Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d13b2e40-3740-4926-a9e4-7124b417cbc1.roa
File:                     d13b2e40-3740-4926-a9e4-7124b417cbc1.roa (raw, json)
Hash identifier:          CwzI4tY3PUeM5yDx6yISfLDuKelC4WpjLZ3qHMSTp/w=
Subject key identifier:   7B:24:D2:31:0A:46:84:85:CA:A3:EC:F4:B1:39:B3:DF:19:08:99:24
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4A3F2A35E581E8BBC9CACFFA4B0D1C145E59F8CB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d13b2e40-3740-4926-a9e4-7124b417cbc1.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.243.128.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:3f:2a:35:e5:81:e8:bb:c9:ca:cf:fa:4b:0d:1c:14:5e:59:f8:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=f56d26dbdbc815062037761d00c2aa985e3c0c07c4676fe40ae22e5a474cdbd9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:18:65:6c:b8:e0:a6:5c:26:0f:e3:77:b6:28:
                    7f:f4:46:d1:46:fe:84:03:dd:da:70:ef:eb:f1:38:
                    a9:66:0b:39:a4:7d:79:ae:12:28:70:31:62:be:c4:
                    f7:a2:b2:8f:e2:83:4f:d0:7a:bd:38:c7:ed:10:b8:
                    c0:f2:a4:e4:58:e3:33:84:11:fb:53:03:74:87:ba:
                    b1:be:21:1d:11:09:26:55:eb:7c:ff:04:27:24:7a:
                    96:50:56:a6:7b:f6:94:16:e5:1f:4f:d7:44:c1:f3:
                    47:50:21:bd:34:de:91:76:cb:41:db:6b:52:3a:68:
                    aa:c3:62:e1:50:e2:a2:ed:3f:9c:1a:f6:d7:fa:09:
                    2e:0a:b8:e5:15:b9:68:ba:d4:03:13:53:48:9f:6c:
                    86:f6:75:f6:12:a7:7c:b6:55:eb:b6:bb:61:19:ab:
                    7e:b1:ec:87:32:29:c9:d9:9e:0d:3a:f3:4f:0f:bf:
                    f5:ef:d6:5f:ad:75:a3:30:0a:df:53:dd:df:92:bd:
                    d4:89:58:10:24:11:d5:06:61:7b:c5:92:2d:cb:d7:
                    32:90:3b:e3:31:7e:f5:9a:e7:11:11:1f:87:6b:d3:
                    bc:b5:39:56:c8:3f:83:55:d6:dd:a1:c6:48:b2:46:
                    d4:ea:e2:fb:69:eb:80:54:93:8a:bf:80:3e:57:1a:
                    ff:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:24:D2:31:0A:46:84:85:CA:A3:EC:F4:B1:39:B3:DF:19:08:99:24
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d13b2e40-3740-4926-a9e4-7124b417cbc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.243.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         25:9b:40:c1:63:f6:d5:0d:ee:e7:8c:06:2a:36:7f:f9:45:51:
         8e:a0:00:87:b1:81:b1:6c:af:2e:55:a1:f7:2d:bc:a6:e8:d9:
         dc:41:c3:91:df:90:a4:92:4c:2f:de:72:96:8d:52:d4:19:a5:
         46:c2:97:1d:1d:6b:84:d1:ac:ad:9a:e9:6c:83:db:0c:91:65:
         99:85:9b:2d:2d:ef:78:0e:da:af:16:09:e1:f6:01:5e:ef:66:
         2d:6a:8b:4e:d9:81:35:c9:88:83:c8:92:a5:80:27:4f:89:d5:
         68:8d:c3:ec:68:b8:41:eb:83:d7:7d:24:61:89:68:2a:97:34:
         ec:a8:59:74:ff:19:cb:0b:74:78:bc:55:db:0c:fc:65:00:11:
         7c:be:28:be:a0:95:de:b1:8d:5c:93:50:37:81:51:6d:8b:51:
         34:4d:7e:d1:5a:0e:69:a0:ba:04:7f:76:72:5e:7d:90:13:76:
         51:07:28:62:20:ae:11:29:99:2d:8e:a7:17:d7:e0:0a:b8:a1:
         60:70:af:31:0c:f6:87:fe:5f:59:e2:64:a1:ea:f7:61:e7:bf:
         46:13:a3:00:c3:d1:5c:80:ee:d0:5d:c3:14:7a:ad:a0:ac:49:
         48:bc:ed:8d:38:a7:1e:de:1b:2d:37:f4:30:eb:ea:8c:56:e1:
         32:82:c5:63
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSj8qNeWB6LvJys/6Sw0cFF5Z+MswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTZkMjZkYmRiYzgxNTA2MjAzNzc2MWQwMGMyYWE5ODVl
M2MwYzA3YzQ2NzZmZTQwYWUyMmU1YTQ3NGNkYmQ5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxGGVsuOCmXCYP43e2KH/0RtFG/oQD3dpw7+vxOKlmCzmk
fXmuEihwMWK+xPeiso/ig0/Qer04x+0QuMDypORY4zOEEftTA3SHurG+IR0RCSZV
63z/BCckepZQVqZ79pQW5R9P10TB80dQIb003pF2y0Hba1I6aKrDYuFQ4qLtP5wa
9tf6CS4KuOUVuWi61AMTU0ifbIb2dfYSp3y2Veu2u2EZq36x7IcyKcnZng06808P
v/Xv1l+tdaMwCt9T3d+SvdSJWBAkEdUGYXvFki3L1zKQO+MxfvWa5xERH4dr07y1
OVbIP4NV1t2hxkiyRtTq4vtp64BUk4q/gD5XGv8TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeyTSMQpGhIXKo+z0sTmz3xkImSQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QxM2IyZTQwLTM3NDAtNDkyNi1hOWU0LTcxMjRiNDE3Y2JjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc284AwDQYJKoZIhvcNAQELBQADggEBACWbQMFj9tUN7ueMBio2f/lFUY6g
AIexgbFsry5VofctvKbo2dxBw5HfkKSSTC/ecpaNUtQZpUbClx0da4TRrK2a6WyD
2wyRZZmFmy0t73gO2q8WCeH2AV7vZi1qi07ZgTXJiIPIkqWAJ0+J1WiNw+xouEHr
g9d9JGGJaCqXNOyoWXT/GcsLdHi8VdsM/GUAEXy+KL6gld6xjVyTUDeBUW2LUTRN
ftFaDmmgugR/dnJefZATdlEHKGIgrhEpmS2OpxfX4Aq4oWBwrzEM9of+X1niZKHq
92Hnv0YTowDD0VyA7tBdwxR6raCsSUi87Y04px7eGy039DDr6oxW4TKCxWM=
-----END CERTIFICATE-----