Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4838de73-57c8-4786-89f4-8da78c91cdd7.roa
File:                     4838de73-57c8-4786-89f4-8da78c91cdd7.roa (raw, json)
Hash identifier:          WBoWU387Qe7b+KJjPxXxVVlDJdC3+aqa4fNHQ/R+oe4=
Subject key identifier:   6D:2A:A6:D9:35:8C:E4:F0:70:31:B3:66:12:05:1B:8D:87:1C:DC:C4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4B28EE07C95B86D7D05561D15B1835373F559201
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4838de73-57c8-4786-89f4-8da78c91cdd7.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.228.64.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:28:ee:07:c9:5b:86:d7:d0:55:61:d1:5b:18:35:37:3f:55:92:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=764901827c452dabb5e221b0a6e4ee82891fa32d867ab358e5aeb99dc287a0c8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f2:0b:8c:ce:95:89:6e:51:a1:e2:8c:53:e8:
                    a8:4d:e4:b3:69:4e:1e:e7:2d:4c:cb:ad:40:78:9c:
                    45:46:e3:69:45:98:88:21:71:60:76:4d:9c:b6:c9:
                    65:68:7d:c6:21:c4:0c:63:26:fe:e4:02:39:f9:3f:
                    db:ca:90:68:7c:24:1b:38:39:b8:62:a9:7a:3f:a9:
                    93:2f:f5:dd:8e:18:b6:06:cd:93:48:79:f1:04:09:
                    b5:a4:2c:ae:a2:38:ac:53:9c:bb:a1:df:44:72:44:
                    89:11:ba:42:e5:41:bd:69:7e:67:aa:f2:35:c5:a9:
                    14:41:b3:a7:8e:c0:88:67:a7:1d:8c:5f:96:fd:2b:
                    f3:43:f5:d7:15:b3:d6:69:31:7a:ba:61:1e:86:9d:
                    fc:d4:b8:87:0c:eb:9e:eb:eb:91:e1:cd:fc:d1:e5:
                    a2:0c:9f:cd:86:f5:f0:ad:4f:60:56:a3:e5:c5:40:
                    9b:86:35:8d:c6:88:cc:56:4b:a5:1c:13:70:5e:19:
                    75:43:46:cd:e4:48:9b:87:3c:f9:9b:fe:bc:ec:20:
                    a6:b3:43:4b:f5:b8:b7:c9:d8:d9:98:f5:06:08:b5:
                    1d:95:de:a1:f6:60:8f:9f:9a:f7:93:70:23:1e:e9:
                    cc:ae:38:0e:74:ad:1d:15:de:53:73:0f:1f:9c:9c:
                    ce:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:2A:A6:D9:35:8C:E4:F0:70:31:B3:66:12:05:1B:8D:87:1C:DC:C4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4838de73-57c8-4786-89f4-8da78c91cdd7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.228.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         28:06:08:1d:6b:c9:a4:4d:cc:b2:04:ff:21:b4:b5:9e:f3:6b:
         b9:ce:60:65:6e:f7:83:bd:80:31:47:43:53:38:0e:2e:f7:60:
         a4:8e:79:f1:e7:7d:52:7d:e3:de:74:cd:5f:dc:7c:81:db:90:
         f9:a5:f9:c0:19:6f:23:c4:ed:25:6a:fd:6e:e5:bc:99:b3:75:
         68:d5:e9:11:86:5e:10:67:ea:33:10:92:d2:f5:9f:e6:dd:50:
         dd:29:e0:1e:cb:b8:ec:fa:e9:ab:e7:ed:45:0f:54:83:12:45:
         ab:dd:80:94:d5:0e:e6:ea:ac:23:d1:d6:1b:ee:52:6f:90:b6:
         42:61:fc:54:95:39:e6:88:1e:aa:41:3d:b2:dd:ee:51:bd:7e:
         57:1f:3e:ad:99:ba:dc:d8:76:98:1a:7b:76:51:c3:b4:7f:49:
         66:06:b5:8b:2a:24:9b:a5:74:75:71:69:08:c9:e2:aa:2e:d9:
         8b:d9:2a:1d:36:6f:34:a3:5f:30:60:a7:c5:fc:c1:2e:26:f8:
         9b:42:c6:73:2b:3b:b9:58:69:bd:94:74:2e:c2:ae:4e:ae:58:
         3b:09:5d:c8:9f:13:89:1e:ed:b8:41:4a:63:d9:28:4e:7a:0f:
         c7:85:02:59:31:81:62:83:b8:5e:16:35:dd:be:24:40:fb:97:
         81:72:1b:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSyjuB8lbhtfQVWHRWxg1Nz9VkgEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjQ5MDE4MjdjNDUyZGFiYjVlMjIxYjBhNmU0ZWU4Mjg5
MWZhMzJkODY3YWIzNThlNWFlYjk5ZGMyODdhMGM4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC38guMzpWJblGh4oxT6KhN5LNpTh7nLUzLrUB4nEVG42lF
mIghcWB2TZy2yWVofcYhxAxjJv7kAjn5P9vKkGh8JBs4ObhiqXo/qZMv9d2OGLYG
zZNIefEECbWkLK6iOKxTnLuh30RyRIkRukLlQb1pfmeq8jXFqRRBs6eOwIhnpx2M
X5b9K/ND9dcVs9ZpMXq6YR6GnfzUuIcM657r65HhzfzR5aIMn82G9fCtT2BWo+XF
QJuGNY3GiMxWS6UcE3BeGXVDRs3kSJuHPPmb/rzsIKazQ0v1uLfJ2NmY9QYItR2V
3qH2YI+fmveTcCMe6cyuOA50rR0V3lNzDx+cnM7lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbSqm2TWM5PBwMbNmEgUbjYcc3MQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ4MzhkZTczLTU3YzgtNDc4Ni04OWY0LThkYTc4YzkxY2RkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY25EAwDQYJKoZIhvcNAQELBQADggEBACgGCB1ryaRNzLIE/yG0tZ7za7nO
YGVu94O9gDFHQ1M4Di73YKSOefHnfVJ94950zV/cfIHbkPml+cAZbyPE7SVq/W7l
vJmzdWjV6RGGXhBn6jMQktL1n+bdUN0p4B7LuOz66avn7UUPVIMSRavdgJTVDubq
rCPR1hvuUm+QtkJh/FSVOeaIHqpBPbLd7lG9flcfPq2ZutzYdpgae3ZRw7R/SWYG
tYsqJJuldHVxaQjJ4qou2YvZKh02bzSjXzBgp8X8wS4m+JtCxnMrO7lYab2UdC7C
rk6uWDsJXcifE4ke7bhBSmPZKE56D8eFAlkxgWKDuF4WNd2+JED7l4FyG2E=
-----END CERTIFICATE-----