Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/075c768c-0bb2-4608-81a8-7fc46d18f116.roa
File:                     075c768c-0bb2-4608-81a8-7fc46d18f116.roa (raw, json)
Hash identifier:          3sBtb8xl66ffOmz1OSgjhIcCDscIWVJEXjRWl0dO31c=
Subject key identifier:   C1:0D:38:97:27:F3:4D:77:18:7D:09:6D:1E:9D:F7:FE:EC:90:49:36
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3028C1A6FEBD29D121E864DD6F6BE13BAB5E54EA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/075c768c-0bb2-4608-81a8-7fc46d18f116.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.250.96.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:28:c1:a6:fe:bd:29:d1:21:e8:64:dd:6f:6b:e1:3b:ab:5e:54:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=eccc091ac3cf72f2b6cac146ea149d3f3b0619a0ab1d8b6c450990de8020a1ed, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:e9:6f:b0:6d:8f:98:3d:e0:e8:ca:56:9a:04:
                    67:b7:c6:f3:ef:e0:88:64:fe:3a:3c:cb:d4:dc:12:
                    50:96:0f:6b:ef:5c:45:13:a6:ed:22:2d:a6:3f:3c:
                    60:b8:26:12:07:bc:8b:ca:1c:9a:15:cd:45:4d:e1:
                    8e:4b:e1:1e:bf:d1:9b:00:ae:6c:46:2d:22:0e:8a:
                    5a:d9:8b:62:20:04:95:6e:ce:54:a6:65:5f:bf:4e:
                    81:42:09:96:49:c5:50:c5:bd:fa:a1:5f:76:5f:8e:
                    8a:b9:a0:0d:56:88:78:13:4f:73:8e:d7:75:0b:53:
                    6f:77:2c:28:36:7f:97:ef:32:f5:fe:6f:7b:fb:1c:
                    1b:09:47:c9:f3:84:29:86:d8:6d:c2:e8:6d:bd:46:
                    e7:83:4a:d7:b7:94:63:88:b2:42:b7:b6:12:65:ca:
                    ee:fe:ac:1d:ef:69:df:3e:88:c2:a5:c5:3c:6f:c8:
                    73:fc:14:3f:5f:07:ec:2b:b5:cd:a6:f4:d5:a1:b6:
                    3d:4e:a7:0c:32:c3:45:c7:19:f0:3b:25:83:95:47:
                    2d:ec:14:25:5d:a5:95:31:a8:0e:25:05:26:16:9f:
                    48:23:7d:db:d1:91:d7:9f:23:11:6a:62:31:5d:1f:
                    96:0d:b1:97:95:c2:da:0f:23:3e:d5:ba:80:fd:4f:
                    2b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:0D:38:97:27:F3:4D:77:18:7D:09:6D:1E:9D:F7:FE:EC:90:49:36
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/075c768c-0bb2-4608-81a8-7fc46d18f116.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.250.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         83:42:41:53:8d:ae:6b:89:e1:b3:98:18:a2:e9:e0:07:5f:de:
         5b:b6:1e:21:0a:c7:47:b6:be:8b:6b:47:88:75:c1:7a:e1:0f:
         1b:4c:d9:7e:33:88:bf:20:da:c5:95:61:bd:d2:f4:4f:d1:4a:
         5f:2b:5e:aa:04:ed:13:38:d1:e6:76:6a:36:a7:37:bd:20:18:
         4a:53:a4:1f:69:1d:c4:5c:8e:dd:d3:7b:d9:98:03:ab:1e:f8:
         1b:c0:c9:fc:4d:87:a8:2b:93:7f:57:54:96:37:75:af:fa:94:
         cb:25:18:7f:7d:c5:35:25:ec:30:57:64:c6:53:84:ff:77:96:
         b6:5d:d8:bc:07:47:da:24:7c:7e:a1:de:7b:9e:f5:d4:99:c0:
         ad:83:53:98:9b:ad:74:68:12:3f:c9:99:04:55:71:9d:c7:41:
         15:2a:de:ba:39:86:f2:fc:b0:1d:35:c7:ca:3e:3b:86:3d:75:
         75:33:f6:66:be:ef:d9:07:03:7d:69:5d:9c:45:e8:0c:ad:07:
         28:22:a2:e4:00:45:0e:77:76:0f:6d:0a:a9:2d:44:54:67:03:
         d2:5a:74:67:f2:9e:f1:a7:48:92:85:dd:f7:06:26:ee:dd:93:
         af:e6:cb:12:d4:f5:8e:1d:1b:9c:20:d5:32:a3:85:c3:50:93:
         eb:10:f9:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMCjBpv69KdEh6GTdb2vhO6teVOowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlY2NjMDkxYWMzY2Y3MmYyYjZjYWMxNDZlYTE0OWQzZjNi
MDYxOWEwYWIxZDhiNmM0NTA5OTBkZTgwMjBhMWVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDk6W+wbY+YPeDoylaaBGe3xvPv4Ihk/jo8y9TcElCWD2vv
XEUTpu0iLaY/PGC4JhIHvIvKHJoVzUVN4Y5L4R6/0ZsArmxGLSIOilrZi2IgBJVu
zlSmZV+/ToFCCZZJxVDFvfqhX3Zfjoq5oA1WiHgTT3OO13ULU293LCg2f5fvMvX+
b3v7HBsJR8nzhCmG2G3C6G29RueDSte3lGOIskK3thJlyu7+rB3vad8+iMKlxTxv
yHP8FD9fB+wrtc2m9NWhtj1Opwwyw0XHGfA7JYOVRy3sFCVdpZUxqA4lBSYWn0gj
fdvRkdefIxFqYjFdH5YNsZeVwtoPIz7VuoD9TyvHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwQ04lyfzTXcYfQltHp33/uyQSTYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA3NWM3NjhjLTBiYjItNDYwOC04MWE4LTdmYzQ2ZDE4ZjExNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ2+mAwDQYJKoZIhvcNAQELBQADggEBAINCQVONrmuJ4bOYGKLp4Adf3lu2
HiEKx0e2votrR4h1wXrhDxtM2X4ziL8g2sWVYb3S9E/RSl8rXqoE7RM40eZ2ajan
N70gGEpTpB9pHcRcjt3Te9mYA6se+BvAyfxNh6grk39XVJY3da/6lMslGH99xTUl
7DBXZMZThP93lrZd2LwHR9okfH6h3nue9dSZwK2DU5ibrXRoEj/JmQRVcZ3HQRUq
3ro5hvL8sB01x8o+O4Y9dXUz9ma+79kHA31pXZxF6AytBygiouQARQ53dg9tCqkt
RFRnA9JadGfynvGnSJKF3fcGJu7dk6/myxLU9Y4dG5wg1TKjhcNQk+sQ+V4=
-----END CERTIFICATE-----