Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/020c953e-2698-4dcb-a61e-04566b1b57ca.roa
File:                     020c953e-2698-4dcb-a61e-04566b1b57ca.roa (raw, json)
Hash identifier:          4SIY2s68mQzohDhmHuATrMLRFKrhZVcyw1DO7F4N8FA=
Subject key identifier:   E0:7E:EE:36:73:16:ED:60:BC:22:19:93:35:CA:66:71:55:E1:A6:A8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       9168C7220527FA39DC83258A0F165D642DE54B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/020c953e-2698-4dcb-a61e-04566b1b57ca.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.235.237.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            91:68:c7:22:05:27:fa:39:dc:83:25:8a:0f:16:5d:64:2d:e5:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=332d1b27ae811ebc02d02ae2b18c771c3c703820dc233b2d81cdc27982ced3fe, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3a:1e:28:5b:bb:8b:a0:b0:77:b8:5e:fc:be:
                    39:e8:3c:50:80:81:39:d9:21:76:33:25:2d:61:70:
                    a0:97:89:f8:74:e1:86:3c:02:41:9d:95:ba:04:09:
                    45:cb:aa:4e:40:4f:b9:be:25:86:21:63:cd:20:28:
                    29:b7:e4:42:88:9c:0e:b8:90:64:28:e7:b5:ad:a5:
                    42:f2:ac:26:dd:04:4f:1c:a8:59:94:d6:7c:59:e2:
                    9e:a5:ac:ab:3f:2f:56:20:c6:4b:5f:b2:cf:d9:0a:
                    3d:4c:09:06:cd:23:64:de:5f:29:3f:6b:f6:01:bd:
                    bf:1b:12:c9:4e:31:40:d5:e8:8f:93:34:91:f7:16:
                    be:fe:77:5c:92:38:6e:50:c1:e5:42:fe:92:68:f0:
                    3d:d9:d7:de:df:da:1c:3e:d1:43:22:dc:d8:12:19:
                    7b:cd:86:ca:1e:d0:80:9e:3b:aa:40:d0:41:d0:a2:
                    a3:10:85:74:8a:02:a0:89:11:0a:d9:39:fa:81:96:
                    32:52:d4:b3:7e:45:61:47:66:01:e5:2d:76:d3:9a:
                    58:0b:5a:a6:a0:9d:96:8f:d9:3d:cd:6d:82:09:3b:
                    f7:55:0e:fc:34:ee:df:1e:fb:9d:fb:99:91:19:67:
                    3e:0e:15:72:ca:39:4d:6f:96:de:b5:af:81:31:3f:
                    35:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:7E:EE:36:73:16:ED:60:BC:22:19:93:35:CA:66:71:55:E1:A6:A8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/020c953e-2698-4dcb-a61e-04566b1b57ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.235.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:2d:11:4a:5c:b4:45:15:cc:7a:df:a3:c7:65:b3:b5:45:85:
         50:fe:3d:d4:3b:12:8e:3c:d4:11:6f:c7:50:1e:ca:10:75:d6:
         ab:74:d9:a3:40:3a:b6:50:b6:ff:0b:85:33:f4:54:17:f4:5d:
         41:57:8d:18:71:a9:09:6b:c3:4d:69:92:a0:af:82:30:d7:83:
         a4:29:1c:8d:f5:ae:8b:b9:40:73:ea:90:52:df:91:98:02:15:
         3b:8d:08:01:76:e4:94:57:1c:0a:31:4b:e6:47:ac:e8:d3:fa:
         b1:5a:16:42:f9:bf:a9:9b:e5:2a:ed:ef:39:ec:8b:be:51:50:
         50:31:76:2f:af:23:d0:54:e4:7e:cf:c4:ab:1b:8f:0c:a4:5a:
         b9:ac:6f:aa:d7:09:4e:80:6b:6a:79:3c:c3:07:91:1d:e7:49:
         f5:16:56:2b:35:3c:19:b6:0b:98:15:c9:84:aa:b8:81:81:97:
         ac:d6:da:9f:2b:81:46:e7:f1:d0:63:dc:0d:ca:33:e9:b9:c5:
         47:72:f0:51:c0:e5:bd:68:e7:77:ee:d7:31:99:19:05:fa:c6:
         c2:d4:28:30:ac:35:12:30:05:74:0c:d7:71:2c:ea:82:35:fd:
         d8:24:f0:64:87:12:3f:ca:66:1a:22:df:0b:e9:8e:ff:0d:30:
         8c:c1:07:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAJFoxyIFJ/o53IMlig8WXWQt5UswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzJkMWIyN2FlODExZWJjMDJkMDJhZTJiMThjNzcxYzNj
NzAzODIwZGMyMzNiMmQ4MWNkYzI3OTgyY2VkM2ZlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAOh4oW7uLoLB3uF78vjnoPFCAgTnZIXYzJS1hcKCXifh0
4YY8AkGdlboECUXLqk5AT7m+JYYhY80gKCm35EKInA64kGQo57WtpULyrCbdBE8c
qFmU1nxZ4p6lrKs/L1Ygxktfss/ZCj1MCQbNI2TeXyk/a/YBvb8bEslOMUDV6I+T
NJH3Fr7+d1ySOG5QweVC/pJo8D3Z197f2hw+0UMi3NgSGXvNhsoe0ICeO6pA0EHQ
oqMQhXSKAqCJEQrZOfqBljJS1LN+RWFHZgHlLXbTmlgLWqagnZaP2T3NbYIJO/dV
Dvw07t8e+537mZEZZz4OFXLKOU1vlt61r4ExPzXtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4H7uNnMW7WC8IhmTNcpmcVXhpqgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAyMGM5NTNlLTI2OTgtNGRjYi1hNjFlLTA0NTY2YjFiNTdjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA26+0wDQYJKoZIhvcNAQELBQADggEBAE8tEUpctEUVzHrfo8dls7VFhVD+
PdQ7Eo481BFvx1AeyhB11qt02aNAOrZQtv8LhTP0VBf0XUFXjRhxqQlrw01pkqCv
gjDXg6QpHI31rou5QHPqkFLfkZgCFTuNCAF25JRXHAoxS+ZHrOjT+rFaFkL5v6mb
5Srt7znsi75RUFAxdi+vI9BU5H7PxKsbjwykWrmsb6rXCU6Aa2p5PMMHkR3nSfUW
Vis1PBm2C5gVyYSquIGBl6zW2p8rgUbn8dBj3A3KM+m5xUdy8FHA5b1o53fu1zGZ
GQX6xsLUKDCsNRIwBXQM13Es6oI1/dgk8GSHEj/KZhoi3wvpjv8NMIzBBw4=
-----END CERTIFICATE-----