Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1a18d151-a637-4994-b991-825c8ca28f23.roa
File:                     1a18d151-a637-4994-b991-825c8ca28f23.roa (raw, json)
Hash identifier:          hf00zfCcRsdax7eygSdvFFGmFfb87KRH0DaDH/6RY6w=
Subject key identifier:   E8:D4:27:33:1B:CE:BF:D4:12:45:52:41:A1:8A:1A:D6:D7:19:BB:9D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       499136F3101EAB06560820DDC6C03B622A6EF3C5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1a18d151-a637-4994-b991-825c8ca28f23.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.109.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:91:36:f3:10:1e:ab:06:56:08:20:dd:c6:c0:3b:62:2a:6e:f3:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=62e065048a12a1732bff6fcff10e108402704c4728c8a1c6184d85e4c19d792b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bf:11:6d:ff:e3:32:23:02:9d:b4:95:59:f2:
                    32:dd:2b:21:d7:5e:32:c3:4a:55:e1:7c:58:e9:84:
                    fc:b6:f2:61:5d:08:12:cf:12:f5:f5:16:ff:ac:6b:
                    cf:57:bd:8d:73:a8:3b:55:32:7e:1f:a8:21:9c:fb:
                    59:a6:dc:f1:cd:09:3f:c2:f4:f6:a8:28:32:48:8c:
                    5b:0d:a8:34:a0:dc:3d:79:9c:cf:3d:fd:64:f7:bc:
                    2b:72:8b:75:e7:cd:bc:27:51:5e:31:52:79:40:27:
                    51:b9:2a:79:93:08:b1:5b:0e:d8:1e:92:05:cd:1c:
                    6b:21:77:2f:47:7f:d4:51:cc:9c:e7:75:81:24:b5:
                    a4:08:61:68:bb:a1:fe:94:77:54:48:6a:49:d4:ce:
                    af:2c:2c:22:8c:25:67:6b:e3:a0:ec:d9:73:ef:4f:
                    1a:d0:bc:9e:f1:96:33:00:b9:28:29:eb:95:28:22:
                    07:1d:cd:9b:b2:e4:d9:1c:ea:47:ad:b2:39:ad:11:
                    20:80:6f:fc:15:34:28:f3:55:4c:b0:d2:fa:ca:17:
                    8a:9c:04:53:bf:5c:62:73:cc:2a:a5:79:18:19:76:
                    95:67:25:c2:eb:e4:1e:f5:7b:d6:7d:42:6f:dc:65:
                    a9:b0:ca:fb:2c:55:da:d2:4b:ee:c8:88:19:39:8c:
                    d1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:D4:27:33:1B:CE:BF:D4:12:45:52:41:A1:8A:1A:D6:D7:19:BB:9D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1a18d151-a637-4994-b991-825c8ca28f23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:40:c5:e6:d1:1b:7b:a7:87:e0:8f:59:97:94:e0:c9:c8:fa:
         f7:c0:aa:bd:f2:94:ab:2e:82:91:1a:ea:3e:b3:5a:9a:79:de:
         d3:8f:50:af:ed:ad:f4:95:03:0c:43:26:b5:4b:35:20:51:2f:
         e0:60:f8:5e:ce:63:80:4b:7b:be:c8:79:78:95:23:38:f5:c9:
         a7:bc:39:56:ba:5e:a9:d5:8d:0f:d4:05:ba:27:cf:91:92:96:
         d1:34:2a:17:2c:c1:f8:0f:5e:df:21:b3:ed:db:4b:51:07:76:
         3d:77:9d:49:2b:6a:6d:6f:cd:b5:57:cc:08:04:9c:04:d5:72:
         0d:87:0c:88:4c:72:15:94:75:85:28:b9:8f:0f:bd:6d:17:f5:
         40:79:3b:db:b3:eb:a6:b0:b5:8b:b5:b3:84:97:58:9a:f0:25:
         69:33:da:ad:9e:09:18:4f:7a:e0:09:b5:47:83:3f:50:37:b0:
         72:e9:f3:72:fc:c8:08:e9:14:83:77:89:e3:48:c3:e7:4f:34:
         b7:22:79:15:64:99:6b:8a:98:f1:37:74:73:1d:c0:d3:c1:4c:
         40:2b:30:ba:8f:05:5c:a5:ac:df:f4:1e:f7:38:8a:c0:2d:11:
         96:87:d1:16:cd:a8:59:99:a1:97:91:06:74:6b:77:fe:b2:0a:
         04:04:70:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSZE28xAeqwZWCCDdxsA7Yipu88UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmUwNjUwNDhhMTJhMTczMmJmZjZmY2ZmMTBlMTA4NDAy
NzA0YzQ3MjhjOGExYzYxODRkODVlNGMxOWQ3OTJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2vxFt/+MyIwKdtJVZ8jLdKyHXXjLDSlXhfFjphPy28mFd
CBLPEvX1Fv+sa89XvY1zqDtVMn4fqCGc+1mm3PHNCT/C9PaoKDJIjFsNqDSg3D15
nM89/WT3vCtyi3XnzbwnUV4xUnlAJ1G5KnmTCLFbDtgekgXNHGshdy9Hf9RRzJzn
dYEktaQIYWi7of6Ud1RIaknUzq8sLCKMJWdr46Ds2XPvTxrQvJ7xljMAuSgp65Uo
IgcdzZuy5Nkc6ketsjmtESCAb/wVNCjzVUyw0vrKF4qcBFO/XGJzzCqleRgZdpVn
JcLr5B71e9Z9Qm/cZamwyvssVdrSS+7IiBk5jNELAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6NQnMxvOv9QSRVJBoYoa1tcZu50wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFhMThkMTUxLWE2MzctNDk5NC1iOTkxLTgyNWM4Y2EyOGYyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA28G0wDQYJKoZIhvcNAQELBQADggEBAJNAxebRG3unh+CPWZeU4MnI+vfA
qr3ylKsugpEa6j6zWpp53tOPUK/trfSVAwxDJrVLNSBRL+Bg+F7OY4BLe77IeXiV
Izj1yae8OVa6XqnVjQ/UBbonz5GSltE0KhcswfgPXt8hs+3bS1EHdj13nUkram1v
zbVXzAgEnATVcg2HDIhMchWUdYUouY8PvW0X9UB5O9uz66awtYu1s4SXWJrwJWkz
2q2eCRhPeuAJtUeDP1A3sHLp83L8yAjpFIN3ieNIw+dPNLcieRVkmWuKmPE3dHMd
wNPBTEArMLqPBVylrN/0Hvc4isAtEZaH0RbNqFmZoZeRBnRrd/6yCgQEcJg=
-----END CERTIFICATE-----