Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c1551918-4421-4db1-80cc-19364f773f88.roa
File:                     c1551918-4421-4db1-80cc-19364f773f88.roa (raw, json)
Hash identifier:          g9Y8oaVhg4P28Yq7HHglT400XdHH/A1XECIzIFoAggY=
Subject key identifier:   89:09:88:BB:95:36:80:E2:5C:7D:19:70:71:7A:03:EF:0F:98:60:07
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6E20DC159EE938D7AFE61D10D1263FF8423A9DF2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c1551918-4421-4db1-80cc-19364f773f88.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.172.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:20:dc:15:9e:e9:38:d7:af:e6:1d:10:d1:26:3f:f8:42:3a:9d:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=24c64f3dd3b4df6037df733a9843126dba20105fec12a6f0ad1cd1bec951911e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e0:b9:7c:a7:61:57:65:77:10:39:fb:50:eb:
                    72:19:37:0f:d1:a7:c8:62:26:70:f7:bc:38:87:94:
                    7f:ee:b9:50:9f:11:08:9a:76:98:1b:d5:0a:85:fd:
                    10:d6:17:f4:2b:3d:7f:48:28:0a:e4:d3:a7:5f:c7:
                    54:85:aa:63:e0:0a:13:f1:15:a0:fc:38:87:3a:b7:
                    a6:e7:60:99:05:03:67:4c:76:76:ec:75:8e:e1:72:
                    8d:8d:8a:71:4d:b9:ae:79:75:1f:cb:f4:79:62:1a:
                    89:88:09:8c:ef:1f:64:fe:83:85:f8:01:d2:2f:ed:
                    08:cd:4f:14:7f:01:bb:26:5f:12:bf:02:be:a2:b3:
                    9f:d1:70:d0:6a:07:8d:4f:34:45:16:04:c2:ca:d5:
                    78:ce:0e:2f:2c:13:12:1d:d5:d3:bc:0c:dc:33:d2:
                    12:72:b8:73:03:26:d8:40:97:11:39:ef:30:07:ec:
                    18:c3:da:f2:02:20:2f:46:f0:f0:a7:42:a5:43:fd:
                    4c:25:7e:09:73:72:68:13:64:4a:81:53:0f:0c:01:
                    bd:8f:1c:24:90:1d:e8:97:80:24:f0:f1:78:7c:99:
                    e2:21:2f:24:95:cf:b2:d4:bc:84:d1:60:ab:1f:21:
                    23:18:3b:59:f8:4f:45:09:39:61:d8:66:9e:76:c4:
                    e3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:09:88:BB:95:36:80:E2:5C:7D:19:70:71:7A:03:EF:0F:98:60:07
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c1551918-4421-4db1-80cc-19364f773f88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:e0:37:a9:18:de:57:ec:d2:4b:7a:b0:6d:50:bc:9b:81:f9:
         f3:b2:e8:66:48:b0:9d:66:b4:bd:c4:0b:e9:49:7f:ed:83:33:
         0b:0c:48:05:4f:49:4a:f3:71:47:8a:16:78:7f:98:9b:92:ce:
         c8:b6:18:f8:6f:ca:a2:fc:70:b1:cf:ba:77:0d:12:cb:1c:10:
         83:f0:0e:67:93:63:79:f7:43:7a:37:f0:0d:39:60:cd:19:7b:
         b2:62:bf:ab:9c:68:86:4e:2a:70:5c:9a:fc:44:bc:5a:7d:af:
         f0:10:63:7d:94:d4:13:5e:69:3e:c5:bc:cd:60:16:5a:5b:ca:
         c2:7d:34:6c:95:00:23:62:bc:d9:ae:0c:ca:0f:e1:5c:48:df:
         f6:9f:72:a1:61:da:01:c9:a5:1c:bd:77:bb:b7:61:5e:4d:33:
         f1:3d:c4:5f:ae:ca:2e:fc:0b:6a:ee:e1:12:58:0a:f0:13:d8:
         91:59:b6:30:a3:ec:f6:c4:d4:7e:28:dd:72:bd:21:cc:ef:14:
         6a:8e:40:25:d1:46:c2:03:23:69:8f:4e:e2:46:84:af:ee:ca:
         16:fe:03:45:43:c4:e6:2d:e4:aa:a9:ab:56:e0:9d:c7:04:b5:
         b9:51:6e:bc:e3:40:bf:15:30:12:9d:e7:ef:6e:9a:2d:f9:3b:
         b8:77:3d:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbiDcFZ7pONev5h0Q0SY/+EI6nfIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGM2NGYzZGQzYjRkZjYwMzdkZjczM2E5ODQzMTI2ZGJh
MjAxMDVmZWMxMmE2ZjBhZDFjZDFiZWM5NTE5MTFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDY4Ll8p2FXZXcQOftQ63IZNw/Rp8hiJnD3vDiHlH/uuVCf
EQiadpgb1QqF/RDWF/QrPX9IKArk06dfx1SFqmPgChPxFaD8OIc6t6bnYJkFA2dM
dnbsdY7hco2NinFNua55dR/L9HliGomICYzvH2T+g4X4AdIv7QjNTxR/AbsmXxK/
Ar6is5/RcNBqB41PNEUWBMLK1XjODi8sExId1dO8DNwz0hJyuHMDJthAlxE57zAH
7BjD2vICIC9G8PCnQqVD/UwlfglzcmgTZEqBUw8MAb2PHCSQHeiXgCTw8Xh8meIh
LySVz7LUvITRYKsfISMYO1n4T0UJOWHYZp52xOOnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiQmIu5U2gOJcfRlwcXoD7w+YYAcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2MxNTUxOTE4LTQ0MjEtNGRiMS04MGNjLTE5MzY0Zjc3M2Y4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI29awwDQYJKoZIhvcNAQELBQADggEBAC/gN6kY3lfs0kt6sG1QvJuB+fOy
6GZIsJ1mtL3EC+lJf+2DMwsMSAVPSUrzcUeKFnh/mJuSzsi2GPhvyqL8cLHPuncN
EsscEIPwDmeTY3n3Q3o38A05YM0Ze7Jiv6ucaIZOKnBcmvxEvFp9r/AQY32U1BNe
aT7FvM1gFlpbysJ9NGyVACNivNmuDMoP4VxI3/afcqFh2gHJpRy9d7u3YV5NM/E9
xF+uyi78C2ru4RJYCvAT2JFZtjCj7PbE1H4o3XK9IczvFGqOQCXRRsIDI2mPTuJG
hK/uyhb+A0VDxOYt5Kqpq1bgnccEtblRbrzjQL8VMBKd5+9umi35O7h3PUk=
-----END CERTIFICATE-----