Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c4fd174-71e1-4aa8-aa79-4ce7b2b2bf2a.roa
File:                     0c4fd174-71e1-4aa8-aa79-4ce7b2b2bf2a.roa (raw, json)
Hash identifier:          5OVLbAtfg83fNXeOS5u6XfAos56wf9Z0iBOMhanaPWg=
Subject key identifier:   72:8F:82:C1:81:93:73:43:9A:01:55:B1:B8:E5:C9:2A:DA:51:E9:8E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       37EFB28B5DAEE908AB79B83F4DBE165858CC7586
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c4fd174-71e1-4aa8-aa79-4ce7b2b2bf2a.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.216.0.0/14 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:ef:b2:8b:5d:ae:e9:08:ab:79:b8:3f:4d:be:16:58:58:cc:75:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: serialNumber=a5ca3815a3461428e5ce11e7f9892f30f125805246c6b30507f6bbb1d69ab2f4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:94:8b:60:59:76:db:a1:0d:20:c4:72:54:3a:
                    c6:29:67:20:cb:56:aa:9f:58:31:59:36:69:72:94:
                    f3:92:7d:5c:d0:3a:4d:bf:2e:5b:a9:56:41:fb:8e:
                    a0:5a:cb:03:14:6b:22:07:07:31:e9:9f:e5:9f:45:
                    32:91:44:bc:d9:38:3e:78:19:0f:8c:d6:7a:0f:d0:
                    92:38:3e:e8:85:9e:e7:f6:8f:28:33:dc:c3:39:aa:
                    e0:ff:94:7f:c6:69:98:5f:9b:89:1f:99:54:c1:ee:
                    32:8e:df:4d:41:3c:8a:f5:f0:6f:0c:32:bb:80:17:
                    0c:f9:5f:6b:9d:1c:e8:6e:8b:56:df:69:9d:c5:db:
                    73:ac:98:cf:ee:1c:b6:61:e5:f2:0f:b7:af:2a:8e:
                    19:39:b9:a3:47:d5:6f:80:44:d3:52:ef:95:14:3c:
                    d7:4f:10:41:b6:9b:70:f0:d9:3f:07:c4:3a:d0:7b:
                    eb:38:51:06:8f:c2:21:ae:8e:b8:a6:62:dd:b0:ea:
                    30:6d:95:aa:73:85:d3:82:c8:e3:b6:b6:d5:fc:cd:
                    22:d1:fb:82:ee:3f:45:98:82:07:f9:69:69:7a:a7:
                    8f:8a:99:5b:94:1c:9c:ad:56:38:b5:c7:3e:db:e0:
                    7d:af:c8:01:16:23:92:d4:d3:0e:4a:58:1f:8a:6e:
                    4c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:8F:82:C1:81:93:73:43:9A:01:55:B1:B8:E5:C9:2A:DA:51:E9:8E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c4fd174-71e1-4aa8-aa79-4ce7b2b2bf2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.216.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         6a:bb:9f:69:03:f8:40:2f:23:2b:31:86:a1:9f:f3:f2:f4:fd:
         72:28:82:ca:91:f0:3d:12:02:59:76:b5:0b:af:00:74:e0:57:
         6b:06:3e:24:a0:9b:df:81:d8:34:55:1d:14:5e:db:b1:bd:aa:
         ce:c8:4a:1b:58:36:d8:e0:9b:a3:7a:3b:2f:93:6a:0e:d7:78:
         45:50:f4:12:fc:f8:3b:a3:38:f6:0a:79:34:0e:83:3f:c2:78:
         e4:65:bc:04:8b:b5:65:6b:a3:d8:6d:0b:a3:8e:97:ea:bf:57:
         dc:b9:b5:de:15:7f:4f:62:41:fd:82:00:ff:b1:0d:31:53:5b:
         90:3e:78:58:a3:a1:2f:35:b9:ef:f2:a6:81:8d:52:f3:8d:3a:
         ee:12:9e:28:3b:41:a2:9d:f2:a1:9e:07:78:a6:51:0b:de:12:
         d9:e8:85:d4:f1:0b:3a:ab:dc:9f:7a:5b:2c:71:25:1b:a0:27:
         f9:ca:80:83:62:1c:e5:af:bc:f4:70:e0:4b:e5:19:88:1f:c1:
         37:ea:f7:24:0a:d5:da:f8:a9:d1:e0:b1:46:c3:e0:f9:73:08:
         ff:e3:da:96:47:51:ec:d8:f9:bd:91:fb:96:b5:ec:85:61:24:
         96:39:eb:95:72:96:24:ad:3a:0c:0c:37:d4:8c:8a:ed:66:76:
         ab:db:ed:0a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUN++yi12u6Qirebg/Tb4WWFjMdYYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNWNhMzgxNWEzNDYxNDI4ZTVjZTExZTdmOTg5MmYzMGYx
MjU4MDUyNDZjNmIzMDUwN2Y2YmJiMWQ2OWFiMmY0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHlItgWXbboQ0gxHJUOsYpZyDLVqqfWDFZNmlylPOSfVzQ
Ok2/LlupVkH7jqBaywMUayIHBzHpn+WfRTKRRLzZOD54GQ+M1noP0JI4PuiFnuf2
jygz3MM5quD/lH/GaZhfm4kfmVTB7jKO301BPIr18G8MMruAFwz5X2udHOhui1bf
aZ3F23OsmM/uHLZh5fIPt68qjhk5uaNH1W+ARNNS75UUPNdPEEG2m3Dw2T8HxDrQ
e+s4UQaPwiGujrimYt2w6jBtlapzhdOCyOO2ttX8zSLR+4LuP0WYggf5aWl6p4+K
mVuUHJytVji1xz7b4H2vyAEWI5LU0w5KWB+Kbkw3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUco+CwYGTc0OaAVWxuOXJKtpR6Y4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBjNGZkMTc0LTcxZTEtNGFhOC1hYTc5LTRjZTdiMmIyYmYyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwI02DANBgkqhkiG9w0BAQsFAAOCAQEAarufaQP4QC8jKzGGoZ/z8vT9ciiC
ypHwPRICWXa1C68AdOBXawY+JKCb34HYNFUdFF7bsb2qzshKG1g22OCbo3o7L5Nq
Dtd4RVD0Evz4O6M49gp5NA6DP8J45GW8BIu1ZWuj2G0Lo46X6r9X3Lm13hV/T2JB
/YIA/7ENMVNbkD54WKOhLzW57/KmgY1S84067hKeKDtBop3yoZ4HeKZRC94S2eiF
1PELOqvcn3pbLHElG6An+cqAg2Ic5a+89HDgS+UZiB/BN+r3JArV2vip0eCxRsPg
+XMI/+PalkdR7Nj5vZH7lrXshWEkljnrlXKWJK06DAw31IyK7WZ2q9vtCg==
-----END CERTIFICATE-----