Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/413e86d9-55a1-4c3e-9a6c-481af295d184.roa
File:                     413e86d9-55a1-4c3e-9a6c-481af295d184.roa (raw, json)
Hash identifier:          5J78cAaCjBtF9E8wGPSHgwjJK0GGbrLzt7dEi9vVBK4=
Subject key identifier:   96:B7:DD:C5:86:24:38:C8:27:29:B2:A5:C4:B2:61:CD:08:B3:3F:6F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7215205D8211A3A4C1CA22272286C6E4A2D0777B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/413e86d9-55a1-4c3e-9a6c-481af295d184.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.248.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:15:20:5d:82:11:a3:a4:c1:ca:22:27:22:86:c6:e4:a2:d0:77:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=b3dae43f757c03e0196e3fc434e0f1051e80d739ec1cdb434c5c46a674dce247, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:c9:12:f2:c2:3b:1c:4b:b8:9e:db:0a:38:08:
                    4e:f8:dc:f5:64:14:99:f0:54:e1:8f:fd:c5:ab:bb:
                    93:c5:8d:d4:39:10:38:da:fd:18:bd:36:8b:32:cd:
                    f4:f6:c3:ef:9a:5c:cd:91:4b:7d:7d:02:23:c1:db:
                    e7:f9:51:f0:da:91:4a:56:da:71:5f:a4:9f:d1:3b:
                    22:f5:ba:af:0a:fd:98:1c:3d:b4:b4:ff:02:48:47:
                    fb:3b:74:fc:07:f4:f0:d0:97:3d:14:dc:0d:76:08:
                    98:13:c9:95:0a:cb:d5:64:ab:a1:80:57:c9:d2:06:
                    80:05:8f:93:3c:2e:f8:b3:2d:5a:11:71:1e:3b:1c:
                    ae:52:49:17:f5:f1:21:1f:25:17:0c:cd:0c:b8:6d:
                    31:7b:02:6c:6a:00:1f:f5:42:08:6a:82:f7:ba:df:
                    2d:c8:8e:93:1f:d8:4c:4e:7f:f3:fd:d6:b4:6f:66:
                    4d:1c:22:48:08:09:75:93:18:1f:67:f9:6d:b0:5a:
                    b5:ef:cc:93:1a:b6:14:0f:70:71:28:f2:6c:ad:49:
                    e6:fd:a0:f2:02:88:f6:68:09:52:55:72:25:d6:74:
                    6d:ba:d2:c7:8c:f8:43:9c:c5:6d:2e:75:38:3f:4d:
                    c5:a4:f3:f2:ce:c2:d8:b2:13:4c:33:24:78:56:7f:
                    4a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B7:DD:C5:86:24:38:C8:27:29:B2:A5:C4:B2:61:CD:08:B3:3F:6F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/413e86d9-55a1-4c3e-9a6c-481af295d184.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.248.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         39:26:0f:ea:85:25:2d:a6:67:3d:66:65:39:9e:06:f6:e2:bb:
         dc:98:bb:82:2b:be:9a:71:4e:74:42:a8:6a:3e:33:bf:8b:f6:
         32:8e:8f:11:51:94:04:e9:f2:3a:7f:4e:2b:ce:83:9c:eb:f1:
         bb:3b:96:f5:cb:13:d8:e4:3c:b4:2f:c1:1e:16:15:24:59:78:
         c7:fa:58:84:51:41:94:0e:85:6e:9c:f3:fa:e9:cb:02:de:fe:
         bc:9b:bc:47:fb:69:0a:cb:85:4b:45:b9:58:07:16:93:0a:ac:
         5c:19:e3:4d:9a:79:e4:19:92:c2:94:2b:20:87:c8:39:cc:8e:
         e2:dc:90:0d:ee:98:bf:c2:ee:4b:50:00:a4:90:54:1c:8c:89:
         fc:d6:aa:0a:fb:a7:a0:b0:48:65:17:72:8e:f1:3f:8a:00:b4:
         6d:13:36:7e:53:ef:4d:c5:d9:0b:5e:ab:96:58:e7:1f:5c:12:
         bd:aa:0c:fc:1b:8e:80:6b:f9:02:e3:e3:e8:3f:ed:f5:5f:0d:
         23:9d:90:79:ff:d1:23:97:12:48:cc:14:ee:68:d9:a3:b1:6d:
         19:81:25:6d:06:93:08:9d:b5:e7:ca:10:14:3d:5a:d8:4f:c5:
         a1:53:be:34:79:73:6f:36:45:8f:15:ae:d0:7e:57:e2:a7:a0:
         23:11:0c:5a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUchUgXYIRo6TByiInIobG5KLQd3swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiM2RhZTQzZjc1N2MwM2UwMTk2ZTNmYzQzNGUwZjEwNTFl
ODBkNzM5ZWMxY2RiNDM0YzVjNDZhNjc0ZGNlMjQ3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhyRLywjscS7ie2wo4CE743PVkFJnwVOGP/cWru5PFjdQ5
EDja/Ri9NosyzfT2w++aXM2RS319AiPB2+f5UfDakUpW2nFfpJ/ROyL1uq8K/Zgc
PbS0/wJIR/s7dPwH9PDQlz0U3A12CJgTyZUKy9Vkq6GAV8nSBoAFj5M8LvizLVoR
cR47HK5SSRf18SEfJRcMzQy4bTF7AmxqAB/1Qghqgve63y3IjpMf2ExOf/P91rRv
Zk0cIkgICXWTGB9n+W2wWrXvzJMathQPcHEo8mytSeb9oPICiPZoCVJVciXWdG26
0seM+EOcxW0udTg/TcWk8/LOwtiyE0wzJHhWf0pFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUlrfdxYYkOMgnKbKlxLJhzQizP28wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQxM2U4NmQ5LTU1YTEtNGMzZS05YTZjLTQ4MWFmMjk1ZDE4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE2+DANBgkqhkiG9w0BAQsFAAOCAQEAOSYP6oUlLaZnPWZlOZ4G9uK73Ji7
giu+mnFOdEKoaj4zv4v2Mo6PEVGUBOnyOn9OK86DnOvxuzuW9csT2OQ8tC/BHhYV
JFl4x/pYhFFBlA6Fbpzz+unLAt7+vJu8R/tpCsuFS0W5WAcWkwqsXBnjTZp55BmS
wpQrIIfIOcyO4tyQDe6Yv8LuS1AApJBUHIyJ/NaqCvunoLBIZRdyjvE/igC0bRM2
flPvTcXZC16rlljnH1wSvaoM/BuOgGv5AuPj6D/t9V8NI52Qef/RI5cSSMwU7mjZ
o7FtGYElbQaTCJ2158oQFD1a2E/FoVO+NHlzbzZFjxWu0H5X4qegIxEMWg==
-----END CERTIFICATE-----