Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2be2833d-447d-4474-a9e3-b0c75e264fa6.roa
File:                     2be2833d-447d-4474-a9e3-b0c75e264fa6.roa (raw, json)
Hash identifier:          OU0uG8WpeJm/tANINE2SSqGePhGZ9XnSI53FN44HEDs=
Subject key identifier:   39:B4:B2:23:36:25:6F:F1:68:3F:90:58:72:72:98:97:A1:05:80:68
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0BB9C02D5CE49125542DB7346A709F30BD1C1F37
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2be2833d-447d-4474-a9e3-b0c75e264fa6.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        52.46.188.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:b9:c0:2d:5c:e4:91:25:54:2d:b7:34:6a:70:9f:30:bd:1c:1f:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=cf7de9487c0e8675cfcfdf62c1bc75d03cb8b7a59041def73123b8377057e8c3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a0:bd:37:13:30:82:8c:77:ca:f9:44:47:6f:
                    3d:a8:33:93:bd:ef:a5:38:20:a3:19:b0:d0:e5:15:
                    d4:da:5d:5e:78:5b:60:30:39:3f:c4:f2:d6:dc:2a:
                    3b:90:64:0f:05:b5:20:26:38:47:1c:b7:96:b4:a0:
                    2c:1c:9c:06:92:18:7e:b6:2a:97:e2:b5:25:58:3e:
                    d6:04:9e:6f:19:33:33:15:a0:19:a8:d4:64:72:71:
                    6e:67:ea:1f:9b:eb:9f:58:32:60:4e:75:d1:aa:d6:
                    89:c7:34:58:d4:e7:42:4b:5f:49:7b:b5:a5:0b:48:
                    5e:cc:00:76:6c:ad:13:5f:0e:b1:3b:57:69:6c:f8:
                    9d:3b:4f:ac:f0:8a:1e:3e:f3:42:9e:25:6c:71:b9:
                    34:e4:eb:b0:65:1c:79:b4:52:c6:00:b4:60:a8:2b:
                    92:3c:b2:99:bb:ac:00:a0:62:64:06:9c:ae:22:1b:
                    84:fb:e6:91:6b:a9:42:88:83:cf:b7:ea:2c:bb:d7:
                    fb:c8:62:fe:b7:e5:30:ed:20:50:e3:b7:0e:20:fd:
                    43:4b:87:e7:98:b1:13:53:53:75:88:1f:85:c7:e2:
                    d6:8d:dd:0b:6e:ae:eb:aa:0b:e9:0c:6a:66:11:e9:
                    29:1c:85:98:95:d1:c3:0f:9e:29:01:ad:46:31:68:
                    10:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B4:B2:23:36:25:6F:F1:68:3F:90:58:72:72:98:97:A1:05:80:68
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2be2833d-447d-4474-a9e3-b0c75e264fa6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.46.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:a7:22:e0:b4:4a:70:f1:a1:b6:87:a8:dd:07:c3:e4:18:b7:
         6b:69:f1:08:36:53:f1:bd:b5:eb:91:89:e5:5f:59:13:69:ce:
         38:8b:ad:2c:27:b8:d5:fe:d6:70:de:88:63:20:28:2a:55:e1:
         2a:c4:73:19:63:3d:a0:6e:74:83:9c:70:18:70:24:e7:11:59:
         8b:bc:86:18:2a:72:b9:90:5e:a5:55:8b:4b:86:95:05:4c:11:
         56:91:7d:87:bb:95:46:76:d1:17:f2:49:41:f1:1c:12:39:27:
         58:21:fc:3d:e6:47:62:7b:5b:57:d4:bc:0a:ee:a3:44:b6:3f:
         9a:89:e8:68:16:f2:79:43:db:30:94:98:87:23:8d:01:6c:83:
         bd:6e:00:ef:22:05:2a:14:16:c0:7f:e2:11:3f:7e:9f:03:22:
         cf:53:64:91:59:50:7b:c5:ba:dc:d5:8b:0c:89:6f:ea:59:fa:
         b3:ad:16:5a:2d:4b:1b:b2:c6:c8:e6:1b:81:17:7f:3d:d3:81:
         7e:f6:e8:64:d8:96:f5:c3:98:9d:84:9f:44:23:04:3a:05:93:
         48:63:77:db:4f:e0:ba:d7:75:34:1c:60:5b:5a:35:27:dc:5d:
         4b:72:80:6d:7a:c1:39:06:a4:c4:d6:cb:f7:b1:5e:f8:e3:3a:
         19:aa:89:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC7nALVzkkSVULbc0anCfML0cHzcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjdkZTk0ODdjMGU4Njc1Y2ZjZmRmNjJjMWJjNzVkMDNj
YjhiN2E1OTA0MWRlZjczMTIzYjgzNzcwNTdlOGMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCboL03EzCCjHfK+URHbz2oM5O976U4IKMZsNDlFdTaXV54
W2AwOT/E8tbcKjuQZA8FtSAmOEcct5a0oCwcnAaSGH62KpfitSVYPtYEnm8ZMzMV
oBmo1GRycW5n6h+b659YMmBOddGq1onHNFjU50JLX0l7taULSF7MAHZsrRNfDrE7
V2ls+J07T6zwih4+80KeJWxxuTTk67BlHHm0UsYAtGCoK5I8spm7rACgYmQGnK4i
G4T75pFrqUKIg8+36iy71/vIYv635TDtIFDjtw4g/UNLh+eYsRNTU3WIH4XH4taN
3QturuuqC+kMamYR6SkchZiV0cMPnikBrUYxaBDlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUObSyIzYlb/FoP5BYcnKYl6EFgGgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJiZTI4MzNkLTQ0N2QtNDQ3NC1hOWUzLWIwYzc1ZTI2NGZhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0LrwwDQYJKoZIhvcNAQELBQADggEBAIanIuC0SnDxobaHqN0Hw+QYt2tp
8Qg2U/G9teuRieVfWRNpzjiLrSwnuNX+1nDeiGMgKCpV4SrEcxljPaBudIOccBhw
JOcRWYu8hhgqcrmQXqVVi0uGlQVMEVaRfYe7lUZ20RfySUHxHBI5J1gh/D3mR2J7
W1fUvAruo0S2P5qJ6GgW8nlD2zCUmIcjjQFsg71uAO8iBSoUFsB/4hE/fp8DIs9T
ZJFZUHvFutzViwyJb+pZ+rOtFlotSxuyxsjmG4EXfz3TgX726GTYlvXDmJ2En0Qj
BDoFk0hjd9tP4LrXdTQcYFtaNSfcXUtygG16wTkGpMTWy/exXvjjOhmqiQI=
-----END CERTIFICATE-----