Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/abc2085e-f070-4570-a6ac-81daddee565d.roa
File:                     abc2085e-f070-4570-a6ac-81daddee565d.roa (raw, json)
Hash identifier:          2ZuvB+1IZt5RM9ISWg6g4Y4aFs3rakcXSSkFZNIO1mo=
Subject key identifier:   47:FC:FC:77:05:3A:38:2A:FB:BB:D7:54:72:DE:78:B7:68:AA:C0:22
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       30002E8FE4B1B64A5719B4A4E6BEC47EF911A389
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/abc2085e-f070-4570-a6ac-81daddee565d.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.238.96.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:00:2e:8f:e4:b1:b6:4a:57:19:b4:a4:e6:be:c4:7e:f9:11:a3:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=deded65fb497fcba7f96bcfc15e98e4e651fbb9221b39ce4e256f7ed7eff4cf6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7c:cf:b0:43:44:01:ef:9b:81:1f:5c:ec:dc:
                    7e:6a:75:13:40:ac:4c:58:56:c4:ae:73:ad:b5:f0:
                    e9:0f:33:e3:06:b2:98:0d:ed:75:c6:6c:55:9f:51:
                    5d:3c:15:fd:69:49:d8:66:65:23:f1:6f:e6:91:f6:
                    67:2c:9a:04:22:a4:ea:5d:77:b2:45:25:9d:b7:1a:
                    61:f2:7d:15:e2:4c:79:06:de:42:21:9d:f9:a1:c9:
                    96:dc:10:f7:65:90:d9:f3:b3:7e:65:90:ab:2e:87:
                    8a:91:dc:af:04:b0:e6:d0:eb:e3:f5:5f:d7:de:0f:
                    ec:6a:41:6f:f8:bc:bc:4b:2d:ef:5b:b1:f8:46:70:
                    c1:a0:2d:3e:0d:0e:aa:11:a1:81:c4:29:39:60:ee:
                    65:04:09:17:b7:7d:7e:da:3b:40:27:8e:52:af:45:
                    4b:ac:1f:83:ad:0b:4a:c0:56:ed:ca:39:15:ff:2b:
                    d1:4a:b6:3d:4a:4c:d8:3e:c9:dd:db:2c:80:f1:15:
                    8c:3d:2e:32:33:48:98:0f:26:e4:11:38:d3:32:a3:
                    a6:65:68:20:dd:c6:6b:3b:82:00:a2:6f:0d:a0:e9:
                    a9:21:67:c7:66:15:e0:8d:bd:18:64:dc:3a:b1:d4:
                    0b:35:0a:f8:71:c0:f3:9e:f4:2a:22:ef:1b:fe:6a:
                    ed:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:FC:FC:77:05:3A:38:2A:FB:BB:D7:54:72:DE:78:B7:68:AA:C0:22
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/abc2085e-f070-4570-a6ac-81daddee565d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.238.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         80:5c:a6:57:da:56:53:fb:36:ee:eb:e7:bc:90:40:bf:3f:5c:
         92:24:95:c0:2b:ed:46:2d:67:d5:ad:ce:60:d5:2a:ea:c7:c1:
         a9:e3:bf:b2:bd:a5:8b:5c:6b:04:0c:6d:80:4b:2d:fc:3e:98:
         9c:db:63:83:16:bd:53:cc:bf:c0:f8:93:fb:40:d5:e6:0a:bd:
         6d:b3:f0:22:43:aa:21:6d:9e:f4:c4:20:d9:99:31:f2:cd:b0:
         40:4a:a7:e5:94:cc:a8:87:10:6a:cc:d2:3b:6e:b3:17:d1:3a:
         4a:46:ee:a0:d0:9b:8b:e1:3f:a4:b4:fc:6d:87:e0:8c:e5:24:
         71:ac:57:71:b1:b3:b1:57:ce:10:bd:29:86:7a:6a:d1:6f:29:
         77:fb:f9:a0:5b:ed:c6:c4:8f:57:6d:dd:50:a7:13:c9:5e:2a:
         db:0d:76:c5:db:7a:4e:09:ea:fb:7d:ee:30:83:a6:e0:61:78:
         45:e4:51:82:7c:66:e2:60:b7:64:12:b8:f7:c3:0f:db:29:43:
         9c:5e:c7:fb:7b:a0:ca:78:d4:ab:45:c8:8c:9a:3d:36:dc:07:
         f3:7a:23:c8:e2:17:e8:91:0d:b6:0b:e5:ea:09:df:e0:9d:74:
         f0:45:4d:f6:f1:ed:60:26:e0:fa:7d:79:3b:4a:08:55:a5:76:
         c5:eb:04:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMAAuj+SxtkpXGbSk5r7EfvkRo4kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZWRlZDY1ZmI0OTdmY2JhN2Y5NmJjZmMxNWU5OGU0ZTY1
MWZiYjkyMjFiMzljZTRlMjU2ZjdlZDdlZmY0Y2Y2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgfM+wQ0QB75uBH1zs3H5qdRNArExYVsSuc6218OkPM+MG
spgN7XXGbFWfUV08Ff1pSdhmZSPxb+aR9mcsmgQipOpdd7JFJZ23GmHyfRXiTHkG
3kIhnfmhyZbcEPdlkNnzs35lkKsuh4qR3K8EsObQ6+P1X9feD+xqQW/4vLxLLe9b
sfhGcMGgLT4NDqoRoYHEKTlg7mUECRe3fX7aO0AnjlKvRUusH4OtC0rAVu3KORX/
K9FKtj1KTNg+yd3bLIDxFYw9LjIzSJgPJuQRONMyo6ZlaCDdxms7ggCibw2g6akh
Z8dmFeCNvRhk3Dqx1As1CvhxwPOe9Coi7xv+au0NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUR/z8dwU6OCr7u9dUct54t2iqwCIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FiYzIwODVlLWYwNzAtNDU3MC1hNmFjLTgxZGFkZGVlNTY1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ27mAwDQYJKoZIhvcNAQELBQADggEBAIBcplfaVlP7Nu7r57yQQL8/XJIk
lcAr7UYtZ9WtzmDVKurHwanjv7K9pYtcawQMbYBLLfw+mJzbY4MWvVPMv8D4k/tA
1eYKvW2z8CJDqiFtnvTEINmZMfLNsEBKp+WUzKiHEGrM0jtusxfROkpG7qDQm4vh
P6S0/G2H4IzlJHGsV3Gxs7FXzhC9KYZ6atFvKXf7+aBb7cbEj1dt3VCnE8leKtsN
dsXbek4J6vt97jCDpuBheEXkUYJ8ZuJgt2QSuPfDD9spQ5xex/t7oMp41KtFyIya
PTbcB/N6I8jiF+iRDbYL5eoJ3+CddPBFTfbx7WAm4Pp9eTtKCFWldsXrBOg=
-----END CERTIFICATE-----