Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa
File:                     47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa (raw, json)
Hash identifier:          nEMi+SqPSnIuhdWQvqbzXjEXFW67SbjDSNvWJGeJP3E=
Subject key identifier:   9A:EC:A9:8C:A6:E9:3F:B3:46:0F:D4:16:16:CF:17:19:2E:B1:68:0C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2A2C5BC53BF0E89172E1879FACAA309839B56731
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.248.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:2c:5b:c5:3b:f0:e8:91:72:e1:87:9f:ac:aa:30:98:39:b5:67:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=175535fc9836e275b988f18bd244f9ea49d58a3e0da4ee428d8c48f95b2d9b04, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f8:95:4f:b9:84:ae:c8:67:1b:f1:b2:8b:d3:
                    89:20:eb:ce:32:c6:f9:49:d8:88:8a:4f:8a:c0:ff:
                    88:45:76:25:07:5c:e6:99:51:82:73:49:25:c8:b0:
                    24:10:2b:2a:1b:67:f1:1e:f3:25:72:ee:e5:e1:b2:
                    0a:91:11:4b:06:c7:dc:60:55:d7:85:a6:03:e6:12:
                    4a:85:32:4d:39:d8:84:16:75:a1:60:82:c6:c4:4f:
                    5b:d7:74:07:72:fa:aa:40:69:cf:5c:88:da:79:90:
                    08:7c:a2:e4:bc:c4:5b:b4:76:54:33:b2:d5:0f:91:
                    75:68:69:b3:13:1d:2f:b0:ad:e1:ef:fe:39:1f:15:
                    ed:55:09:be:0e:13:43:65:73:fb:10:ef:40:4b:6b:
                    61:8d:a1:1b:88:8b:92:ae:8c:9a:12:9b:21:0f:1c:
                    7a:6f:0b:87:60:94:98:f6:fb:d9:e1:6d:cd:9b:64:
                    2f:a0:9e:e8:71:34:9e:7b:15:83:aa:81:d8:13:4b:
                    b1:08:57:af:15:10:d1:1a:19:db:42:6e:b8:c6:81:
                    e5:08:64:17:aa:3d:f3:ed:5c:de:e0:1e:68:76:e1:
                    5c:95:55:fe:e2:68:18:95:45:9e:3d:cd:a0:10:72:
                    89:57:d8:d8:a8:42:2a:bc:e9:88:f1:ce:f3:66:55:
                    0c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EC:A9:8C:A6:E9:3F:B3:46:0F:D4:16:16:CF:17:19:2E:B1:68:0C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:d6:c5:a0:d8:5b:00:9a:c7:c1:e2:3a:40:0d:68:1f:a9:bf:
         6b:0f:e6:9c:ef:76:25:8d:4a:d7:f7:69:b8:4a:54:ad:23:68:
         d9:67:fa:69:8a:30:ec:c6:3d:a6:b9:75:8a:04:b3:39:98:dd:
         ab:51:37:0c:be:95:3a:5f:5e:a5:a5:9b:64:91:30:7e:d7:19:
         5b:a8:4b:76:99:76:53:f7:fc:8e:61:40:77:c8:d5:b5:02:cf:
         2b:01:d6:05:80:ce:87:bf:eb:09:5a:a9:63:7e:11:29:6d:f3:
         f6:25:b4:b4:1f:39:42:2f:ef:f7:fd:07:3b:b7:8a:4d:f3:f9:
         98:51:07:a1:da:e8:04:72:6b:9b:ea:55:ab:40:f6:db:b0:45:
         64:d7:3b:b4:58:b9:91:b0:17:14:e1:66:d9:26:10:0e:a0:fb:
         e0:25:c6:93:97:b3:26:a2:dc:65:ba:0f:5b:70:e6:07:4d:e0:
         7b:98:d2:0f:d2:c8:52:14:e4:ea:84:4e:6e:b4:5f:e0:1d:01:
         80:7d:39:57:f5:3b:1e:4d:07:aa:df:ab:24:e0:16:1a:7e:6c:
         8a:7a:3f:98:7c:13:47:ba:6d:81:a8:70:19:92:9d:ac:62:7d:
         22:c4:67:e4:f7:be:f6:ed:9d:df:00:04:e2:5c:48:d6:81:de:
         48:4e:ff:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKixbxTvw6JFy4YefrKowmDm1ZzEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzU1MzVmYzk4MzZlMjc1Yjk4OGYxOGJkMjQ0ZjllYTQ5
ZDU4YTNlMGRhNGVlNDI4ZDhjNDhmOTViMmQ5YjA0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCX+JVPuYSuyGcb8bKL04kg684yxvlJ2IiKT4rA/4hFdiUH
XOaZUYJzSSXIsCQQKyobZ/Ee8yVy7uXhsgqREUsGx9xgVdeFpgPmEkqFMk052IQW
daFggsbET1vXdAdy+qpAac9ciNp5kAh8ouS8xFu0dlQzstUPkXVoabMTHS+wreHv
/jkfFe1VCb4OE0Nlc/sQ70BLa2GNoRuIi5KujJoSmyEPHHpvC4dglJj2+9nhbc2b
ZC+gnuhxNJ57FYOqgdgTS7EIV68VENEaGdtCbrjGgeUIZBeqPfPtXN7gHmh24VyV
Vf7iaBiVRZ49zaAQcolX2NioQiq86YjxzvNmVQx3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmuypjKbpP7NGD9QWFs8XGS6xaAwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3ZDc2Y2I4LTRhNzctNGI0Ny1iY2MxLTIzMDZkYTljZWE2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0X/gwDQYJKoZIhvcNAQELBQADggEBAIjWxaDYWwCax8HiOkANaB+pv2sP
5pzvdiWNStf3abhKVK0jaNln+mmKMOzGPaa5dYoEszmY3atRNwy+lTpfXqWlm2SR
MH7XGVuoS3aZdlP3/I5hQHfI1bUCzysB1gWAzoe/6wlaqWN+ESlt8/YltLQfOUIv
7/f9Bzu3ik3z+ZhRB6Ha6ARya5vqVatA9tuwRWTXO7RYuZGwFxThZtkmEA6g++Al
xpOXsyai3GW6D1tw5gdN4HuY0g/SyFIU5OqETm60X+AdAYB9OVf1Ox5NB6rfqyTg
Fhp+bIp6P5h8E0e6bYGocBmSnaxifSLEZ+T3vvbtnd8ABOJcSNaB3khO/5s=
-----END CERTIFICATE-----