Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2dd7a024-db52-4108-9fa9-13dd95fd85c7.roa
File:                     2dd7a024-db52-4108-9fa9-13dd95fd85c7.roa (raw, json)
Hash identifier:          cISTKObiBdmOmx9Xnv7STcGDr/k18GETjxgC2HUtyDM=
Subject key identifier:   D1:0E:AA:5B:43:DB:B9:DF:8D:60:13:19:CF:86:AE:7B:CC:C8:D2:70
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       397D0345BA80A0B49E9F284D44BC625135F252C9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2dd7a024-db52-4108-9fa9-13dd95fd85c7.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.250.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:7d:03:45:ba:80:a0:b4:9e:9f:28:4d:44:bc:62:51:35:f2:52:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=ab725913636157ac74dc9cb4efc064c0935472f17e62d7976077c340cda756b2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:01:ed:dc:21:45:d8:50:95:33:a1:e8:61:1f:
                    34:a2:12:6a:71:e8:20:a0:7f:45:cd:ad:20:6c:31:
                    20:73:9f:42:ff:28:7b:ee:33:a3:c4:1d:15:30:c1:
                    5a:be:26:e3:54:b8:e0:0b:98:50:5c:14:5a:1c:b3:
                    60:ea:1c:3b:fc:f6:dd:ba:47:49:89:ef:b4:e2:46:
                    ee:67:4f:47:b3:08:ef:56:11:06:6f:8f:49:8c:99:
                    f4:3d:c1:48:b1:99:ec:ff:29:8e:a4:3d:b9:d5:32:
                    39:b2:00:a3:70:b6:7e:1b:94:a3:2e:82:4b:b6:d1:
                    cb:af:f1:53:71:43:d5:f7:01:3b:18:42:46:be:b5:
                    45:b1:58:16:c3:06:bf:02:7f:43:35:41:91:8f:da:
                    49:dd:2c:16:d8:19:44:b4:ea:86:3a:58:59:8f:ab:
                    17:f8:36:f4:4a:4f:5d:ad:28:b7:d4:3f:b7:49:ae:
                    f2:67:59:8d:da:eb:8a:db:75:06:ba:33:82:51:f9:
                    51:40:29:7e:f2:36:8f:b4:7b:43:fb:29:0c:36:9a:
                    de:23:24:45:5a:c1:c3:a6:e7:34:0d:8b:f9:a9:84:
                    ba:59:2b:a0:36:85:55:47:a0:f4:49:58:37:57:89:
                    81:a9:55:2b:ad:d0:e2:9b:f5:6a:dc:e7:b6:f3:f4:
                    66:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:0E:AA:5B:43:DB:B9:DF:8D:60:13:19:CF:86:AE:7B:CC:C8:D2:70
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2dd7a024-db52-4108-9fa9-13dd95fd85c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.250.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         af:fb:bf:84:72:99:80:65:2c:eb:14:90:24:31:1d:31:3d:c0:
         e6:6a:a3:03:7b:35:e4:9a:a1:f0:c8:3d:a4:24:c2:23:7a:09:
         d8:ad:e7:fc:75:13:a4:e9:4e:34:2d:a2:80:38:26:95:b8:28:
         70:f5:aa:86:72:e7:9f:8e:37:af:e4:23:79:8b:50:80:73:1b:
         96:2b:17:de:d4:da:5c:b3:8d:e3:cf:09:34:48:86:29:a5:1f:
         51:3e:e9:b7:1b:75:20:69:7d:10:da:ed:e1:1d:da:e8:24:4e:
         f2:d9:3e:52:3c:e8:1b:61:e5:0c:25:3b:6e:63:3d:93:b4:d6:
         95:60:6a:10:cf:27:f0:71:f5:18:31:a8:05:ab:d6:cb:f5:19:
         42:d8:7b:bd:48:73:d5:37:7c:af:27:93:42:15:2a:ce:0c:5b:
         37:50:10:32:bc:76:b6:cb:47:9b:40:23:cd:ef:67:37:24:45:
         56:38:03:c1:66:00:08:b4:7d:f9:3a:ae:d9:45:9b:66:09:d5:
         f1:6c:aa:f6:ca:e9:84:18:c0:ec:9e:93:ba:bc:f6:84:3e:3f:
         d6:c2:02:c2:f0:b9:11:ec:e8:75:31:ff:e6:1c:0e:95:cc:f9:
         5e:10:6a:fa:d3:fa:be:d1:be:97:73:9c:63:74:f8:f3:98:76:
         cd:8f:d2:d9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOX0DRbqAoLSenyhNRLxiUTXyUskwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjcyNTkxMzYzNjE1N2FjNzRkYzljYjRlZmMwNjRjMDkz
NTQ3MmYxN2U2MmQ3OTc2MDc3YzM0MGNkYTc1NmIyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsAe3cIUXYUJUzoehhHzSiEmpx6CCgf0XNrSBsMSBzn0L/
KHvuM6PEHRUwwVq+JuNUuOALmFBcFFocs2DqHDv89t26R0mJ77TiRu5nT0ezCO9W
EQZvj0mMmfQ9wUixmez/KY6kPbnVMjmyAKNwtn4blKMugku20cuv8VNxQ9X3ATsY
Qka+tUWxWBbDBr8Cf0M1QZGP2kndLBbYGUS06oY6WFmPqxf4NvRKT12tKLfUP7dJ
rvJnWY3a64rbdQa6M4JR+VFAKX7yNo+0e0P7KQw2mt4jJEVawcOm5zQNi/mphLpZ
K6A2hVVHoPRJWDdXiYGpVSut0OKb9Wrc57bz9GYFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0Q6qW0Pbud+NYBMZz4aue8zI0nAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJkZDdhMDI0LWRiNTItNDEwOC05ZmE5LTEzZGQ5NWZkODVjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP+jANBgkqhkiG9w0BAQsFAAOCAQEAr/u/hHKZgGUs6xSQJDEdMT3A5mqj
A3s15Jqh8Mg9pCTCI3oJ2K3n/HUTpOlONC2igDgmlbgocPWqhnLnn443r+QjeYtQ
gHMblisX3tTaXLON488JNEiGKaUfUT7ptxt1IGl9ENrt4R3a6CRO8tk+UjzoG2Hl
DCU7bmM9k7TWlWBqEM8n8HH1GDGoBavWy/UZQth7vUhz1Td8ryeTQhUqzgxbN1AQ
Mrx2tstHm0Ajze9nNyRFVjgDwWYACLR9+Tqu2UWbZgnV8Wyq9srphBjA7J6Turz2
hD4/1sICwvC5EezodTH/5hwOlcz5XhBq+tP6vtG+l3OcY3T485h2zY/S2Q==
-----END CERTIFICATE-----