Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2596b28-744a-4f56-beb4-f90cd78a02f9.roa
File:                     e2596b28-744a-4f56-beb4-f90cd78a02f9.roa (raw, json)
Hash identifier:          t0veckq8+U5Y/t1SMRTZ2cwWD5+EEmiCK6EAJG597C8=
Subject key identifier:   75:4F:31:4A:E5:54:99:9E:45:10:55:68:08:53:F6:2A:05:16:DA:04
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0D846BD21BAFC40CC65BD7700720707C09BCCFC3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2596b28-744a-4f56-beb4-f90cd78a02f9.roa
Signing time:             Tue 01 Apr 2025 00:31:41 +0000
ROA not before:           Tue 01 Apr 2025 00:31:41 +0000
ROA not after:            Tue 06 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.119.188.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:84:6b:d2:1b:af:c4:0c:c6:5b:d7:70:07:20:70:7c:09:bc:cf:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  1 00:31:41 2025 GMT
            Not After : May  6 23:59:59 2025 GMT
        Subject: serialNumber=f5cb45bdb7fdcda3b501b4ff86e75069b03ae34b13eb8ebc87726f46ae7ed21c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:2a:71:bb:0e:be:46:cc:e9:e3:11:59:45:0f:
                    6c:a4:6d:a1:a9:e3:f8:52:a2:92:48:d7:61:ea:63:
                    72:51:a9:97:8d:52:a3:21:13:65:f4:fc:e1:0e:b0:
                    67:c5:34:fe:ec:02:dc:7d:24:27:25:ef:6a:00:6e:
                    d4:34:44:a7:9d:3f:6d:37:5c:1f:eb:02:50:54:43:
                    50:f9:64:0b:47:16:bf:5b:df:83:17:0b:1a:7d:f9:
                    fb:bd:63:1b:89:6b:8f:41:bb:9f:2e:e2:c9:96:da:
                    31:79:71:91:ac:71:17:63:7c:e2:fe:c4:3b:7b:98:
                    0b:91:a3:83:af:74:74:ac:da:53:df:ca:df:c8:77:
                    b8:49:df:f7:66:67:24:59:ee:56:e0:b6:f0:66:da:
                    18:6a:91:5e:c5:ee:5a:cf:26:58:07:d1:2d:3e:bb:
                    99:51:1a:78:98:b5:9f:d5:9d:0d:ec:4d:db:87:ad:
                    35:55:de:54:bc:f6:4d:3b:21:95:47:b6:0e:04:2b:
                    d6:66:78:3f:56:f8:bd:f0:d6:79:2d:0f:6b:4e:a4:
                    66:8a:01:9d:4a:06:9c:df:2c:68:25:d0:92:f1:88:
                    16:3e:33:83:ed:62:c9:b3:14:f4:31:f3:57:c9:7b:
                    e7:91:19:e5:fb:f1:47:c9:9c:57:89:2e:88:78:91:
                    a4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:4F:31:4A:E5:54:99:9E:45:10:55:68:08:53:F6:2A:05:16:DA:04
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2596b28-744a-4f56-beb4-f90cd78a02f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.119.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:db:08:ca:10:30:b6:9c:b9:93:d1:76:c3:4a:fc:29:7d:e1:
         61:67:b9:e8:97:b2:b3:07:22:1b:92:63:ab:07:71:16:02:01:
         06:48:54:73:55:6a:7e:20:56:d1:44:ca:3c:fa:a6:4b:b2:b3:
         82:68:a4:15:35:17:be:f2:88:c9:25:89:7b:59:bb:72:d6:59:
         a0:9f:17:80:ff:14:32:90:dd:5f:0b:03:cd:a3:51:89:27:a4:
         f8:74:7b:6a:0f:d0:49:e5:50:e3:32:dd:ff:93:53:69:05:5a:
         3a:e9:e1:c1:49:a5:03:bf:bd:ef:a6:81:76:72:5d:f6:1f:a5:
         ff:c3:c7:82:a2:34:1d:09:1f:c0:f6:e4:94:ee:b4:be:bf:16:
         06:6f:54:77:74:48:97:87:e7:bc:75:74:64:fa:64:fd:8f:e8:
         1b:9c:4a:b6:21:b2:42:f6:91:c6:a1:28:88:4d:37:52:fa:97:
         b9:af:61:f1:51:63:60:62:80:fa:2f:51:a3:48:2f:a8:07:c3:
         f0:27:ee:5f:5b:60:bb:1b:17:6d:6d:16:ce:bc:32:27:64:e5:
         66:9f:03:f5:6c:99:aa:1d:43:89:c3:aa:de:3f:3d:bb:98:c8:
         20:ce:d8:3d:fc:5a:37:b8:b1:b4:35:63:87:d5:2a:c6:cf:69:
         d1:d4:cf:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDYRr0huvxAzGW9dwByBwfAm8z8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDAxMDAzMTQxWhcNMjUwNTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNWNiNDViZGI3ZmRjZGEzYjUwMWI0ZmY4NmU3NTA2OWIw
M2FlMzRiMTNlYjhlYmM4NzcyNmY0NmFlN2VkMjFjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDzKnG7Dr5GzOnjEVlFD2ykbaGp4/hSopJI12HqY3JRqZeN
UqMhE2X0/OEOsGfFNP7sAtx9JCcl72oAbtQ0RKedP203XB/rAlBUQ1D5ZAtHFr9b
34MXCxp9+fu9YxuJa49Bu58u4smW2jF5cZGscRdjfOL+xDt7mAuRo4OvdHSs2lPf
yt/Id7hJ3/dmZyRZ7lbgtvBm2hhqkV7F7lrPJlgH0S0+u5lRGniYtZ/VnQ3sTduH
rTVV3lS89k07IZVHtg4EK9ZmeD9W+L3w1nktD2tOpGaKAZ1KBpzfLGgl0JLxiBY+
M4PtYsmzFPQx81fJe+eRGeX78UfJnFeJLoh4kaRhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdU8xSuVUmZ5FEFVoCFP2KgUW2gQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UyNTk2YjI4LTc0NGEtNGY1Ni1iZWI0LWY5MGNkNzhhMDJmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0d7wwDQYJKoZIhvcNAQELBQADggEBAGDbCMoQMLacuZPRdsNK/Cl94WFn
ueiXsrMHIhuSY6sHcRYCAQZIVHNVan4gVtFEyjz6pkuys4JopBU1F77yiMkliXtZ
u3LWWaCfF4D/FDKQ3V8LA82jUYknpPh0e2oP0EnlUOMy3f+TU2kFWjrp4cFJpQO/
ve+mgXZyXfYfpf/Dx4KiNB0JH8D25JTutL6/FgZvVHd0SJeH57x1dGT6ZP2P6Buc
SrYhskL2kcahKIhNN1L6l7mvYfFRY2BigPovUaNIL6gHw/An7l9bYLsbF21tFs68
Midk5WafA/VsmaodQ4nDqt4/PbuYyCDO2D38Wje4sbQ1Y4fVKsbPadHUzwA=
-----END CERTIFICATE-----