Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/002e474f-6018-4654-9ac4-dc284598a0ab.roa
File:                     002e474f-6018-4654-9ac4-dc284598a0ab.roa (raw, json)
Hash identifier:          JsPWaynrvpHT4iwjzrPRHilDDrGIyw+NNXsg46E65bQ=
Subject key identifier:   5F:9B:41:3A:09:DA:C1:F2:21:6B:C4:CE:70:BF:A9:EC:FF:2B:2E:68
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       016E1F3185D6EDF64FF6F4587CF74BEA8E916A53
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/002e474f-6018-4654-9ac4-dc284598a0ab.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.216.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:6e:1f:31:85:d6:ed:f6:4f:f6:f4:58:7c:f7:4b:ea:8e:91:6a:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: serialNumber=b5149e344831800004202391d8d3ce4dfbf954ce1b5470edc9fddcc813314335, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:be:bb:40:ed:7e:e8:1c:2c:0d:9c:21:df:62:
                    df:44:31:67:71:8f:bc:85:a4:8c:dc:33:98:8c:5f:
                    c1:ad:9e:5e:d9:ef:0d:f0:85:93:c9:cb:e6:8c:de:
                    0e:e7:27:ec:ab:01:16:c4:81:27:e8:57:75:05:1a:
                    eb:73:6f:c7:bb:91:3a:13:53:5e:99:2b:33:56:4b:
                    f8:cd:d1:7b:5d:8b:a5:53:81:63:35:e8:e7:41:c9:
                    7a:fa:29:ac:ef:a4:c2:72:bc:96:ef:aa:22:d9:48:
                    99:cc:53:6c:fe:f3:d3:e4:c2:cc:52:e6:6a:5f:84:
                    9c:05:d5:88:24:98:08:f7:19:38:f6:0d:7f:b3:1c:
                    ec:35:15:71:16:e1:b3:12:3b:6e:a2:19:c9:ec:04:
                    c5:7c:ca:89:1d:1d:b7:0d:3c:fe:df:32:69:63:14:
                    72:10:38:ef:bc:82:e3:b1:e6:38:5f:61:02:93:12:
                    50:ca:85:a0:9f:aa:cc:bf:0e:c7:fc:5e:6e:80:84:
                    f5:e1:0c:44:62:62:a0:32:e0:f2:38:d5:63:3a:15:
                    7a:02:4c:e4:6d:58:90:04:50:4e:6d:3a:41:3f:fd:
                    2b:0e:86:07:07:c6:92:8b:c4:40:6a:47:57:33:77:
                    54:7d:f4:5e:b0:0f:23:f7:27:16:ff:53:7a:ec:bf:
                    b0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:9B:41:3A:09:DA:C1:F2:21:6B:C4:CE:70:BF:A9:EC:FF:2B:2E:68
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/002e474f-6018-4654-9ac4-dc284598a0ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.216.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         b2:46:b9:b9:2c:ed:a9:c1:d1:9f:ee:2a:f8:b0:68:e4:71:a9:
         13:80:27:5a:15:60:91:4e:93:93:5b:70:ee:83:08:4f:61:42:
         cf:b4:9b:dd:ba:35:13:52:18:92:8b:f6:19:26:9c:45:61:38:
         6c:18:47:f0:ab:7a:b0:4b:3f:15:eb:db:ee:cd:c3:62:7f:72:
         3a:94:ed:d3:d7:2d:ca:34:21:c6:70:f1:32:a5:ea:7d:49:80:
         c7:ba:41:6a:75:3a:16:3d:f0:ea:67:02:31:ff:bc:f1:e1:3b:
         b1:8a:d6:30:63:20:3b:9c:04:53:e3:d8:30:68:f9:5f:d3:d0:
         e3:7d:86:76:dd:a4:3b:79:a9:84:41:33:8f:6f:db:54:6d:c3:
         88:0c:25:f3:a1:d3:d5:21:5c:57:5c:9f:47:a5:67:af:21:9e:
         ab:09:3f:ea:23:c2:c3:a3:2c:35:a6:8e:aa:0b:0a:b0:5e:4f:
         ee:b4:44:44:d8:4d:fa:db:f6:bb:9f:1c:52:eb:dc:29:02:00:
         f7:a0:12:32:7d:f1:8a:8e:1a:9c:e3:83:81:59:57:43:dc:4a:
         98:c8:3d:0e:70:fe:04:83:2e:ef:a7:00:aa:ea:b1:e7:34:1c:
         54:cf:36:3c:9a:98:54:e8:20:2b:03:26:d4:64:87:1d:8b:99:
         66:67:aa:56
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAW4fMYXW7fZP9vRYfPdL6o6RalMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTE0OWUzNDQ4MzE4MDAwMDQyMDIzOTFkOGQzY2U0ZGZi
Zjk1NGNlMWI1NDcwZWRjOWZkZGNjODEzMzE0MzM1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/vrtA7X7oHCwNnCHfYt9EMWdxj7yFpIzcM5iMX8Gtnl7Z
7w3whZPJy+aM3g7nJ+yrARbEgSfoV3UFGutzb8e7kToTU16ZKzNWS/jN0Xtdi6VT
gWM16OdByXr6KazvpMJyvJbvqiLZSJnMU2z+89PkwsxS5mpfhJwF1YgkmAj3GTj2
DX+zHOw1FXEW4bMSO26iGcnsBMV8yokdHbcNPP7fMmljFHIQOO+8guOx5jhfYQKT
ElDKhaCfqsy/Dsf8Xm6AhPXhDERiYqAy4PI41WM6FXoCTORtWJAEUE5tOkE//SsO
hgcHxpKLxEBqR1czd1R99F6wDyP3Jxb/U3rsv7CVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUX5tBOgnawfIha8TOcL+p7P8rLmgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAwMmU0NzRmLTYwMTgtNDY1NC05YWM0LWRjMjg0NTk4YTBhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE02DANBgkqhkiG9w0BAQsFAAOCAQEAska5uSztqcHRn+4q+LBo5HGpE4An
WhVgkU6Tk1tw7oMIT2FCz7Sb3bo1E1IYkov2GSacRWE4bBhH8Kt6sEs/Fevb7s3D
Yn9yOpTt09ctyjQhxnDxMqXqfUmAx7pBanU6Fj3w6mcCMf+88eE7sYrWMGMgO5wE
U+PYMGj5X9PQ432Gdt2kO3mphEEzj2/bVG3DiAwl86HT1SFcV1yfR6VnryGeqwk/
6iPCw6MsNaaOqgsKsF5P7rRERNhN+tv2u58cUuvcKQIA96ASMn3xio4anOODgVlX
Q9xKmMg9DnD+BIMu76cAquqx5zQcVM82PJqYVOggKwMm1GSHHYuZZmeqVg==
-----END CERTIFICATE-----