Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ff007066-4f16-43dc-ac2e-68c91e17023e.roa
File:                     ff007066-4f16-43dc-ac2e-68c91e17023e.roa (raw, json)
Hash identifier:          jVd3lB+mKAYcJZusg53QbgYDWS7ZVfcN75QgiCvUJJk=
Subject key identifier:   28:FF:CC:61:B1:6D:50:CB:6A:2F:B4:79:33:D2:77:2E:C2:B4:A1:D4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       09C79767DA18DFBF2B8C758303874893F996B96F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ff007066-4f16-43dc-ac2e-68c91e17023e.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.177.103.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:c7:97:67:da:18:df:bf:2b:8c:75:83:03:87:48:93:f9:96:b9:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=0a3c7c70408b1351cdc9e73ed383f44791bf64db38d9a702732b9e11b54f9a1d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0e:26:50:99:6f:b5:94:c1:b7:5a:da:48:13:
                    74:97:0a:84:65:e1:25:8e:e0:52:04:4a:8b:c5:52:
                    81:95:ac:57:47:85:96:58:d1:77:82:da:8f:76:55:
                    e4:2a:07:cc:15:18:0b:8d:9e:0a:ff:a3:28:70:f1:
                    5d:2f:e7:6a:ce:10:ac:ef:64:ea:19:10:f1:04:4a:
                    f8:ac:bb:6a:bd:24:8e:6c:2a:3a:a4:9f:14:bb:0b:
                    b6:51:5b:58:a7:59:40:3f:2d:22:9a:32:87:5d:db:
                    d3:b2:0b:a5:b1:56:99:5b:e4:e2:ce:ef:f7:29:ac:
                    03:61:19:53:61:08:44:bc:d9:c3:05:9d:4c:5f:a0:
                    f6:a7:f8:d7:25:16:04:7d:4e:c6:6a:0c:89:f0:ff:
                    5c:f5:79:c7:a4:6d:c1:53:e9:31:16:70:10:b4:b6:
                    d2:4f:c2:fe:12:40:25:46:75:c5:21:8b:c9:a5:4d:
                    16:b7:4c:28:8f:4c:d1:9e:2a:7c:56:23:e4:80:10:
                    15:5e:81:97:11:33:7a:b5:3f:a0:c3:a5:a9:0e:e1:
                    b2:c4:62:34:4f:bb:cb:c4:e6:2a:5c:e9:44:d5:b8:
                    a3:f1:3f:da:b8:74:25:d2:de:8b:ad:6a:34:d4:a7:
                    25:2c:51:d7:b9:ce:5a:23:1f:8c:43:f2:95:c0:cc:
                    6f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:FF:CC:61:B1:6D:50:CB:6A:2F:B4:79:33:D2:77:2E:C2:B4:A1:D4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ff007066-4f16-43dc-ac2e-68c91e17023e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.177.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:c1:eb:e4:df:a8:95:7c:c1:ce:02:0c:5e:48:cf:e2:e3:b0:
         c6:4d:b1:93:3d:a0:1d:3d:37:8f:9d:92:65:8a:ee:1d:b6:06:
         32:54:cd:4a:ae:10:ed:17:36:c7:f6:c3:21:68:6d:f7:f5:32:
         01:47:e9:64:4d:b1:c8:78:61:e9:d2:82:a0:b9:07:8a:1f:b0:
         a8:f9:de:32:da:8a:17:37:df:ab:f4:df:f9:f7:c5:20:6d:fa:
         6d:f0:46:6d:d2:02:27:b0:24:90:f6:1a:52:a8:ee:41:89:0f:
         86:ee:01:4f:7c:a9:43:b7:1e:ba:6f:23:50:1c:5b:14:7b:6a:
         f3:38:8c:42:ca:d9:de:80:50:5f:cb:fa:5e:50:5e:09:d2:2a:
         b8:9c:6a:3f:f9:9e:0e:bc:a6:f8:95:f2:78:74:77:fd:7a:95:
         11:d1:50:45:a5:01:dc:ba:bb:25:13:ae:d8:ec:29:57:18:03:
         c5:16:ad:ac:e6:ba:1a:d3:d9:41:5e:1b:fb:48:8f:0f:2e:b1:
         fb:e0:f3:be:41:dd:fa:d5:8c:ac:54:e8:36:bd:af:24:4f:b0:
         87:34:31:3a:c5:cc:93:6f:bf:e8:b3:f1:4e:4a:40:10:4a:2b:
         08:2c:a9:02:68:d0:9b:d7:41:f8:74:86:83:36:3a:63:96:be:
         2d:d2:ab:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCceXZ9oY378rjHWDA4dIk/mWuW8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTNjN2M3MDQwOGIxMzUxY2RjOWU3M2VkMzgzZjQ0Nzkx
YmY2NGRiMzhkOWE3MDI3MzJiOWUxMWI1NGY5YTFkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5DiZQmW+1lMG3WtpIE3SXCoRl4SWO4FIESovFUoGVrFdH
hZZY0XeC2o92VeQqB8wVGAuNngr/oyhw8V0v52rOEKzvZOoZEPEESvisu2q9JI5s
KjqknxS7C7ZRW1inWUA/LSKaModd29OyC6WxVplb5OLO7/cprANhGVNhCES82cMF
nUxfoPan+NclFgR9TsZqDInw/1z1ecekbcFT6TEWcBC0ttJPwv4SQCVGdcUhi8ml
TRa3TCiPTNGeKnxWI+SAEBVegZcRM3q1P6DDpakO4bLEYjRPu8vE5ipc6UTVuKPx
P9q4dCXS3outajTUpyUsUde5zlojH4xD8pXAzG9vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKP/MYbFtUMtqL7R5M9J3LsK0odQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZmMDA3MDY2LTRmMTYtNDNkYy1hYzJlLTY4YzkxZTE3MDIzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPsWcwDQYJKoZIhvcNAQELBQADggEBACDB6+TfqJV8wc4CDF5Iz+LjsMZN
sZM9oB09N4+dkmWK7h22BjJUzUquEO0XNsf2wyFobff1MgFH6WRNsch4YenSgqC5
B4ofsKj53jLaihc336v03/n3xSBt+m3wRm3SAiewJJD2GlKo7kGJD4buAU98qUO3
HrpvI1AcWxR7avM4jELK2d6AUF/L+l5QXgnSKricaj/5ng68pviV8nh0d/16lRHR
UEWlAdy6uyUTrtjsKVcYA8UWrazmuhrT2UFeG/tIjw8usfvg875B3frVjKxU6Da9
ryRPsIc0MTrFzJNvv+iz8U5KQBBKKwgsqQJo0JvXQfh0hoM2OmOWvi3Sqy0=
-----END CERTIFICATE-----