Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3c15da3-724a-4835-ab80-0663647939de.roa
File:                     b3c15da3-724a-4835-ab80-0663647939de.roa (raw, json)
Hash identifier:          RJ23OSGXUDrwew08urIl7B5l+XeMOIe2iurtnEINKSs=
Subject key identifier:   68:E1:B0:C2:B8:3A:63:B7:04:2D:0B:FC:64:07:2A:B3:5B:A7:AA:1B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5C38DFA99CA7C300AB7DD8F42126C057B46648F3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3c15da3-724a-4835-ab80-0663647939de.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.93.61.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:38:df:a9:9c:a7:c3:00:ab:7d:d8:f4:21:26:c0:57:b4:66:48:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=5a3f8f969d1b8cd0159c292288a490023ce624d2eef26f643b8e9a95179dca88, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:02:15:1d:97:b0:03:53:99:56:ea:21:d7:25:
                    21:b7:9e:7c:43:70:a6:17:70:60:4c:5e:50:10:f1:
                    94:1b:0c:d2:89:54:ab:17:1f:77:e3:b2:fa:74:f7:
                    19:79:09:c7:75:a7:e8:fd:f3:52:a3:a6:ae:d4:d4:
                    31:0a:49:46:de:cd:21:5d:6a:02:d1:8e:56:65:58:
                    4e:06:dc:87:c6:6d:f1:6e:c3:ed:20:cd:1b:86:3b:
                    12:4d:27:bb:f8:1f:27:31:72:97:c9:e7:c1:18:7a:
                    dd:e6:ee:a7:eb:6c:02:61:37:77:13:c3:ca:1f:f2:
                    bb:99:3a:6b:90:26:a5:25:79:e2:c1:b8:f3:a0:7a:
                    66:e2:35:8f:43:66:7e:79:46:d3:b4:d2:dc:ce:5e:
                    2e:b1:31:e7:e2:f9:64:98:32:c5:b4:05:3e:5b:8a:
                    86:9b:30:94:1f:cc:01:32:39:af:42:28:73:fd:b8:
                    e7:4b:fe:04:f6:65:7e:3b:72:be:f4:40:d0:09:3d:
                    d4:4d:ab:33:c7:b0:6b:55:2d:cf:87:95:e2:26:03:
                    b4:42:ff:61:23:36:8a:ea:cd:83:8d:90:28:7b:c0:
                    7b:c5:e9:cb:a8:86:1f:24:1e:88:58:9a:47:93:dd:
                    37:a6:6e:d5:66:7f:41:f8:a5:52:d6:78:d2:af:2a:
                    76:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E1:B0:C2:B8:3A:63:B7:04:2D:0B:FC:64:07:2A:B3:5B:A7:AA:1B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3c15da3-724a-4835-ab80-0663647939de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:c9:cf:3c:d3:f3:b0:ad:71:1c:3f:1c:f1:c8:b9:5b:4b:ce:
         ad:76:20:87:62:83:af:a2:aa:a4:71:86:f1:7c:7d:cf:d2:34:
         ca:6e:99:a4:f5:c8:b7:29:ee:e8:b4:68:b1:34:95:b4:f8:44:
         b4:e9:bc:e3:23:51:75:9e:13:32:b7:f2:26:dd:fb:18:4b:c9:
         19:4a:a8:b0:c7:f6:a4:35:25:d5:11:9f:89:95:19:e2:be:21:
         29:16:1e:5b:47:db:cd:d4:76:56:29:4b:db:e5:00:19:a7:63:
         9a:44:24:b4:95:30:8e:54:e1:95:d7:fb:eb:f0:cb:e7:8a:ae:
         f0:69:a9:38:70:53:94:bb:74:9f:8e:cb:b4:34:b2:56:22:74:
         9f:fa:1e:40:d3:5d:04:16:3e:39:3e:32:ba:59:ea:98:73:40:
         ad:d7:85:90:d3:11:88:35:a3:e0:22:4a:18:2b:9c:d0:9a:8f:
         d8:22:f9:eb:16:c0:d1:85:8a:50:01:56:d0:7c:79:0e:e6:12:
         b9:28:b2:d8:42:97:35:f7:ac:ce:86:62:0d:8e:a3:6f:4e:7e:
         71:50:b7:87:d8:3e:55:22:92:f9:31:11:3f:8e:64:49:ef:42:
         6d:95:8e:af:ff:8e:82:01:12:6d:06:ce:67:1f:62:ff:f8:f7:
         97:d6:8a:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXDjfqZynwwCrfdj0ISbAV7RmSPMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTNmOGY5NjlkMWI4Y2QwMTU5YzI5MjI4OGE0OTAwMjNj
ZTYyNGQyZWVmMjZmNjQzYjhlOWE5NTE3OWRjYTg4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNAhUdl7ADU5lW6iHXJSG3nnxDcKYXcGBMXlAQ8ZQbDNKJ
VKsXH3fjsvp09xl5Ccd1p+j981Kjpq7U1DEKSUbezSFdagLRjlZlWE4G3IfGbfFu
w+0gzRuGOxJNJ7v4HycxcpfJ58EYet3m7qfrbAJhN3cTw8of8ruZOmuQJqUleeLB
uPOgembiNY9DZn55RtO00tzOXi6xMefi+WSYMsW0BT5bioabMJQfzAEyOa9CKHP9
uOdL/gT2ZX47cr70QNAJPdRNqzPHsGtVLc+HleImA7RC/2EjNorqzYONkCh7wHvF
6cuohh8kHohYmkeT3TembtVmf0H4pVLWeNKvKnalAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaOGwwrg6Y7cELQv8ZAcqs1unqhswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IzYzE1ZGEzLTcyNGEtNDgzNS1hYjgwLTA2NjM2NDc5MzlkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XT0wDQYJKoZIhvcNAQELBQADggEBAGnJzzzT87CtcRw/HPHIuVtLzq12
IIdig6+iqqRxhvF8fc/SNMpumaT1yLcp7ui0aLE0lbT4RLTpvOMjUXWeEzK38ibd
+xhLyRlKqLDH9qQ1JdURn4mVGeK+ISkWHltH283UdlYpS9vlABmnY5pEJLSVMI5U
4ZXX++vwy+eKrvBpqThwU5S7dJ+Oy7Q0slYidJ/6HkDTXQQWPjk+MrpZ6phzQK3X
hZDTEYg1o+AiShgrnNCaj9gi+esWwNGFilABVtB8eQ7mErkosthClzX3rM6GYg2O
o29OfnFQt4fYPlUikvkxET+OZEnvQm2Vjq//joIBEm0GzmcfYv/495fWik4=
-----END CERTIFICATE-----