c:40:ac:df:85:21:16:a0:44:
         fb:96:ef:b3:02:41:e9:02:6d:79:2a:78:c6:27:4f:08:b0:23:
         bf:ac:ea:3d:02:e2:69:9b:dd:16:7e:d6:e3:65:17:01:c6:e6:
         93:37:bf:2c:94:e4:35:69:8a:f1:6e:a2:18:3f:9a:0b:f5:12:
         81:23:64:4a:18:5a:99:bc:3c:c5:61:e1:29:73:f6:10:20:a8:
         11:0f:03:f0:f0:89:c7:74:20:e5:c8:d4:51:61:49:b3:f3:4e:
         0c:69:02:d6:61:43:dd:4e:c7:8f:eb:20:26:73:61:3c:a5:03:
         66:09:a9:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDMkTKj1wsHAudjGrpKz0AQGfRAowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTgxMTAyWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MmQxODI1ZGFjOWNhZGQ5Y2NiNzU5N2VjMmU5NmU2MmJh
Njk2YzI1M2U2MzFiN2RjMjNmNjc4MTQxZjk5MWI3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJzUDL287BaJVOWeVUu6ey/c7jbDTnvO6yHWHjq25MX2ZW
PMChe8kTEKeR+DMqblCwxUN6b1v1qYWktB53KlDX1X2wBxo883ei6Ilh4qWjFEmi
G/wS4sN+bVnjiCAGC3HLsm0aRjmqp3mAEOU8+7x/sCIXLHDc3GN53sFHXKVDn9gM
Hmk/igOtNldOVCkJRs3N0Qu0fze6pjlR4jgarC/SMhKYzkgM73hZuKh63A+9l+NH
3CCeJooVNwWuZ/2wS8s1iuBOoXQXi0Qs5h4CHwSXpn+iblwIx0M46rohX4yQ3d/3
FwMD9hL1vywdUW2b+n3zoG4N5YG1zWlzrec2DPWVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2Nw13l9hjBlWM81tqQ2iaMXLqGMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RiM2JlMjMzLTFmNzEtNDVkMS04NDIxLWZjYmY3MDA5NzZmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2U+AwDQYJKoZIhvcNAQELBQADggEBAAPmUOhKVONSoCgd+fJDejO++aLw
Nkz6p47xMOkyH/Zm4T+PY2byomd9OzQpbSE8CBfEENtY7Frr8a1h1Gk4oqdwiNxE
6CUVFlJ/7sNCy4x8hL14p+DyYZeqs4Kd53Ed4RwYEirhigCxOVk9bArUzNK3xbO6
cZ0/6wre51MkVQUacyZDbXQKAExArN+FIRagRPuW77MCQekCbXkqeMYnTwiwI7+s
6j0C4mmb3RZ+1uNlFwHG5pM3vyyU5DVpivFuohg/mgv1EoEjZEoYWpm8PMVh4Slz
9hAgqBEPA/Dwicd0IOXI1FFhSbPzTgxpAtZhQ91Ox4/rICZzYTylA2YJqeM=
-----END CERTIFICATE-----