Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa
File:                     f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa (raw, json)
Hash identifier:          P8CiJHUd0hBJLT8YQnhY62mEhQLGjmV0qcVax5sN3DA=
Subject key identifier:   BD:B0:A5:E3:98:B3:EE:E8:CB:D4:98:B1:06:5A:8E:C0:56:3E:0F:9C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5498E274FC0993464582C8CBD65D948C824AF8A5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa
Signing time:             Mon 31 Mar 2025 17:51:09 +0000
ROA not before:           Mon 31 Mar 2025 17:51:09 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.112.0/20 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:98:e2:74:fc:09:93:46:45:82:c8:cb:d6:5d:94:8c:82:4a:f8:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 17:51:09 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=01b89f223e2873043df722573ecd4c4a53bfe17930c650eef6480d55ef580e9c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:32:68:62:38:82:30:03:fe:bb:af:f0:db:02:
                    e8:04:65:d6:a8:2e:3d:c1:f2:e7:93:e7:28:b3:bc:
                    b5:d1:ad:6a:24:81:8e:6f:54:14:8e:a5:10:88:76:
                    c7:bd:02:f9:02:8b:a9:db:6f:5c:da:6e:5e:84:71:
                    93:1a:27:99:a1:7b:94:a4:b9:c1:9f:4e:fd:8f:b8:
                    cc:96:12:a5:26:cb:1d:93:5e:72:d7:fb:1e:04:92:
                    6a:c9:b6:cb:9f:f1:df:be:6a:12:1f:ad:7b:aa:31:
                    ba:51:92:94:b2:42:c8:c5:e3:77:7d:56:c0:48:a3:
                    1d:a6:15:e7:6a:66:d3:6a:2a:fe:51:9d:93:aa:0d:
                    ba:e8:2a:ea:66:94:2f:ec:af:12:ab:78:fb:57:e4:
                    98:ab:b9:8d:78:fb:83:7b:ec:a3:4e:38:dd:f9:5e:
                    d9:53:e2:e3:41:da:8c:39:6e:93:f6:0b:aa:7a:e7:
                    9e:97:76:5f:b7:7d:60:7c:a3:ed:1b:2c:49:09:d0:
                    7a:d8:f9:04:68:1a:6e:40:15:b3:0d:81:d1:e3:87:
                    df:94:04:b8:1b:1e:77:50:9b:53:2b:67:23:f2:cf:
                    e9:78:01:7c:01:bb:85:1e:c1:e0:67:aa:16:b4:d0:
                    a1:5c:85:fd:a8:69:37:46:c1:9d:ad:52:35:34:af:
                    ac:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:B0:A5:E3:98:B3:EE:E8:CB:D4:98:B1:06:5A:8E:C0:56:3E:0F:9C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5f:1d:75:48:29:50:71:84:30:68:63:77:47:ce:b3:67:72:51:
         5f:da:8c:b3:cf:26:f2:9d:d2:57:af:30:68:2f:38:68:06:9c:
         87:d3:2f:45:64:c7:2b:14:4d:56:9c:f7:d5:66:f2:e9:89:df:
         cb:60:fd:38:9d:56:05:2f:65:d5:bd:d3:f8:13:ae:8c:0f:9c:
         f2:dc:b6:83:3e:5d:f5:0c:ca:8e:71:b1:6e:d3:98:1b:70:68:
         ac:e9:87:b6:8f:40:3f:35:14:bd:bd:1b:c9:0d:f8:7c:80:12:
         dc:99:14:32:94:6f:01:9d:a1:cc:ca:d4:2b:2d:80:b2:a3:bb:
         ed:87:33:3c:97:bd:3b:4c:fe:83:bf:97:4d:df:a2:78:2b:07:
         5b:09:72:4d:0c:08:5f:d8:5a:66:d1:74:93:48:03:10:ca:a3:
         87:b0:5d:3c:2f:72:fc:c5:9c:8e:31:31:f9:b0:ff:d2:e8:a7:
         99:cb:f1:c0:f0:3a:6e:52:55:5d:a8:be:86:2c:cc:8b:5d:0e:
         ff:4e:84:76:8c:14:a3:d2:79:94:a8:56:bf:80:3b:e0:2e:d8:
         07:cf:2f:28:be:7a:f7:3b:41:fc:bd:61:b7:b4:36:49:1e:fb:
         48:ed:f4:68:7d:8f:6d:97:2c:34:4f:3e:5c:cc:cb:32:c7:c2:
         9f:4c:6a:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVJjidPwJk0ZFgsjL1l2UjIJK+KUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTc1MTA5WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMWI4OWYyMjNlMjg3MzA0M2RmNzIyNTczZWNkNGM0YTUz
YmZlMTc5MzBjNjUwZWVmNjQ4MGQ1NWVmNTgwZTljMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6MmhiOIIwA/67r/DbAugEZdaoLj3B8ueT5yizvLXRrWok
gY5vVBSOpRCIdse9AvkCi6nbb1zabl6EcZMaJ5mhe5SkucGfTv2PuMyWEqUmyx2T
XnLX+x4EkmrJtsuf8d++ahIfrXuqMbpRkpSyQsjF43d9VsBIox2mFedqZtNqKv5R
nZOqDbroKupmlC/srxKrePtX5JiruY14+4N77KNOON35XtlT4uNB2ow5bpP2C6p6
556Xdl+3fWB8o+0bLEkJ0HrY+QRoGm5AFbMNgdHjh9+UBLgbHndQm1MrZyPyz+l4
AXwBu4UeweBnqha00KFchf2oaTdGwZ2tUjU0r6yRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvbCl45iz7ujL1JixBlqOwFY+D5wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YxODVmOGJiLTU0YTYtNGEwOS04ZGI5LWVlY2RjOWNlYzQ1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ0X3AwDQYJKoZIhvcNAQELBQADggEBAF8ddUgpUHGEMGhjd0fOs2dyUV/a
jLPPJvKd0levMGgvOGgGnIfTL0VkxysUTVac99Vm8umJ38tg/TidVgUvZdW90/gT
rowPnPLctoM+XfUMyo5xsW7TmBtwaKzph7aPQD81FL29G8kN+HyAEtyZFDKUbwGd
oczK1CstgLKju+2HMzyXvTtM/oO/l03fongrB1sJck0MCF/YWmbRdJNIAxDKo4ew
XTwvcvzFnI4xMfmw/9Lop5nL8cDwOm5SVV2ovoYszItdDv9OhHaMFKPSeZSoVr+A
O+Au2AfPLyi+evc7Qfy9Ybe0Nkke+0jt9Gh9j22XLDRPPlzMyzLHwp9Mavc=
-----END CERTIFICATE-----