Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e21279bd-bf1e-4602-a869-fb46c329e336.roa
File:                     e21279bd-bf1e-4602-a869-fb46c329e336.roa (raw, json)
Hash identifier:          u0uCe25WK5t7fiSmYMELQzteW/KvR0t5ALCMen7+DeM=
Subject key identifier:   A6:AF:EE:A8:3C:03:2D:72:B5:DA:2D:AD:E8:4B:F3:4C:C3:D8:4A:D4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7D3D6D1BEEDE0C4F691C746FB81421D3FEF84C17
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e21279bd-bf1e-4602-a869-fb46c329e336.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.193.3.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:3d:6d:1b:ee:de:0c:4f:69:1c:74:6f:b8:14:21:d3:fe:f8:4c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=ec7ffd611c79a6a250754a9efbbcabdfb4b09328fbbe5ff3854321f37fc9baba, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:73:6a:8d:60:73:56:7a:64:90:a3:97:e5:4b:
                    f0:30:32:82:74:62:19:63:58:74:90:19:94:b6:8d:
                    fe:01:fe:7e:99:36:7a:bb:f9:c2:c8:50:99:d4:3b:
                    5e:85:65:65:9f:00:dc:d6:f2:b6:12:5f:d0:86:5b:
                    4a:e5:5a:61:c4:19:ac:20:7a:0e:e0:34:55:56:d1:
                    a0:72:c5:a3:f3:12:e0:39:b6:5d:ba:2e:fe:cf:91:
                    20:20:64:eb:61:aa:08:51:a0:53:63:33:2c:b5:51:
                    0d:11:32:12:7e:1c:70:34:7d:0f:da:f0:ba:f7:5d:
                    13:cb:d2:13:a4:34:75:a1:6f:ef:cb:39:fb:0b:00:
                    bc:be:be:be:97:3d:2d:b1:d1:42:b6:2a:dc:79:fa:
                    e4:54:62:52:6a:b5:e5:0b:25:68:f7:5c:66:93:36:
                    ec:cf:f2:46:76:c9:a0:47:6c:b4:e9:00:8d:12:84:
                    af:c0:e3:4c:40:e6:d9:e3:05:fe:c6:57:69:c2:0e:
                    65:b6:e9:06:8d:3a:7b:a1:b3:23:de:a7:a8:ff:0f:
                    2c:0c:dc:0e:ff:13:42:d3:48:84:11:86:7d:af:0a:
                    7e:dd:0a:36:5b:aa:60:bd:ce:c2:90:e7:24:63:f6:
                    3e:97:ec:46:3b:33:a7:2f:52:90:5b:af:cb:b7:cd:
                    79:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:AF:EE:A8:3C:03:2D:72:B5:DA:2D:AD:E8:4B:F3:4C:C3:D8:4A:D4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e21279bd-bf1e-4602-a869-fb46c329e336.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:5f:62:8f:e8:22:c0:39:26:d2:07:4d:c7:e8:2d:a4:00:e3:
         71:45:e5:be:dc:14:08:76:04:bf:1c:8f:a9:6c:75:81:27:59:
         c5:f9:5d:cd:19:c3:d8:ab:8f:38:2b:10:7f:9d:a4:74:5e:e2:
         d1:0d:62:30:60:4d:ae:e6:e8:c2:f3:87:c5:8b:a7:bd:9c:8a:
         1c:a3:46:c5:bd:ec:a8:fe:1c:b8:20:91:ed:4a:ce:eb:4c:9e:
         3c:7b:be:12:03:d0:af:bf:99:7e:01:d7:ce:d7:78:dc:80:49:
         f6:bf:32:50:f5:7c:fe:1e:75:b4:ba:17:2e:cf:55:74:bb:e5:
         d9:f0:5a:eb:10:15:27:e6:fa:db:3b:f6:c5:6d:17:12:57:3a:
         ce:2c:33:51:fd:70:bf:0b:cc:57:ec:d9:21:bf:3c:9c:61:4b:
         2b:e3:e3:d3:0e:59:77:b3:d2:18:7b:24:ee:5a:76:02:df:29:
         2c:9f:55:44:f2:75:86:51:3a:06:fa:ea:d2:34:9a:34:ad:5a:
         9b:05:f2:a8:c0:81:03:57:d9:5c:0d:c6:3b:1a:48:f7:96:be:
         27:c5:48:5f:08:c6:84:0c:9f:8c:f3:6e:21:f2:73:24:52:7b:
         bc:61:88:b7:ad:11:75:a4:da:a2:71:24:63:58:68:d0:30:6c:
         b8:66:fb:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfT1tG+7eDE9pHHRvuBQh0/74TBcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzdmZmQ2MTFjNzlhNmEyNTA3NTRhOWVmYmJjYWJkZmI0
YjA5MzI4ZmJiZTVmZjM4NTQzMjFmMzdmYzliYWJhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD0c2qNYHNWemSQo5flS/AwMoJ0YhljWHSQGZS2jf4B/n6Z
Nnq7+cLIUJnUO16FZWWfANzW8rYSX9CGW0rlWmHEGawgeg7gNFVW0aByxaPzEuA5
tl26Lv7PkSAgZOthqghRoFNjMyy1UQ0RMhJ+HHA0fQ/a8Lr3XRPL0hOkNHWhb+/L
OfsLALy+vr6XPS2x0UK2Ktx5+uRUYlJqteULJWj3XGaTNuzP8kZ2yaBHbLTpAI0S
hK/A40xA5tnjBf7GV2nCDmW26QaNOnuhsyPep6j/DywM3A7/E0LTSIQRhn2vCn7d
CjZbqmC9zsKQ5yRj9j6X7EY7M6cvUpBbr8u3zXkzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpq/uqDwDLXK12i2t6EvzTMPYStQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UyMTI3OWJkLWJmMWUtNDYwMi1hODY5LWZiNDZjMzI5ZTMzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPwQMwDQYJKoZIhvcNAQELBQADggEBAJRfYo/oIsA5JtIHTcfoLaQA43FF
5b7cFAh2BL8cj6lsdYEnWcX5Xc0Zw9irjzgrEH+dpHRe4tENYjBgTa7m6MLzh8WL
p72cihyjRsW97Kj+HLggke1KzutMnjx7vhID0K+/mX4B187XeNyASfa/MlD1fP4e
dbS6Fy7PVXS75dnwWusQFSfm+ts79sVtFxJXOs4sM1H9cL8LzFfs2SG/PJxhSyvj
49MOWXez0hh7JO5adgLfKSyfVUTydYZROgb66tI0mjStWpsF8qjAgQNX2VwNxjsa
SPeWvifFSF8IxoQMn4zzbiHycyRSe7xhiLetEXWk2qJxJGNYaNAwbLhm+7k=
-----END CERTIFICATE-----