Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2d1a908-2eba-4f3b-a470-a8be14810415.roa
File:                     f2d1a908-2eba-4f3b-a470-a8be14810415.roa (raw, json)
Hash identifier:          mXCqpbanjEPydNDfxzInNxv2aMDpYDv968om36U1Alc=
Subject key identifier:   00:4E:76:53:21:49:46:8C:02:8F:9B:A3:13:DE:57:4E:03:E0:46:0B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       68652C938A3831FB40422A1FED4DBA68C3F6C8AA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2d1a908-2eba-4f3b-a470-a8be14810415.roa
Signing time:             Mon 14 Apr 2025 16:11:52 +0000
ROA not before:           Mon 14 Apr 2025 16:11:52 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.248.192.0/19 maxlen: 19

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:65:2c:93:8a:38:31:fb:40:42:2a:1f:ed:4d:ba:68:c3:f6:c8:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 16:11:52 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=8b9aacf02c7826c81912b72297b537aba68aa14e253cf12e7c660f968b2a786a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ed:57:c6:f5:e7:2c:ab:89:24:84:b4:bd:86:
                    9d:42:45:53:bc:05:bc:6d:cf:2d:7d:0f:45:fb:13:
                    a8:bc:15:13:98:71:17:3b:5c:bc:76:30:85:a2:05:
                    36:3e:4b:fb:9c:bb:69:38:b7:11:1e:58:ee:19:11:
                    64:da:1d:f9:ac:76:0e:08:1f:52:f1:0d:63:1a:ac:
                    81:52:a3:91:aa:18:e9:8b:90:da:48:3b:5c:4f:49:
                    64:ab:9c:d5:16:9f:4a:83:d5:30:d2:46:b0:b3:47:
                    c9:db:39:7d:51:22:10:d2:0d:6e:9c:92:c0:12:ee:
                    69:54:bd:c1:ce:9c:6e:3f:e1:10:e7:bd:48:27:4e:
                    79:2f:3e:88:d1:4b:aa:b3:64:64:fd:d3:19:3d:7c:
                    ef:3a:ab:06:71:f4:7e:8f:c5:26:4c:65:68:09:f3:
                    2f:67:5f:77:7a:f0:c4:d0:2b:dd:90:cf:8d:0c:91:
                    81:e5:bb:3f:67:c0:33:ff:df:ad:8d:29:68:20:a8:
                    6a:ad:7d:df:0b:66:d4:26:2f:4b:bb:ab:09:e8:ea:
                    e5:3f:f1:bc:bb:fc:da:7e:3a:69:ef:08:a6:ad:d0:
                    8a:ea:28:04:0a:e1:c5:d7:3e:03:33:d5:9b:11:99:
                    61:a1:c6:22:a5:6d:a7:31:2b:61:e4:5d:a1:c1:4e:
                    a7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:4E:76:53:21:49:46:8C:02:8F:9B:A3:13:DE:57:4E:03:E0:46:0B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2d1a908-2eba-4f3b-a470-a8be14810415.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.248.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         26:57:c3:fe:1c:e8:66:0a:e6:1e:d7:7f:34:75:33:cb:94:c6:
         ec:af:82:25:e1:e7:20:70:55:66:c0:88:b8:b1:ff:d0:9f:13:
         4a:e6:d3:ec:38:38:5b:8f:7d:d5:26:f9:ad:1b:4d:d4:38:5b:
         ef:b5:fa:a4:a1:dc:67:13:fe:35:b6:28:64:be:6d:03:d5:40:
         f6:34:4d:f7:f2:6a:0a:b0:80:98:9d:a8:c8:17:09:1c:f3:ec:
         ca:d3:af:8c:9c:59:39:bc:f1:8d:9c:8e:79:c9:da:18:04:2d:
         e9:96:87:96:99:4d:c4:67:09:e2:89:74:ed:66:d8:fa:04:75:
         e0:e4:f0:5f:7b:c5:ce:ae:94:e5:67:c7:8a:80:c1:eb:4e:55:
         c2:f1:fb:13:58:74:29:5c:cb:96:e9:06:9c:64:69:65:42:f9:
         d8:d1:a7:20:24:83:f0:54:96:38:52:1c:fa:18:f1:8a:f0:60:
         dc:f9:b8:3d:28:15:7f:39:83:a9:2a:36:df:36:37:02:06:04:
         c0:2f:b4:6c:c3:c2:5e:f2:33:87:21:1d:67:8d:5f:1d:84:7d:
         fe:ab:5d:8b:d1:79:6d:05:d4:b4:da:04:1d:70:2d:41:a1:ff:
         00:2f:c6:61:85:0d:96:72:4f:d1:ee:0d:58:d9:f7:3e:1c:da:
         db:5d:12:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaGUsk4o4MftAQiof7U26aMP2yKowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTYxMTUyWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjlhYWNmMDJjNzgyNmM4MTkxMmI3MjI5N2I1MzdhYmE2
OGFhMTRlMjUzY2YxMmU3YzY2MGY5NjhiMmE3ODZhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCF7VfG9ecsq4kkhLS9hp1CRVO8Bbxtzy19D0X7E6i8FROY
cRc7XLx2MIWiBTY+S/ucu2k4txEeWO4ZEWTaHfmsdg4IH1LxDWMarIFSo5GqGOmL
kNpIO1xPSWSrnNUWn0qD1TDSRrCzR8nbOX1RIhDSDW6cksAS7mlUvcHOnG4/4RDn
vUgnTnkvPojRS6qzZGT90xk9fO86qwZx9H6PxSZMZWgJ8y9nX3d68MTQK92Qz40M
kYHluz9nwDP/362NKWggqGqtfd8LZtQmL0u7qwno6uU/8by7/Np+OmnvCKat0Irq
KAQK4cXXPgMz1ZsRmWGhxiKlbacxK2HkXaHBTqdPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAE52UyFJRowCj5ujE95XTgPgRgswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyZDFhOTA4LTJlYmEtNGYzYi1hNDcwLWE4YmUxNDgxMDQxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUD+MAwDQYJKoZIhvcNAQELBQADggEBACZXw/4c6GYK5h7XfzR1M8uUxuyv
giXh5yBwVWbAiLix/9CfE0rm0+w4OFuPfdUm+a0bTdQ4W++1+qSh3GcT/jW2KGS+
bQPVQPY0TffyagqwgJidqMgXCRzz7MrTr4ycWTm88Y2cjnnJ2hgELemWh5aZTcRn
CeKJdO1m2PoEdeDk8F97xc6ulOVnx4qAwetOVcLx+xNYdClcy5bpBpxkaWVC+djR
pyAkg/BUljhSHPoY8YrwYNz5uD0oFX85g6kqNt82NwIGBMAvtGzDwl7yM4chHWeN
Xx2Eff6rXYvReW0F1LTaBB1wLUGh/wAvxmGFDZZyT9HuDVjZ9z4c2ttdEtM=
-----END CERTIFICATE-----