Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ee6778f0-1730-46ac-bab2-6e5515413d66.roa
File:                     ee6778f0-1730-46ac-bab2-6e5515413d66.roa (raw, json)
Hash identifier:          Yq3wQtZzYWpcFVGZBly5dVCd/wuUUuQLxLn+scNbGMQ=
Subject key identifier:   E1:2F:A7:39:3E:27:49:B0:03:3B:32:D8:D3:18:FD:31:42:3A:32:53
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       66B0F61E97C31B64D9E00C64EAAB8AA9B48DACB7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ee6778f0-1730-46ac-bab2-6e5515413d66.roa
Signing time:             Fri 28 Mar 2025 18:00:22 +0000
ROA not before:           Fri 28 Mar 2025 18:00:22 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        3.2.50.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:b0:f6:1e:97:c3:1b:64:d9:e0:0c:64:ea:ab:8a:a9:b4:8d:ac:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 28 18:00:22 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=31836f4993924c136d342bd2a0b9f86743e0fe80f70bac61a21078fd76e349f9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0a:c5:01:e4:dd:98:df:f4:00:c9:8e:d2:23:
                    51:2d:d8:bd:ca:f2:42:28:76:07:1e:be:a6:2f:50:
                    3d:dd:52:ad:65:fe:b2:24:31:9b:35:12:9b:e4:b7:
                    ae:06:b8:34:9c:3d:73:10:90:bc:c1:51:ed:3e:1a:
                    2e:db:cb:4a:78:5a:55:8d:0d:72:c6:bc:d1:a2:d6:
                    62:93:c5:da:7e:6b:8e:e6:ab:4b:fc:36:e7:3a:ec:
                    52:1d:f6:e6:67:fe:8a:bb:54:03:ff:ea:d7:cd:c2:
                    e4:11:57:95:2b:cc:4f:5f:c9:09:e5:71:46:d8:99:
                    e1:2e:27:04:04:00:9f:b5:fd:9a:2b:d4:78:90:0b:
                    9a:78:79:e8:7a:f7:3b:69:49:58:ea:d0:47:af:77:
                    ce:05:89:bd:35:57:e1:9a:fa:9d:f1:4c:8d:6a:3b:
                    c9:c3:e8:f0:34:4f:1f:0a:cc:21:ca:a2:e9:28:73:
                    0f:ad:00:5f:d8:5e:89:15:d5:49:30:0f:02:fa:7e:
                    f8:2b:ef:c1:8b:b4:06:24:9a:5d:08:f7:e1:67:b9:
                    46:29:4b:48:d1:48:0d:5d:11:c1:22:14:da:4a:41:
                    83:07:53:cc:b7:a4:cb:f8:c6:0e:fd:c4:50:aa:71:
                    2f:da:9c:f3:f0:6d:e0:4d:cf:67:2d:95:dc:b5:69:
                    b0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:2F:A7:39:3E:27:49:B0:03:3B:32:D8:D3:18:FD:31:42:3A:32:53
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ee6778f0-1730-46ac-bab2-6e5515413d66.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:eb:ce:0e:db:0a:1e:57:cd:36:6f:b3:34:7a:48:9e:dd:15:
         75:f7:4c:ec:cb:ce:2a:69:59:f6:81:74:23:08:9e:97:ba:bf:
         e3:04:d3:1b:fb:cc:7a:f3:eb:a1:2a:18:ee:8b:ac:9c:23:33:
         c2:13:95:78:2b:4b:51:36:35:0a:87:43:56:48:82:d0:12:4a:
         12:7c:38:bc:e5:78:0e:1b:d0:00:8f:8c:12:06:9e:66:c1:3e:
         ae:35:e5:05:c1:bd:11:6d:04:b1:58:15:a8:20:e0:2f:51:aa:
         07:82:aa:5c:84:48:76:c1:ef:6f:89:63:69:d8:e7:bb:32:8d:
         cd:f2:54:b8:1a:72:52:84:3d:66:95:af:69:ed:51:99:cb:e0:
         d6:81:74:03:c8:da:18:22:4b:57:51:8d:eb:2d:da:a1:b9:e5:
         81:6c:45:da:27:68:a9:f3:fd:28:78:ad:5a:15:de:d3:a3:4d:
         13:7c:69:51:0c:f0:12:01:87:f7:e0:a0:e0:26:47:b6:59:e0:
         7a:66:e1:71:6d:33:cd:0c:1f:d6:69:44:e6:6a:12:0b:91:4a:
         84:c4:53:a3:06:10:8a:9e:31:b7:e3:23:73:a8:79:4d:8b:ce:
         76:7b:57:d5:e6:06:d4:18:a9:37:28:74:8d:00:a3:30:c0:99:
         6a:dc:58:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZrD2HpfDG2TZ4Axk6quKqbSNrLcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI4MTgwMDIyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMTgzNmY0OTkzOTI0YzEzNmQzNDJiZDJhMGI5Zjg2NzQz
ZTBmZTgwZjcwYmFjNjFhMjEwNzhmZDc2ZTM0OWY5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwCsUB5N2Y3/QAyY7SI1Et2L3K8kIodgcevqYvUD3dUq1l
/rIkMZs1Epvkt64GuDScPXMQkLzBUe0+Gi7by0p4WlWNDXLGvNGi1mKTxdp+a47m
q0v8Nuc67FId9uZn/oq7VAP/6tfNwuQRV5UrzE9fyQnlcUbYmeEuJwQEAJ+1/Zor
1HiQC5p4eeh69ztpSVjq0Eevd84Fib01V+Ga+p3xTI1qO8nD6PA0Tx8KzCHKouko
cw+tAF/YXokV1UkwDwL6fvgr78GLtAYkml0I9+FnuUYpS0jRSA1dEcEiFNpKQYMH
U8y3pMv4xg79xFCqcS/anPPwbeBNz2ctldy1abDXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4S+nOT4nSbADOzLY0xj9MUI6MlMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VlNjc3OGYwLTE3MzAtNDZhYy1iYWIyLTZlNTUxNTQxM2Q2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAjIwDQYJKoZIhvcNAQELBQADggEBAFrrzg7bCh5XzTZvszR6SJ7dFXX3
TOzLzippWfaBdCMInpe6v+ME0xv7zHrz66EqGO6LrJwjM8ITlXgrS1E2NQqHQ1ZI
gtASShJ8OLzleA4b0ACPjBIGnmbBPq415QXBvRFtBLFYFagg4C9RqgeCqlyESHbB
72+JY2nY57syjc3yVLgaclKEPWaVr2ntUZnL4NaBdAPI2hgiS1dRjest2qG55YFs
RdonaKnz/Sh4rVoV3tOjTRN8aVEM8BIBh/fgoOAmR7ZZ4Hpm4XFtM80MH9ZpROZq
EguRSoTEU6MGEIqeMbfjI3OoeU2LznZ7V9XmBtQYqTcodI0AozDAmWrcWOs=
-----END CERTIFICATE-----