Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cecfe47-baeb-47dd-a191-b9a4ee8b25e7.roa
File:                     2cecfe47-baeb-47dd-a191-b9a4ee8b25e7.roa (raw, json)
Hash identifier:          4g9o0QMcKknzVJyTWb9k4G5MufeIkNplVv+kNDi5728=
Subject key identifier:   AC:71:C2:42:D0:2E:30:56:33:03:B6:A3:69:6B:B6:86:40:E9:82:67
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       63A21628CC373D05AB95B3BA05ACDFF5735C122A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cecfe47-baeb-47dd-a191-b9a4ee8b25e7.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.2.2.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:a2:16:28:cc:37:3d:05:ab:95:b3:ba:05:ac:df:f5:73:5c:12:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=c9d5d6a4c40f3e1dec5ad23e29925d9f65e1b7a620ca5de457b9205e8548ac0e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:dd:df:c8:84:c6:de:3e:8b:16:67:88:9c:ad:
                    41:8e:f7:de:65:14:f7:80:64:91:d7:f0:c8:57:7d:
                    98:90:04:76:34:ae:26:37:99:e6:29:b1:b7:15:f1:
                    10:d9:96:3f:bd:e6:30:1c:a4:c4:19:58:e7:bd:6b:
                    2d:ec:70:03:86:66:02:02:d5:a9:86:15:f4:90:db:
                    06:86:6f:49:10:3a:d8:a4:97:73:12:5c:0d:be:fa:
                    88:56:bc:b7:1b:a6:45:4b:56:62:e3:e3:f9:6b:ad:
                    4b:19:b6:6b:b9:e9:7c:00:cc:88:86:03:ab:41:6a:
                    df:35:cc:fc:50:b9:2b:e2:5b:7b:b1:ef:db:8c:8d:
                    10:6d:25:a0:78:78:40:8a:5f:19:b4:84:4a:29:79:
                    51:b4:cc:38:54:35:66:04:b1:34:ca:91:fd:1e:61:
                    75:78:94:99:10:e2:d0:6d:fc:54:ff:ce:03:53:13:
                    d5:db:f4:f4:c4:31:37:a7:f4:bf:f5:c7:62:40:ea:
                    04:6e:88:6f:f1:ed:b2:d0:22:0e:e7:5a:7c:54:d7:
                    6f:08:db:95:f6:c7:8a:eb:e2:b5:c6:ae:12:e7:42:
                    b4:dd:7b:bb:d0:a2:81:d2:e6:1a:3b:52:1d:9a:ac:
                    ae:39:ba:bd:6b:10:82:62:96:51:41:76:8d:99:88:
                    bd:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:71:C2:42:D0:2E:30:56:33:03:B6:A3:69:6B:B6:86:40:E9:82:67
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cecfe47-baeb-47dd-a191-b9a4ee8b25e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:0b:55:96:79:f3:0e:5c:d6:29:fe:b2:42:5f:e0:cb:cf:f0:
         de:c7:d8:b5:78:32:67:95:6e:bb:c3:ce:a4:8d:b5:5b:0b:90:
         8e:2d:bb:af:ad:7d:7f:ba:17:94:e1:da:14:22:18:15:f3:10:
         07:cc:3c:3f:14:b8:82:76:a4:f7:5e:06:7d:4f:a8:a9:7a:0d:
         cb:8d:26:44:3a:ac:ce:62:f4:2f:3d:28:26:ae:54:e0:25:3e:
         02:fe:d7:f1:72:ae:13:4e:98:6c:14:e8:c3:af:89:3f:47:f6:
         66:1c:ec:c3:8f:71:99:65:f5:e4:6e:d0:60:fe:a8:fa:52:1f:
         1a:a6:a5:76:96:9b:f4:c9:2e:58:fe:de:b2:97:44:c3:00:95:
         df:5f:09:5b:cf:b1:0e:bf:d7:46:01:36:58:49:68:a3:70:e1:
         f5:aa:9a:f1:f5:b6:15:24:0d:9e:8e:19:56:f6:81:bd:d3:b3:
         93:61:a6:ff:27:51:50:06:b7:e6:da:df:2d:18:0e:37:65:25:
         98:34:e8:85:df:5d:77:82:16:d4:fd:7b:25:3a:fb:45:88:38:
         cc:c8:25:b9:46:9d:05:86:33:1d:87:9f:dd:ad:b8:7f:8f:59:
         9d:a8:6b:74:5c:17:74:f8:85:e9:d6:ad:4a:2a:a0:86:69:71:
         41:c7:3b:42
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY6IWKMw3PQWrlbO6Bazf9XNcEiowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjOWQ1ZDZhNGM0MGYzZTFkZWM1YWQyM2UyOTkyNWQ5ZjY1
ZTFiN2E2MjBjYTVkZTQ1N2I5MjA1ZTg1NDhhYzBlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx3d/IhMbePosWZ4icrUGO995lFPeAZJHX8MhXfZiQBHY0
riY3meYpsbcV8RDZlj+95jAcpMQZWOe9ay3scAOGZgIC1amGFfSQ2waGb0kQOtik
l3MSXA2++ohWvLcbpkVLVmLj4/lrrUsZtmu56XwAzIiGA6tBat81zPxQuSviW3ux
79uMjRBtJaB4eECKXxm0hEopeVG0zDhUNWYEsTTKkf0eYXV4lJkQ4tBt/FT/zgNT
E9Xb9PTEMTen9L/1x2JA6gRuiG/x7bLQIg7nWnxU128I25X2x4rr4rXGrhLnQrTd
e7vQooHS5ho7Uh2arK45ur1rEIJillFBdo2ZiL0dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrHHCQtAuMFYzA7ajaWu2hkDpgmcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJjZWNmZTQ3LWJhZWItNDdkZC1hMTkxLWI5YTRlZThiMjVlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAgIwDQYJKoZIhvcNAQELBQADggEBACULVZZ58w5c1in+skJf4MvP8N7H
2LV4MmeVbrvDzqSNtVsLkI4tu6+tfX+6F5Th2hQiGBXzEAfMPD8UuIJ2pPdeBn1P
qKl6DcuNJkQ6rM5i9C89KCauVOAlPgL+1/FyrhNOmGwU6MOviT9H9mYc7MOPcZll
9eRu0GD+qPpSHxqmpXaWm/TJLlj+3rKXRMMAld9fCVvPsQ6/10YBNlhJaKNw4fWq
mvH1thUkDZ6OGVb2gb3Ts5Nhpv8nUVAGt+ba3y0YDjdlJZg06IXfXXeCFtT9eyU6
+0WIOMzIJblGnQWGMx2Hn92tuH+PWZ2oa3RcF3T4henWrUoqoIZpcUHHO0I=
-----END CERTIFICATE-----