Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d997d40-5423-4f39-a3a2-b9e9cbd1a476.roa
File:                     2d997d40-5423-4f39-a3a2-b9e9cbd1a476.roa (raw, json)
Hash identifier:          mJJeEDHXkFiSlPSpkbQeaLhXyNn0pRIrMN6DDsaUVw8=
Subject key identifier:   1F:38:FC:F5:80:83:C5:FC:AF:34:AF:53:C4:0F:87:CB:11:5E:9F:A5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       254C86354D174532065DAE3507D2217F47E6DC78
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d997d40-5423-4f39-a3a2-b9e9cbd1a476.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.150.0.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:4c:86:35:4d:17:45:32:06:5d:ae:35:07:d2:21:7f:47:e6:dc:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=6739712539eedf516a3e208499f65400325741bb5b07651cc5fa837c540729da, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6a:f9:8a:97:c1:36:e0:80:dd:8b:70:0c:d6:
                    bb:4f:f3:43:f5:58:2d:84:fc:cf:73:0d:9e:af:c4:
                    68:15:da:be:51:55:a9:2f:07:59:b3:44:ab:b5:9a:
                    6d:4c:96:67:2c:27:6d:a4:fe:fb:eb:0a:68:8e:08:
                    64:a5:27:86:06:ed:5a:ff:76:ed:9e:28:a1:cb:fc:
                    4a:4b:11:98:08:1f:f2:ac:1c:f8:30:96:23:ff:12:
                    bb:d0:24:64:7b:2e:e3:ed:84:22:5b:33:db:86:ed:
                    58:f5:e1:97:d0:83:6f:49:0b:75:aa:5d:6b:99:8e:
                    16:93:5c:5d:a1:50:9d:5e:a5:16:44:c3:b9:4b:1a:
                    e9:58:33:c3:0b:e8:37:98:04:3d:a9:f9:61:ac:17:
                    82:8a:12:dd:b4:8e:b0:f3:65:2e:e8:25:4a:18:ad:
                    6c:95:47:57:1b:6e:ac:04:8b:05:33:77:6d:9a:19:
                    55:a8:d6:0b:4d:03:23:00:a4:c1:39:63:8c:da:75:
                    02:58:53:ae:ae:90:d3:95:c4:e1:7f:c6:f3:e3:05:
                    d9:a2:e7:a7:0d:2c:35:71:aa:05:64:5f:82:f2:c2:
                    19:df:49:ab:d1:77:98:95:2d:ec:b9:7b:25:f7:8d:
                    f8:c3:62:9a:bc:5b:29:25:4b:8b:77:1f:62:d6:1b:
                    b1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:38:FC:F5:80:83:C5:FC:AF:34:AF:53:C4:0F:87:CB:11:5E:9F:A5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d997d40-5423-4f39-a3a2-b9e9cbd1a476.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.150.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         06:e9:e6:98:c5:55:ae:6c:b9:88:ae:a2:b7:92:f5:3e:a6:33:
         94:d5:ea:4d:a8:80:70:9b:ae:68:72:73:cc:b4:4a:4f:0a:42:
         17:48:bc:a5:df:59:9a:f5:68:2d:24:42:de:65:05:93:ea:bb:
         61:47:71:fd:52:86:ac:96:d3:63:ad:88:9b:3d:ff:29:f0:5d:
         17:9c:05:03:f2:37:29:a7:9f:16:71:cc:26:e7:72:e3:3b:57:
         2d:fd:56:74:a5:a7:3a:34:30:9d:e0:01:48:03:d5:03:9b:f0:
         70:9d:4c:f6:1b:15:a7:ca:e1:b6:e1:6a:e1:cd:70:13:d0:67:
         d5:32:a2:f1:e0:b2:3e:c9:cf:3c:fe:36:cc:21:8c:6d:9c:c8:
         40:76:27:92:91:2b:03:6d:8f:5c:c7:fc:f1:bc:95:e3:64:0b:
         85:45:e9:92:d6:0d:fd:d2:0d:7b:16:b0:83:22:5d:bd:51:34:
         8f:25:08:48:ce:d4:fc:bd:06:47:7c:6c:44:07:90:f5:b8:50:
         b8:64:92:91:89:1f:c2:45:21:2e:fb:aa:f6:cf:2c:98:c1:9b:
         fd:73:4f:c5:1d:c3:b1:56:09:bf:a7:0d:1c:6f:47:41:62:ba:
         ee:94:ea:a4:ad:be:09:9e:41:db:d8:57:1b:79:45:9e:6a:35:
         f4:67:29:dc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJUyGNU0XRTIGXa41B9Ihf0fm3HgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NzM5NzEyNTM5ZWVkZjUxNmEzZTIwODQ5OWY2NTQwMDMy
NTc0MWJiNWIwNzY1MWNjNWZhODM3YzU0MDcyOWRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1avmKl8E24IDdi3AM1rtP80P1WC2E/M9zDZ6vxGgV2r5R
VakvB1mzRKu1mm1MlmcsJ22k/vvrCmiOCGSlJ4YG7Vr/du2eKKHL/EpLEZgIH/Ks
HPgwliP/ErvQJGR7LuPthCJbM9uG7Vj14ZfQg29JC3WqXWuZjhaTXF2hUJ1epRZE
w7lLGulYM8ML6DeYBD2p+WGsF4KKEt20jrDzZS7oJUoYrWyVR1cbbqwEiwUzd22a
GVWo1gtNAyMApME5Y4zadQJYU66ukNOVxOF/xvPjBdmi56cNLDVxqgVkX4Lywhnf
SavRd5iVLey5eyX3jfjDYpq8WyklS4t3H2LWG7HvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHzj89YCDxfyvNK9TxA+HyxFen6UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJkOTk3ZDQwLTU0MjMtNGYzOS1hM2EyLWI5ZTljYmQxYTQ3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2lgAwDQYJKoZIhvcNAQELBQADggEBAAbp5pjFVa5suYiuoreS9T6mM5TV
6k2ogHCbrmhyc8y0Sk8KQhdIvKXfWZr1aC0kQt5lBZPqu2FHcf1ShqyW02OtiJs9
/ynwXRecBQPyNymnnxZxzCbncuM7Vy39VnSlpzo0MJ3gAUgD1QOb8HCdTPYbFafK
4bbhauHNcBPQZ9UyovHgsj7Jzzz+NswhjG2cyEB2J5KRKwNtj1zH/PG8leNkC4VF
6ZLWDf3SDXsWsIMiXb1RNI8lCEjO1Py9Bkd8bEQHkPW4ULhkkpGJH8JFIS77qvbP
LJjBm/1zT8Udw7FWCb+nDRxvR0Fiuu6U6qStvgmeQdvYVxt5RZ5qNfRnKdw=
-----END CERTIFICATE-----