Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b92205a5-fb40-45d2-ae05-e1c400074f2a.roa
File:                     b92205a5-fb40-45d2-ae05-e1c400074f2a.roa (raw, json)
Hash identifier:          X7bJUjiuPpBexd0QnkItDXlKkqd7uYwj57teUsfyCyw=
Subject key identifier:   3A:FE:E7:DE:4A:A2:E8:C1:1D:2D:7D:9F:42:C4:51:8A:10:9D:A9:F1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       156F604B258121570C36F87FCE191B29FFCF937C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b92205a5-fb40-45d2-ae05-e1c400074f2a.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.0.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:6f:60:4b:25:81:21:57:0c:36:f8:7f:ce:19:1b:29:ff:cf:93:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=03b14f919979b9a0f6d81815e5a4d71e53a3cdec8f753a14c7f2ad38377cd80d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:74:cc:3a:36:a4:21:98:bf:b7:5f:d3:6a:bd:
                    c8:ad:eb:00:e7:ee:56:71:a5:2b:2e:7e:5d:ed:5a:
                    33:22:43:66:fd:76:36:55:72:ed:eb:86:d1:50:88:
                    93:3a:1d:1e:15:58:ef:fe:d5:65:ab:b4:de:f5:59:
                    2d:59:c7:8e:21:ab:02:fb:86:0c:6e:b6:3a:ea:9d:
                    c4:4d:2b:51:cf:0e:00:2e:6b:57:e3:fe:a2:20:87:
                    38:67:53:7f:93:1f:d9:0d:33:a5:80:b9:69:6d:3e:
                    2c:77:78:7c:89:d8:69:8e:27:08:ba:04:6a:a9:1b:
                    a3:30:a1:25:94:5c:ff:04:78:07:4f:d5:23:25:44:
                    22:10:e4:de:cc:64:10:65:8d:36:29:07:13:6d:60:
                    93:4d:06:8e:b7:61:fc:b1:26:12:02:43:81:1a:94:
                    2e:a4:bf:5f:c2:f7:79:dd:2d:1c:f5:09:8e:7a:61:
                    ca:cf:b2:c7:81:50:85:87:23:6b:c3:df:70:9b:4c:
                    2b:4d:47:85:20:6d:3c:92:07:8f:3d:dc:2a:f5:31:
                    6c:51:6b:d8:c0:99:64:85:2a:9f:eb:40:74:f7:22:
                    06:aa:cb:ad:d9:6b:76:83:e8:0e:a2:5f:d8:1f:88:
                    8c:68:d0:70:1b:ff:1b:fb:ef:34:4f:87:e7:38:4e:
                    f0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:FE:E7:DE:4A:A2:E8:C1:1D:2D:7D:9F:42:C4:51:8A:10:9D:A9:F1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b92205a5-fb40-45d2-ae05-e1c400074f2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6e:87:07:05:3d:5b:78:92:cd:05:84:b1:de:d1:dd:ef:9f:7f:
         ba:75:d2:70:43:27:1d:e8:c3:fb:ad:9b:fa:9e:27:8a:41:99:
         5a:a8:fd:81:f7:37:e2:a1:a0:fd:dc:88:dc:21:0f:61:f2:09:
         ae:e4:fd:47:c6:9d:fb:4b:72:88:7d:15:29:b2:17:f4:af:de:
         24:45:06:c9:58:ac:b3:92:e8:7d:cc:17:91:cf:94:d0:7e:28:
         e6:7d:59:a0:81:48:af:6f:a0:69:a4:fd:c9:59:86:15:d9:41:
         fa:4a:a7:7b:a4:fb:49:89:75:97:3f:06:d0:26:b0:03:04:2e:
         9f:5f:13:90:b3:f4:29:e7:85:73:26:0e:b8:e3:64:0c:1e:05:
         46:1e:04:fa:87:2a:52:27:f3:26:94:21:75:58:e9:6b:3b:66:
         04:c8:c7:27:05:88:28:6d:37:50:84:56:25:a0:8b:6e:a5:b8:
         02:fb:cb:19:ca:e2:e8:c4:c2:1d:9a:58:f0:a1:02:a6:5a:e8:
         37:d5:7e:27:e0:09:98:0a:19:5c:74:72:a8:81:f8:ce:63:a0:
         25:c3:45:98:fa:a7:91:e0:c8:41:37:d4:55:86:40:ba:77:2d:
         db:91:84:94:75:d9:cc:ff:7d:5a:fa:a8:d4:30:b6:ea:35:5f:
         75:6c:47:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFW9gSyWBIVcMNvh/zhkbKf/Pk3wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwM2IxNGY5MTk5NzliOWEwZjZkODE4MTVlNWE0ZDcxZTUz
YTNjZGVjOGY3NTNhMTRjN2YyYWQzODM3N2NkODBkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmdMw6NqQhmL+3X9Nqvcit6wDn7lZxpSsufl3tWjMiQ2b9
djZVcu3rhtFQiJM6HR4VWO/+1WWrtN71WS1Zx44hqwL7hgxutjrqncRNK1HPDgAu
a1fj/qIghzhnU3+TH9kNM6WAuWltPix3eHyJ2GmOJwi6BGqpG6MwoSWUXP8EeAdP
1SMlRCIQ5N7MZBBljTYpBxNtYJNNBo63YfyxJhICQ4EalC6kv1/C93ndLRz1CY56
YcrPsseBUIWHI2vD33CbTCtNR4UgbTySB4893Cr1MWxRa9jAmWSFKp/rQHT3Igaq
y63Za3aD6A6iX9gfiIxo0HAb/xv77zRPh+c4TvCnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOv7n3kqi6MEdLX2fQsRRihCdqfEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I5MjIwNWE1LWZiNDAtNDVkMi1hZTA1LWUxYzQwMDA3NGYyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU0XgAwDQYJKoZIhvcNAQELBQADggEBAG6HBwU9W3iSzQWEsd7R3e+ff7p1
0nBDJx3ow/utm/qeJ4pBmVqo/YH3N+KhoP3ciNwhD2HyCa7k/UfGnftLcoh9FSmy
F/Sv3iRFBslYrLOS6H3MF5HPlNB+KOZ9WaCBSK9voGmk/clZhhXZQfpKp3uk+0mJ
dZc/BtAmsAMELp9fE5Cz9CnnhXMmDrjjZAweBUYeBPqHKlIn8yaUIXVY6Ws7ZgTI
xycFiChtN1CEViWgi26luAL7yxnK4ujEwh2aWPChAqZa6DfVfifgCZgKGVx0cqiB
+M5joCXDRZj6p5HgyEE31FWGQLp3LduRhJR12cz/fVr6qNQwtuo1X3VsRyY=
-----END CERTIFICATE-----