Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9db14b78-91c8-4db8-9d24-248f35958ad0.roa
File:                     9db14b78-91c8-4db8-9d24-248f35958ad0.roa (raw, json)
Hash identifier:          6min6K62JjL/cCb4aFZrwKituyMMkkMQthGOTnMCUr4=
Subject key identifier:   D5:BC:9B:20:F0:D2:4F:49:68:22:22:F1:0F:27:4A:81:61:E5:8F:81
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2B184664E21B017EB55F654243FD2E4AF1664E3D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9db14b78-91c8-4db8-9d24-248f35958ad0.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.94.192.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:18:46:64:e2:1b:01:7e:b5:5f:65:42:43:fd:2e:4a:f1:66:4e:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=8a93b837b24416d9e3a638bc9de5fe48006bac6dd93db335ab1fb2d502db08b3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:65:7c:0d:a9:cf:6a:6a:67:bd:fe:4e:f8:ac:
                    5d:eb:50:37:6d:99:5f:72:76:ac:97:f4:8b:7a:b1:
                    61:e3:e1:2d:3f:fd:8b:6d:ed:7f:ba:d7:30:e7:94:
                    17:57:58:71:0f:ac:e2:59:30:65:18:bb:64:9c:87:
                    ad:06:05:2e:38:88:8c:fe:c2:3a:88:fb:81:22:c2:
                    54:94:5b:4b:3c:d8:8a:2e:0c:a1:71:7d:78:a3:04:
                    03:22:92:99:76:0f:c4:94:be:26:d7:7a:b1:eb:d0:
                    33:59:4c:bc:88:30:a4:7f:40:b6:f1:4b:56:b2:e7:
                    59:56:0b:db:21:c7:9c:17:6e:86:0f:49:8b:83:ce:
                    11:4a:af:6f:23:c1:67:b1:29:60:9f:d1:3f:cd:0b:
                    50:59:13:3f:78:75:cf:3a:29:40:9e:f9:8d:1f:1b:
                    4e:2b:82:0d:6e:95:83:a5:27:22:12:98:53:e9:a3:
                    4b:28:bb:8e:06:52:df:94:a7:a0:b9:5d:52:85:83:
                    aa:57:c4:7b:d2:8a:0a:5a:36:45:52:b8:1b:8a:fb:
                    02:03:36:77:a5:27:68:6c:a1:1d:da:76:1b:fb:30:
                    2a:89:b4:62:52:ae:e5:02:21:b9:6c:04:e3:2a:4d:
                    50:29:6f:3b:cd:5c:82:7c:a0:6f:9d:f5:b0:12:b7:
                    bd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:BC:9B:20:F0:D2:4F:49:68:22:22:F1:0F:27:4A:81:61:E5:8F:81
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9db14b78-91c8-4db8-9d24-248f35958ad0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:df:d6:75:11:f7:65:04:1d:a0:f7:c3:ea:b9:32:68:21:61:
         f3:6e:aa:87:35:af:c5:93:93:51:39:06:6d:b4:cb:03:40:d1:
         f3:aa:a3:76:c2:20:03:6d:f6:a1:32:ed:6d:f5:96:db:37:78:
         28:b3:92:21:c5:40:8b:21:b0:66:8c:aa:f3:03:de:f4:56:be:
         f1:b4:26:25:a2:5c:78:0d:2e:ce:06:13:d9:b5:b7:21:2f:96:
         ca:d3:2f:5f:fa:68:26:5d:4b:c3:c2:2b:af:0c:72:7b:aa:0c:
         40:73:3d:e2:c3:c1:c1:73:c4:56:cc:d3:fb:e7:a3:24:01:a9:
         dd:c5:5c:e2:da:6e:dc:9f:9e:b5:9e:92:eb:e7:6d:c5:a9:28:
         2d:8f:2b:21:35:46:ee:9f:d4:ad:1a:46:cc:0f:db:7e:cb:7a:
         8c:30:d3:fc:03:99:da:6c:8f:b3:71:ac:a8:38:b0:0d:62:dc:
         cb:d6:c7:db:90:ef:19:f0:8c:13:e7:8b:12:c4:58:c8:8c:e5:
         b5:7e:3c:1a:86:28:18:0d:b9:ee:a6:94:25:dd:d1:c8:42:d3:
         a5:c0:b1:08:51:fc:4e:4f:20:dc:dd:41:0a:7d:53:b5:dc:7b:
         25:c3:99:ed:38:b5:68:d8:80:60:27:38:58:f9:cf:47:a8:28:
         e1:b3:06:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKxhGZOIbAX61X2VCQ/0uSvFmTj0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTkzYjgzN2IyNDQxNmQ5ZTNhNjM4YmM5ZGU1ZmU0ODAw
NmJhYzZkZDkzZGIzMzVhYjFmYjJkNTAyZGIwOGIzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoZXwNqc9qame9/k74rF3rUDdtmV9ydqyX9It6sWHj4S0/
/Ytt7X+61zDnlBdXWHEPrOJZMGUYu2Sch60GBS44iIz+wjqI+4EiwlSUW0s82Iou
DKFxfXijBAMikpl2D8SUvibXerHr0DNZTLyIMKR/QLbxS1ay51lWC9shx5wXboYP
SYuDzhFKr28jwWexKWCf0T/NC1BZEz94dc86KUCe+Y0fG04rgg1ulYOlJyISmFPp
o0sou44GUt+Up6C5XVKFg6pXxHvSigpaNkVSuBuK+wIDNnelJ2hsoR3adhv7MCqJ
tGJSruUCIblsBOMqTVApbzvNXIJ8oG+d9bASt73VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1bybIPDST0loIiLxDydKgWHlj4EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlkYjE0Yjc4LTkxYzgtNGRiOC05ZDI0LTI0OGYzNTk1OGFkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0XsAwDQYJKoZIhvcNAQELBQADggEBAEDf1nUR92UEHaD3w+q5MmghYfNu
qoc1r8WTk1E5Bm20ywNA0fOqo3bCIANt9qEy7W31lts3eCizkiHFQIshsGaMqvMD
3vRWvvG0JiWiXHgNLs4GE9m1tyEvlsrTL1/6aCZdS8PCK68McnuqDEBzPeLDwcFz
xFbM0/vnoyQBqd3FXOLabtyfnrWekuvnbcWpKC2PKyE1Ru6f1K0aRswP237Leoww
0/wDmdpsj7NxrKg4sA1i3MvWx9uQ7xnwjBPnixLEWMiM5bV+PBqGKBgNue6mlCXd
0chC06XAsQhR/E5PINzdQQp9U7XceyXDme04tWjYgGAnOFj5z0eoKOGzBmk=
-----END CERTIFICATE-----