Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c81ec3b6-9d84-4093-8d0c-8e3511608dbd.roa
File:                     c81ec3b6-9d84-4093-8d0c-8e3511608dbd.roa (raw, json)
Hash identifier:          gUcDfWNyuGR3ypCgsyhxPo35WkQY53Mtd8pYTnWWHqg=
Subject key identifier:   9E:1F:5E:95:48:31:68:9B:96:96:E5:27:D0:49:B8:A1:E3:AB:6A:E3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       10162FDD72A46876C856D941CF0FF481699B769D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c81ec3b6-9d84-4093-8d0c-8e3511608dbd.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.28.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:16:2f:dd:72:a4:68:76:c8:56:d9:41:cf:0f:f4:81:69:9b:76:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: serialNumber=1e8da53e83cbc441d1fa0e717c1227e8b46c3d6e0c8f1ae8be01315c3c74fe02, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:28:55:83:61:66:c9:96:37:28:b2:bb:b1:22:
                    29:f6:ca:c6:2e:b2:81:02:08:b9:c8:16:1a:0a:dc:
                    d5:f8:e9:a1:a7:34:45:3b:2f:09:96:32:b5:73:ec:
                    87:8d:0e:e9:1a:bd:5c:2b:31:e9:aa:b7:df:70:f8:
                    de:8a:74:34:24:41:95:0a:53:ff:2e:bc:fd:ea:fa:
                    c6:ee:ff:b6:bf:ba:02:ee:da:be:00:84:0c:43:13:
                    ed:9e:a6:85:3a:f5:84:9b:cf:60:13:3c:0b:cb:de:
                    24:82:1a:df:cd:d5:06:b7:1d:c9:2d:15:c5:ea:c9:
                    08:2c:c4:9c:5f:d2:cd:ff:61:5c:42:8b:73:cf:03:
                    f2:1a:36:80:1d:d3:8b:db:d3:87:d6:9e:9e:15:a7:
                    29:16:5d:31:91:c6:75:ae:bd:4e:50:3e:05:b8:7b:
                    74:28:9e:8f:0f:c8:68:78:a6:a9:fd:00:aa:39:19:
                    35:3b:17:75:df:5c:5b:58:83:a9:60:64:67:8a:c1:
                    61:57:67:79:1d:54:d3:06:37:85:56:9e:83:63:f5:
                    4b:d3:a1:0f:f0:1d:12:d3:c6:bf:c4:6c:e2:c9:65:
                    6c:41:71:8f:c5:c0:cd:73:12:53:3f:ef:77:50:8f:
                    76:ca:86:77:99:96:de:b6:e1:2a:2d:c3:86:77:f5:
                    80:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:1F:5E:95:48:31:68:9B:96:96:E5:27:D0:49:B8:A1:E3:AB:6A:E3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c81ec3b6-9d84-4093-8d0c-8e3511608dbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:7a:d5:bc:a6:e8:ee:1b:e5:e4:37:79:d2:ca:58:47:8f:23:
         13:ff:17:ce:28:c5:0c:15:88:d1:58:46:27:69:58:2c:45:67:
         b3:ec:ac:33:9c:43:b9:d5:f4:df:f9:2d:4c:e2:28:52:14:6c:
         7d:6f:a9:20:16:3d:ee:12:7b:79:ac:20:af:f2:63:58:13:45:
         59:ea:17:10:9b:55:a4:54:71:8b:15:7d:0f:c4:dc:50:fd:cc:
         a6:04:96:79:d4:cc:7f:0b:f3:18:0a:e9:7d:97:f5:c1:0a:44:
         34:f1:f2:7a:6f:14:ae:71:df:f5:1d:41:ad:de:54:32:bd:22:
         41:a4:4c:86:37:b4:5a:17:c9:dc:05:20:2d:d0:a5:1c:19:28:
         07:f2:65:20:39:e0:ae:73:e1:49:1d:3c:27:3b:22:ed:4d:a3:
         80:10:dc:cd:bb:c5:35:5e:f9:7b:fc:2a:8c:77:9d:d0:3e:51:
         91:48:c0:e0:55:4a:d8:55:37:10:be:11:f0:bd:d2:fa:92:80:
         76:37:df:ed:4e:ae:87:43:ff:f9:17:3e:43:1c:41:a4:45:11:
         a4:62:d4:49:f5:49:ce:d8:8d:c3:7c:8b:e8:98:f1:f5:d8:71:
         ea:bc:d6:eb:6e:3f:d3:c9:1e:28:0c:9e:7e:46:c2:68:ef:f2:
         89:0c:d1:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEBYv3XKkaHbIVtlBzw/0gWmbdp0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZThkYTUzZTgzY2JjNDQxZDFmYTBlNzE3YzEyMjdlOGI0
NmMzZDZlMGM4ZjFhZThiZTAxMzE1YzNjNzRmZTAyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+KFWDYWbJljcosruxIin2ysYusoECCLnIFhoK3NX46aGn
NEU7LwmWMrVz7IeNDukavVwrMemqt99w+N6KdDQkQZUKU/8uvP3q+sbu/7a/ugLu
2r4AhAxDE+2epoU69YSbz2ATPAvL3iSCGt/N1Qa3HcktFcXqyQgsxJxf0s3/YVxC
i3PPA/IaNoAd04vb04fWnp4VpykWXTGRxnWuvU5QPgW4e3Qono8PyGh4pqn9AKo5
GTU7F3XfXFtYg6lgZGeKwWFXZ3kdVNMGN4VWnoNj9UvToQ/wHRLTxr/EbOLJZWxB
cY/FwM1zElM/73dQj3bKhneZlt624Sotw4Z39YAvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnh9elUgxaJuWluUn0Em4oeOrauMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M4MWVjM2I2LTlkODQtNDA5My04ZDBjLThlMzUxMTYwOGRiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XxwwDQYJKoZIhvcNAQELBQADggEBAIZ61bym6O4b5eQ3edLKWEePIxP/
F84oxQwViNFYRidpWCxFZ7PsrDOcQ7nV9N/5LUziKFIUbH1vqSAWPe4Se3msIK/y
Y1gTRVnqFxCbVaRUcYsVfQ/E3FD9zKYElnnUzH8L8xgK6X2X9cEKRDTx8npvFK5x
3/UdQa3eVDK9IkGkTIY3tFoXydwFIC3QpRwZKAfyZSA54K5z4UkdPCc7Iu1No4AQ
3M27xTVe+Xv8Kox3ndA+UZFIwOBVSthVNxC+EfC90vqSgHY33+1OrodD//kXPkMc
QaRFEaRi1En1Sc7YjcN8i+iY8fXYceq81utuP9PJHigMnn5Gwmjv8okM0Ww=
-----END CERTIFICATE-----