Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35167473-9f5e-4fda-9f97-9ff1e2b56f2d.roa
File:                     35167473-9f5e-4fda-9f97-9ff1e2b56f2d.roa (raw, json)
Hash identifier:          z+F7FcBrNRcJTCbInF7RwNxf2bEiCFn8mGHlDwfjOyA=
Subject key identifier:   17:0D:E1:66:71:11:46:91:86:A4:2A:F6:C5:BD:C5:3A:E8:48:EB:6F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1C6AE263008463303B86364B73DEC44DCF441080
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35167473-9f5e-4fda-9f97-9ff1e2b56f2d.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        155.146.48.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:6a:e2:63:00:84:63:30:3b:86:36:4b:73:de:c4:4d:cf:44:10:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=3c74f658d79221b7579554d9476bbf17c4d8cabdeaef7eeac02572d5ae6c1378, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:97:0f:50:db:f8:f2:a7:66:eb:65:13:b3:fc:
                    d6:83:5d:04:31:af:11:12:83:d4:62:fd:9e:2c:59:
                    15:e7:a9:ba:d7:de:52:da:73:c0:a0:07:57:b4:e9:
                    51:08:45:76:e9:00:22:38:ca:4a:99:ed:35:90:0c:
                    a8:13:da:1c:86:a1:19:f7:2e:18:f5:c5:75:8d:f4:
                    c8:b0:4c:2f:e8:b4:57:80:45:aa:fd:c4:82:f2:23:
                    1c:c8:ea:12:22:33:b6:75:b9:e3:a7:0e:da:07:f8:
                    b8:e1:9f:0d:7b:8c:e4:1b:e8:a9:38:00:6f:d7:e6:
                    e0:7b:b1:64:06:01:ca:01:5e:b4:a8:ff:ab:0e:c9:
                    38:6f:10:c2:a4:3f:d2:4c:94:bf:1c:10:25:49:38:
                    0f:a4:12:5c:4c:ee:94:ae:66:ec:a1:e1:4a:2e:98:
                    6c:f2:90:2e:b6:0e:b8:26:6d:7d:62:10:a6:97:fc:
                    5c:ca:a9:27:63:62:e6:1d:34:58:b8:e6:10:0a:78:
                    2c:85:51:87:12:02:e9:59:2e:2f:63:2c:11:c2:bb:
                    54:02:11:a3:f2:54:4b:bb:54:a8:49:27:ba:ea:84:
                    6a:27:68:4b:b7:ea:6b:ae:b4:74:a7:40:30:69:d7:
                    8c:0b:3f:73:53:d5:0e:db:a1:a1:89:5c:f2:98:4b:
                    9c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:0D:E1:66:71:11:46:91:86:A4:2A:F6:C5:BD:C5:3A:E8:48:EB:6F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35167473-9f5e-4fda-9f97-9ff1e2b56f2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.146.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         46:10:e4:d4:26:b7:ca:d2:89:b1:44:f5:56:cf:37:1b:e4:ec:
         51:40:39:8b:dc:5c:d2:43:7f:a8:25:96:b9:9d:c6:7c:47:d8:
         a1:b4:0b:0e:88:8d:13:59:40:d9:04:b7:0f:03:2b:ce:b1:ee:
         8b:88:73:73:5c:97:12:cb:50:a5:22:ff:91:a5:07:1d:75:47:
         77:8d:56:4c:2d:2a:64:1e:a2:76:92:b9:66:47:d7:6a:6f:29:
         75:a8:f5:18:76:1a:57:e2:9a:2b:15:67:29:9a:6d:9f:a0:c8:
         76:75:78:da:ef:9e:7c:65:29:55:5c:fd:bc:5e:be:7c:34:f6:
         a5:29:14:0b:d4:01:50:0b:92:dd:b8:c1:ed:5a:54:b8:88:56:
         16:02:81:05:1e:44:15:c2:5f:53:96:7f:34:a3:3c:02:7e:f0:
         cf:e3:61:ce:9f:e7:02:82:3f:60:2d:f7:6f:e6:70:8d:80:53:
         37:9e:8d:a9:1c:2b:dd:3f:de:b0:1e:c4:47:b5:6f:52:4b:f1:
         6a:67:75:47:dd:fe:b1:73:e8:d6:f7:13:f3:48:56:cf:20:09:
         89:20:54:e2:2c:0b:43:d1:96:c1:58:d6:b1:30:59:90:97:06:
         e8:ec:5d:08:cb:bf:e1:56:3e:7d:fd:0d:a5:87:dd:5f:3d:97:
         b1:8b:4c:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHGriYwCEYzA7hjZLc97ETc9EEIAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzc0ZjY1OGQ3OTIyMWI3NTc5NTU0ZDk0NzZiYmYxN2M0
ZDhjYWJkZWFlZjdlZWFjMDI1NzJkNWFlNmMxMzc4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtlw9Q2/jyp2brZROz/NaDXQQxrxESg9Ri/Z4sWRXnqbrX
3lLac8CgB1e06VEIRXbpACI4ykqZ7TWQDKgT2hyGoRn3Lhj1xXWN9MiwTC/otFeA
Rar9xILyIxzI6hIiM7Z1ueOnDtoH+Ljhnw17jOQb6Kk4AG/X5uB7sWQGAcoBXrSo
/6sOyThvEMKkP9JMlL8cECVJOA+kElxM7pSuZuyh4UoumGzykC62DrgmbX1iEKaX
/FzKqSdjYuYdNFi45hAKeCyFUYcSAulZLi9jLBHCu1QCEaPyVEu7VKhJJ7rqhGon
aEu36muutHSnQDBp14wLP3NT1Q7boaGJXPKYS5wnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFw3hZnERRpGGpCr2xb3FOuhI628wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM1MTY3NDczLTlmNWUtNGZkYS05Zjk3LTlmZjFlMmI1NmYyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASbkjAwDQYJKoZIhvcNAQELBQADggEBAEYQ5NQmt8rSibFE9VbPNxvk7FFA
OYvcXNJDf6gllrmdxnxH2KG0Cw6IjRNZQNkEtw8DK86x7ouIc3NclxLLUKUi/5Gl
Bx11R3eNVkwtKmQeonaSuWZH12pvKXWo9Rh2GlfimisVZymabZ+gyHZ1eNrvnnxl
KVVc/bxevnw09qUpFAvUAVALkt24we1aVLiIVhYCgQUeRBXCX1OWfzSjPAJ+8M/j
Yc6f5wKCP2At92/mcI2AUzeejakcK90/3rAexEe1b1JL8WpndUfd/rFz6Nb3E/NI
Vs8gCYkgVOIsC0PRlsFY1rEwWZCXBujsXQjLv+FWPn39DaWH3V89l7GLTG4=
-----END CERTIFICATE-----