Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71125bc2-755d-45ec-b689-05bfd289cfe7.roa
File:                     71125bc2-755d-45ec-b689-05bfd289cfe7.roa (raw, json)
Hash identifier:          E2xKxnTNfgY4NQYLM9blU5ilFZB51m801K3FeLWKZAM=
Subject key identifier:   A0:36:5D:62:E7:D2:FD:4E:3D:7A:04:26:58:FF:BB:CF:9D:23:A4:9C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3CF2A63A79159DC938A76C523591C201E9385012
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71125bc2-755d-45ec-b689-05bfd289cfe7.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.254.96.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f2:a6:3a:79:15:9d:c9:38:a7:6c:52:35:91:c2:01:e9:38:50:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=cd2bd36b6299789dc12f309bd7526413ac372202f960f66bd2e920d8081b70bf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6e:de:1a:1a:4b:4d:db:55:2d:2a:01:c9:2d:
                    38:ac:60:b8:1c:41:c2:b4:30:f1:2b:a3:0d:4c:dd:
                    01:4b:0d:a7:e4:c0:52:4f:df:47:de:50:40:c3:dc:
                    80:b0:cb:10:66:4e:b5:c4:c1:60:90:e9:e7:cb:84:
                    37:05:87:2a:43:ca:66:9a:d6:41:70:ea:cc:10:9d:
                    df:1f:87:a7:3f:79:45:25:5d:1e:97:1b:e0:40:c1:
                    b5:fb:17:eb:8f:56:42:00:61:fb:0b:6d:c4:04:67:
                    3c:25:cf:1a:77:a3:d5:fb:df:21:44:0c:71:33:a2:
                    03:73:08:f5:00:b7:fd:b6:7f:61:3e:03:cd:03:1f:
                    fa:74:5f:8b:f8:c9:8a:15:3e:10:84:fa:6f:54:e6:
                    7b:be:86:9f:bd:63:22:60:bc:01:0b:c2:b8:8e:8a:
                    b4:6c:5d:5c:7c:df:cc:8e:26:81:f5:ea:6e:dd:2c:
                    b4:ee:59:d6:88:c7:73:66:bf:e0:fe:e7:b8:1d:86:
                    e1:ad:50:2f:f3:6b:f9:6a:e6:bf:e3:41:b9:45:81:
                    4e:a7:a6:34:fc:c8:4c:06:68:30:5b:ff:23:19:d2:
                    dc:07:3c:89:c4:a6:0b:37:e3:a5:72:1d:c5:26:1e:
                    95:0f:43:db:93:dc:7b:53:9c:9e:0e:a8:9b:a0:51:
                    c3:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:36:5D:62:E7:D2:FD:4E:3D:7A:04:26:58:FF:BB:CF:9D:23:A4:9C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71125bc2-755d-45ec-b689-05bfd289cfe7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.254.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3d:9d:95:fc:dc:f6:f2:e3:1d:b3:f9:08:b0:43:87:dc:06:b9:
         ba:73:72:ca:88:d3:50:b0:d0:f9:6a:c6:76:e0:ee:7a:05:1f:
         98:30:06:f7:b6:b6:93:79:56:41:c1:c4:50:d1:17:da:b1:45:
         d8:ce:a7:72:1d:f6:01:06:cf:76:e9:bd:ec:30:89:8a:a1:86:
         41:73:74:3d:d0:e9:1c:aa:14:58:34:e0:37:56:ae:00:0c:60:
         af:63:79:80:30:48:ec:dd:58:69:a7:2c:65:0f:4c:13:e1:49:
         f9:cb:b7:0a:8d:17:b2:3d:43:24:4f:c3:49:55:0a:7a:da:51:
         57:e4:c8:6b:0b:f0:d6:42:f1:83:82:f7:a6:c9:71:af:49:f8:
         06:b5:c8:63:d4:d2:07:4e:e8:64:02:13:6c:ef:d5:f5:03:49:
         79:5b:a4:60:63:cc:f0:e4:f8:22:a7:0c:d5:37:be:7c:d0:5a:
         3c:22:f6:9d:b4:54:6b:90:36:c1:e5:5c:6c:18:1d:93:b6:19:
         25:1a:f1:f3:a1:f4:89:da:8a:a4:02:b6:fb:23:57:6a:a7:0b:
         c9:d7:30:f1:77:63:10:c0:f2:64:2f:0a:a4:a6:be:2e:68:06:
         7b:9e:c1:38:26:f8:4c:4d:49:c7:36:36:5f:fa:c6:f0:da:a1:
         e7:2d:91:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPPKmOnkVnck4p2xSNZHCAek4UBIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZDJiZDM2YjYyOTk3ODlkYzEyZjMwOWJkNzUyNjQxM2Fj
MzcyMjAyZjk2MGY2NmJkMmU5MjBkODA4MWI3MGJmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFbt4aGktN21UtKgHJLTisYLgcQcK0MPErow1M3QFLDafk
wFJP30feUEDD3ICwyxBmTrXEwWCQ6efLhDcFhypDymaa1kFw6swQnd8fh6c/eUUl
XR6XG+BAwbX7F+uPVkIAYfsLbcQEZzwlzxp3o9X73yFEDHEzogNzCPUAt/22f2E+
A80DH/p0X4v4yYoVPhCE+m9U5nu+hp+9YyJgvAELwriOirRsXVx838yOJoH16m7d
LLTuWdaIx3Nmv+D+57gdhuGtUC/za/lq5r/jQblFgU6npjT8yEwGaDBb/yMZ0twH
PInEpgs346VyHcUmHpUPQ9uT3HtTnJ4OqJugUcOhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoDZdYufS/U49egQmWP+7z50jpJwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcxMTI1YmMyLTc1NWQtNDVlYy1iNjg5LTA1YmZkMjg5Y2ZlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ2/mAwDQYJKoZIhvcNAQELBQADggEBAD2dlfzc9vLjHbP5CLBDh9wGubpz
csqI01Cw0Plqxnbg7noFH5gwBve2tpN5VkHBxFDRF9qxRdjOp3Id9gEGz3bpveww
iYqhhkFzdD3Q6RyqFFg04DdWrgAMYK9jeYAwSOzdWGmnLGUPTBPhSfnLtwqNF7I9
QyRPw0lVCnraUVfkyGsL8NZC8YOC96bJca9J+Aa1yGPU0gdO6GQCE2zv1fUDSXlb
pGBjzPDk+CKnDNU3vnzQWjwi9p20VGuQNsHlXGwYHZO2GSUa8fOh9InaiqQCtvsj
V2qnC8nXMPF3YxDA8mQvCqSmvi5oBnuewTgm+ExNScc2Nl/6xvDaoectkVg=
-----END CERTIFICATE-----