Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fa98bf7-6895-4112-9d04-e43405fcdae2.roa
File:                     1fa98bf7-6895-4112-9d04-e43405fcdae2.roa (raw, json)
Hash identifier:          eyvuX+NpByeeYuKvLqM4OvVSo8kgHGZh0fyUlYaVC5U=
Subject key identifier:   5C:04:FC:69:CB:5B:B8:B1:7A:37:AE:41:F9:2A:AA:85:7F:51:80:89
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7BD2471925C015A9C98615BE4DB9B99C5DCCBE19
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fa98bf7-6895-4112-9d04-e43405fcdae2.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.244.216.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:d2:47:19:25:c0:15:a9:c9:86:15:be:4d:b9:b9:9c:5d:cc:be:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=c3630d53ca5d4baccb190c40dbe1873d78956adae823d75a8807b1d51a07cbdf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ff:15:51:aa:9f:18:df:c0:3a:2e:df:d2:9b:
                    2a:08:ff:76:49:bb:a6:48:3d:ee:e2:50:fd:8f:f7:
                    59:5b:a6:98:92:ca:9d:cb:de:d6:52:c9:0a:1e:de:
                    2e:db:36:97:5e:30:3a:a6:83:3d:54:66:d1:c5:18:
                    49:00:68:7a:d1:4a:8a:a4:5b:8b:54:d0:54:7d:ea:
                    80:f3:37:54:a3:ea:05:5a:b9:6c:96:ef:68:e9:b1:
                    3a:d4:05:04:f8:40:70:0a:35:ef:1c:7f:15:91:58:
                    32:19:33:9d:57:f6:ec:90:1c:83:18:e5:d4:96:5b:
                    a4:2e:87:37:f4:33:3f:65:5a:c9:f2:89:32:9d:40:
                    da:4d:ca:46:cc:31:19:5e:26:db:5c:b8:c3:93:25:
                    84:c5:e1:c2:04:42:f4:a7:9b:0b:60:ba:de:09:62:
                    c4:aa:97:b6:6d:b2:77:44:49:42:47:3e:9a:5a:2b:
                    31:fc:a7:f0:f4:5a:4a:18:4d:25:e4:33:07:86:d2:
                    8f:13:9a:c8:05:4d:f2:33:42:a8:43:dc:2d:7b:10:
                    49:ab:5d:20:28:a0:7d:2b:ca:4f:2b:e6:31:f4:01:
                    13:8c:41:ba:a7:4e:33:ff:1b:43:33:33:98:29:29:
                    d0:72:55:23:cd:0d:d6:d8:8b:29:a7:a0:44:37:82:
                    7a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:04:FC:69:CB:5B:B8:B1:7A:37:AE:41:F9:2A:AA:85:7F:51:80:89
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fa98bf7-6895-4112-9d04-e43405fcdae2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.244.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:19:2f:9d:fc:05:26:7b:f6:73:67:5a:3e:c2:38:b9:98:4b:
         d4:c7:26:c4:53:46:4b:7a:a9:5d:bc:f5:eb:ef:3d:64:84:80:
         ef:1a:f9:a9:29:91:cd:48:95:b8:4f:2c:b2:22:3a:69:5b:57:
         ec:57:6e:5b:57:c1:6c:62:56:80:6a:8c:ba:f9:6a:13:b3:06:
         63:3e:72:27:3c:99:f5:53:4a:47:8c:17:ac:7b:e8:92:ed:50:
         35:05:15:e7:f6:a6:ec:07:ed:4e:ad:fe:ac:49:76:b5:e3:1c:
         25:6b:40:d2:98:22:f0:e1:77:1a:9f:d2:e4:13:50:ee:4e:80:
         7b:22:21:c8:cf:7f:25:4f:6f:d8:55:27:a5:e6:af:96:56:fd:
         58:51:23:bb:de:3f:88:7f:37:ce:d8:8f:f8:aa:58:ac:c7:0d:
         f0:32:05:f6:f8:bf:84:0d:5f:a2:4e:95:b2:b3:50:b4:47:60:
         75:1a:90:ef:18:70:66:d2:42:1a:5b:3d:a6:13:8e:7d:93:95:
         38:9d:19:fb:f2:31:22:d5:3c:2b:76:5c:c6:46:cc:32:39:19:
         04:04:2e:af:4c:f6:3c:76:f6:79:8a:ab:b9:34:66:4c:e2:b3:
         79:3e:37:fb:7f:da:fd:b2:a1:3c:c7:e4:d0:c1:ac:42:33:59:
         6c:e2:48:55
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe9JHGSXAFanJhhW+Tbm5nF3MvhkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMzYzMGQ1M2NhNWQ0YmFjY2IxOTBjNDBkYmUxODczZDc4
OTU2YWRhZTgyM2Q3NWE4ODA3YjFkNTFhMDdjYmRmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr/xVRqp8Y38A6Lt/SmyoI/3ZJu6ZIPe7iUP2P91lbppiS
yp3L3tZSyQoe3i7bNpdeMDqmgz1UZtHFGEkAaHrRSoqkW4tU0FR96oDzN1Sj6gVa
uWyW72jpsTrUBQT4QHAKNe8cfxWRWDIZM51X9uyQHIMY5dSWW6Quhzf0Mz9lWsny
iTKdQNpNykbMMRleJttcuMOTJYTF4cIEQvSnmwtgut4JYsSql7ZtsndESUJHPppa
KzH8p/D0WkoYTSXkMweG0o8TmsgFTfIzQqhD3C17EEmrXSAooH0ryk8r5jH0AROM
QbqnTjP/G0MzM5gpKdByVSPNDdbYiymnoEQ3gnrXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXAT8actbuLF6N65B+SqqhX9RgIkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFmYTk4YmY3LTY4OTUtNDExMi05ZDA0LWU0MzQwNWZjZGFlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI29NgwDQYJKoZIhvcNAQELBQADggEBAK4ZL538BSZ79nNnWj7COLmYS9TH
JsRTRkt6qV289evvPWSEgO8a+akpkc1IlbhPLLIiOmlbV+xXbltXwWxiVoBqjLr5
ahOzBmM+cic8mfVTSkeMF6x76JLtUDUFFef2puwH7U6t/qxJdrXjHCVrQNKYIvDh
dxqf0uQTUO5OgHsiIcjPfyVPb9hVJ6Xmr5ZW/VhRI7veP4h/N87Yj/iqWKzHDfAy
Bfb4v4QNX6JOlbKzULRHYHUakO8YcGbSQhpbPaYTjn2TlTidGfvyMSLVPCt2XMZG
zDI5GQQELq9M9jx29nmKq7k0Zkzis3k+N/t/2v2yoTzH5NDBrEIzWWziSFU=
-----END CERTIFICATE-----