Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35538b9d-35d3-4472-86f2-87fecfa357db.roa
File:                     35538b9d-35d3-4472-86f2-87fecfa357db.roa (raw, json)
Hash identifier:          /y0DKrYbtIvPiVjyBVmuPWmcQ0B2w+oJ7N/aL7DJLJk=
Subject key identifier:   1D:D7:E1:63:33:C7:2B:4E:A8:9E:CE:B6:EC:86:6B:B3:38:AC:D7:95
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       39F50F777B59DD6D9A180C7E6029E1E186182028
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35538b9d-35d3-4472-86f2-87fecfa357db.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.205.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:f5:0f:77:7b:59:dd:6d:9a:18:0c:7e:60:29:e1:e1:86:18:20:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=82ed8db37be7d9c1f80185a0a786a51e682f10326171fc657d5524ddb75fa149, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ad:44:c1:91:71:fc:47:ee:5e:56:d9:60:e9:
                    4f:b3:23:22:c2:50:e9:7d:13:ae:0b:14:bc:8d:01:
                    c0:bc:61:3e:d6:88:24:18:37:ed:e2:79:cb:31:41:
                    d6:4a:9e:3b:5e:5b:75:cc:46:c5:6c:e0:b0:0d:3c:
                    60:01:d4:08:88:ea:11:6a:04:81:25:13:8b:22:29:
                    ba:f6:83:c9:87:4d:3f:45:15:6c:07:0e:8a:d6:35:
                    13:3c:d5:2c:fb:d9:27:27:a0:9c:94:f2:17:b3:62:
                    be:57:b6:72:da:36:a2:8e:f8:1e:cd:36:7e:c5:fe:
                    84:00:90:8f:5a:d3:93:1d:e7:6b:15:08:b8:20:04:
                    be:43:e2:95:df:66:e4:3a:92:3b:f4:0c:ec:05:5e:
                    f2:79:30:46:92:82:1d:7a:69:27:28:12:ac:98:57:
                    f5:3e:eb:5f:e3:0b:31:36:db:0d:d3:dc:d6:dd:6a:
                    19:ff:9c:4b:98:55:00:e3:88:32:38:de:bc:da:8a:
                    34:f0:3a:70:d1:12:80:18:d8:de:61:60:a5:44:c8:
                    c8:fc:22:2e:f7:f4:b0:d4:d8:11:2d:34:45:fb:ef:
                    eb:49:26:54:c1:4d:20:48:a8:40:12:00:66:05:4a:
                    4a:a6:d5:88:ce:d2:29:77:52:5b:fb:e7:af:8c:fa:
                    f2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D7:E1:63:33:C7:2B:4E:A8:9E:CE:B6:EC:86:6B:B3:38:AC:D7:95
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35538b9d-35d3-4472-86f2-87fecfa357db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:77:00:0f:43:a2:ca:5b:98:d9:71:7a:7f:ac:32:19:ef:e5:
         62:9d:bf:8d:4b:52:9b:b5:c5:97:f2:ac:dd:51:4c:20:eb:af:
         01:24:af:ab:a7:aa:13:07:60:10:11:84:82:07:5a:3e:4d:4c:
         fe:19:9f:b8:81:6d:63:91:a3:e7:99:3e:f9:5e:65:c7:48:7f:
         71:c4:69:c6:49:9a:24:27:7a:65:c0:21:da:1f:fd:f4:9d:f3:
         ab:bc:ad:46:3c:06:c1:fa:0d:da:3a:94:7f:e5:49:22:d4:e4:
         70:53:9d:16:c6:98:8d:1b:5d:3d:2e:07:d8:4a:6a:e7:20:5a:
         cb:1d:73:cb:fa:90:6e:5f:82:52:75:c6:99:85:eb:ea:59:9f:
         33:29:50:0a:a8:f4:83:c4:5c:31:90:3b:46:4a:44:0f:b5:25:
         d0:ba:8e:2a:15:1f:52:5d:d8:f0:b2:1e:15:a9:70:84:bf:a1:
         3a:6d:eb:f1:c5:19:2c:b7:dc:0e:90:c1:65:e9:be:10:6b:99:
         7f:41:97:8e:1a:28:27:72:5b:30:96:25:3e:c2:ea:1c:d8:a0:
         74:e3:41:5b:08:03:96:e4:b9:7b:b7:aa:35:9c:97:87:b4:c3:
         7a:1c:e1:11:bd:57:ba:78:bd:3c:45:2f:6e:68:45:1a:ac:18:
         b8:cf:d5:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOfUPd3tZ3W2aGAx+YCnh4YYYICgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MmVkOGRiMzdiZTdkOWMxZjgwMTg1YTBhNzg2YTUxZTY4
MmYxMDMyNjE3MWZjNjU3ZDU1MjRkZGI3NWZhMTQ5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfrUTBkXH8R+5eVtlg6U+zIyLCUOl9E64LFLyNAcC8YT7W
iCQYN+3iecsxQdZKnjteW3XMRsVs4LANPGAB1AiI6hFqBIElE4siKbr2g8mHTT9F
FWwHDorWNRM81Sz72ScnoJyU8hezYr5XtnLaNqKO+B7NNn7F/oQAkI9a05Md52sV
CLggBL5D4pXfZuQ6kjv0DOwFXvJ5MEaSgh16aScoEqyYV/U+61/jCzE22w3T3Nbd
ahn/nEuYVQDjiDI43rzaijTwOnDREoAY2N5hYKVEyMj8Ii739LDU2BEtNEX77+tJ
JlTBTSBIqEASAGYFSkqm1YjO0il3Ulv756+M+vLNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHdfhYzPHK06ons627IZrszis15UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM1NTM4YjlkLTM1ZDMtNDQ3Mi04NmYyLTg3ZmVjZmEzNTdkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5s0wDQYJKoZIhvcNAQELBQADggEBAJF3AA9DospbmNlxen+sMhnv5WKd
v41LUpu1xZfyrN1RTCDrrwEkr6unqhMHYBARhIIHWj5NTP4Zn7iBbWORo+eZPvle
ZcdIf3HEacZJmiQnemXAIdof/fSd86u8rUY8BsH6Ddo6lH/lSSLU5HBTnRbGmI0b
XT0uB9hKaucgWssdc8v6kG5fglJ1xpmF6+pZnzMpUAqo9IPEXDGQO0ZKRA+1JdC6
jioVH1Jd2PCyHhWpcIS/oTpt6/HFGSy33A6QwWXpvhBrmX9Bl44aKCdyWzCWJT7C
6hzYoHTjQVsIA5bkuXu3qjWcl4e0w3oc4RG9V7p4vTxFL25oRRqsGLjP1Uk=
-----END CERTIFICATE-----