Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db3be233-1f71-45d1-8421-fcbf700976f3.roa
File:                     db3be233-1f71-45d1-8421-fcbf700976f3.roa (raw, json)
Hash identifier:          3AvrnyAqME+QMN3jrYQ14247SfPVs6AZbTHtg/6gjcc=
Subject key identifier:   3B:B7:28:53:D8:B4:CE:70:D3:D3:BE:B3:76:58:40:D7:38:F2:0E:B5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       217CF328D82B62170442ADEA322C3D6287BE977E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db3be233-1f71-45d1-8421-fcbf700976f3.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.83.224.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:7c:f3:28:d8:2b:62:17:04:42:ad:ea:32:2c:3d:62:87:be:97:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=bc7dc0485f1f11ba8b637533f94555d65ac938918719516a96166ea04e12ca91, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:68:54:8e:75:c5:0e:1c:65:54:b3:4d:57:
                    27:cd:8c:5f:7b:ce:06:42:82:31:8d:87:a5:2a:0b:
                    d7:a9:fd:a5:d5:52:fb:87:d7:1c:44:e1:0e:d6:d3:
                    b6:a6:90:14:94:34:c9:d7:1d:c3:4d:51:b8:de:97:
                    77:31:64:64:71:aa:84:22:d7:88:de:91:99:62:86:
                    83:76:72:11:99:6e:dc:9b:5d:0c:b2:4d:bb:cd:cf:
                    75:56:3a:95:da:9f:9c:b4:4f:53:d1:3f:23:87:d6:
                    33:68:0e:00:b4:f6:e1:95:44:9c:3f:62:ee:b0:15:
                    2e:14:72:9e:57:5b:9c:c5:3c:2b:12:25:48:c2:1f:
                    ea:b8:db:e5:2e:67:94:7c:d1:10:a6:b1:8b:4a:fa:
                    bc:50:22:0f:a9:6e:4a:dd:28:ca:22:9c:50:7d:d0:
                    0d:09:a2:e0:82:25:e0:ab:d0:79:2c:54:8c:0e:3c:
                    bf:40:28:fc:70:40:7a:6a:6e:b5:ec:96:36:e6:ae:
                    0c:2b:4c:5f:0a:73:76:f7:f1:23:8d:12:a7:ba:43:
                    c2:66:ef:41:a5:e9:d7:b3:70:f7:7b:41:b8:10:ea:
                    7c:b8:3a:22:84:2b:78:7b:fc:30:9b:bb:82:77:e5:
                    31:6e:4e:e3:3d:21:00:ea:3b:60:f3:f2:79:7f:d2:
                    c6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B7:28:53:D8:B4:CE:70:D3:D3:BE:B3:76:58:40:D7:38:F2:0E:B5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db3be233-1f71-45d1-8421-fcbf700976f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.83.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         98:33:76:9f:71:e1:f1:9e:62:cd:94:dd:e7:5b:59:7b:80:bb:
         b3:80:c9:e2:8d:47:e9:18:6c:9a:72:a8:57:da:f8:74:f8:76:
         59:5b:eb:cb:95:81:65:f5:74:dd:b6:b4:e6:b2:05:75:b9:52:
         73:05:cd:3b:2f:fd:9f:62:ff:3f:f8:52:5b:6e:72:75:1f:99:
         48:3a:a0:1f:32:7c:4c:7e:21:f9:17:ce:60:f8:8b:d3:5d:04:
         39:bc:66:4e:bd:39:11:26:4c:3c:d6:53:27:d2:ac:35:c4:f3:
         03:0e:07:c8:79:05:2b:fe:1a:cf:29:ef:fc:5e:04:26:65:09:
         1c:23:aa:71:93:a1:4c:bf:54:b7:4a:ab:84:77:99:73:de:83:
         20:70:e5:61:5e:34:4e:e7:d7:9f:58:4d:60:01:07:94:a7:62:
         5c:fd:21:eb:66:93:a4:16:58:fc:49:8c:bd:36:d0:51:3a:72:
         7e:aa:b6:61:33:a3:cf:72:26:49:28:42:39:c2:5a:64:a2:9e:
         66:1c:2a:be:36:b7:08:36:a2:a3:c6:65:61:4e:12:d3:b5:74:
         15:57:0e:ca:8d:7c:27:9d:d2:ff:a2:81:4f:85:79:77:e8:77:
         e6:a9:e2:15:66:15:36:a8:94:97:5d:58:80:9a:4a:ee:8d:a9:
         35:b7:27:da
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIXzzKNgrYhcEQq3qMiw9Yoe+l34wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzdkYzA0ODVmMWYxMWJhOGI2Mzc1MzNmOTQ1NTVkNjVh
YzkzODkxODcxOTUxNmE5NjE2NmVhMDRlMTJjYTkxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgzGhUjnXFDhxlVLNNVyfNjF97zgZCgjGNh6UqC9ep/aXV
UvuH1xxE4Q7W07amkBSUNMnXHcNNUbjel3cxZGRxqoQi14jekZlihoN2chGZbtyb
XQyyTbvNz3VWOpXan5y0T1PRPyOH1jNoDgC09uGVRJw/Yu6wFS4Ucp5XW5zFPCsS
JUjCH+q42+UuZ5R80RCmsYtK+rxQIg+pbkrdKMoinFB90A0JouCCJeCr0HksVIwO
PL9AKPxwQHpqbrXsljbmrgwrTF8Kc3b38SONEqe6Q8Jm70Gl6dezcPd7QbgQ6ny4
OiKEK3h7/DCbu4J35TFuTuM9IQDqO2Dz8nl/0sazAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUO7coU9i0znDT076zdlhA1zjyDrUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RiM2JlMjMzLTFmNzEtNDVkMS04NDIxLWZjYmY3MDA5NzZmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2U+AwDQYJKoZIhvcNAQELBQADggEBAJgzdp9x4fGeYs2U3edbWXuAu7OA
yeKNR+kYbJpyqFfa+HT4dllb68uVgWX1dN22tOayBXW5UnMFzTsv/Z9i/z/4Ultu
cnUfmUg6oB8yfEx+IfkXzmD4i9NdBDm8Zk69OREmTDzWUyfSrDXE8wMOB8h5BSv+
Gs8p7/xeBCZlCRwjqnGToUy/VLdKq4R3mXPegyBw5WFeNE7n159YTWABB5SnYlz9
Ietmk6QWWPxJjL020FE6cn6qtmEzo89yJkkoQjnCWmSinmYcKr42twg2oqPGZWFO
EtO1dBVXDsqNfCed0v+igU+FeXfod+ap4hVmFTaolJddWICaSu6NqTW3J9o=
-----END CERTIFICATE-----