Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/a23f57bf-3947-48c4-91f1-e4364b7d94a1.roa
File:                     a23f57bf-3947-48c4-91f1-e4364b7d94a1.roa (raw, json)
Hash identifier:          QWXE6cWY+xkOmuKQfNSZysjqdqstjaF1ieek4MZg3BM=
Subject key identifier:   54:64:1F:CE:88:41:58:02:3A:46:DC:A1:86:EF:03:D5:1F:B5:26:77
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       62AEBC9A1F18C4711BF726418DB462BDE73D1B5F
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/a23f57bf-3947-48c4-91f1-e4364b7d94a1.roa
Signing time:             Fri 21 Mar 2025 00:40:23 +0000
ROA not before:           Fri 21 Mar 2025 00:40:23 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.171.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:ae:bc:9a:1f:18:c4:71:1b:f7:26:41:8d:b4:62:bd:e7:3d:1b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Mar 21 00:40:23 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a2:ec:0d:c0:1e:bb:a6:5f:77:e8:50:ba:15:
                    a2:df:68:7e:49:d2:46:4a:0f:bb:2a:97:91:4f:42:
                    bd:8b:81:f6:d8:3a:3e:46:45:36:9d:44:f4:31:34:
                    02:60:a4:e3:55:f7:cf:db:70:07:37:7c:22:5e:7a:
                    58:94:b7:2d:5a:d9:44:31:cd:c6:41:2e:28:3b:1f:
                    a0:7e:8b:f0:fb:52:31:5b:56:07:8f:be:76:49:de:
                    e0:be:a3:8e:ac:f8:d1:56:3c:b6:6c:ef:bc:e1:5e:
                    b0:d5:7a:cf:c1:e6:06:6c:2a:79:8c:2d:ee:78:22:
                    47:f5:4f:ed:11:f9:79:86:9c:50:5c:7b:f6:8d:9c:
                    ef:39:73:50:4d:13:7f:ff:ae:b4:9d:ba:a9:b3:ee:
                    b1:55:b2:94:4c:20:48:fe:e8:0a:bf:7e:dc:f1:13:
                    bc:a7:9a:47:65:14:1d:52:66:b7:7a:03:95:66:04:
                    ca:7f:5c:73:fb:4c:47:e3:6f:b0:64:92:ab:d9:05:
                    e5:b7:7f:2b:aa:7c:46:f6:c7:02:c1:0f:6a:78:dd:
                    3b:b1:71:f0:d3:cd:ec:d2:c3:0c:58:18:ef:5f:27:
                    5c:97:c4:4e:be:aa:43:a8:69:27:2d:41:33:59:91:
                    fa:8d:e8:c2:cb:13:0f:a6:2e:9b:ca:95:65:8a:00:
                    ac:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:64:1F:CE:88:41:58:02:3A:46:DC:A1:86:EF:03:D5:1F:B5:26:77
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/a23f57bf-3947-48c4-91f1-e4364b7d94a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.171.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         83:34:42:17:70:9f:2f:f7:8f:7e:a2:1f:42:38:42:65:17:26:
         36:1a:03:a1:95:2a:67:62:e4:2f:c6:5d:7c:41:b9:d6:46:70:
         0e:71:8e:31:41:c5:b2:d9:5c:7d:1e:33:52:72:85:2b:ad:8d:
         9a:d7:91:12:ca:c6:ae:ee:ab:75:c5:75:ef:56:6c:06:be:76:
         b7:5c:c0:47:3e:b1:e9:a6:70:62:de:17:8e:17:cd:78:45:85:
         11:59:56:d8:93:12:67:08:f5:e7:d7:80:a9:2f:68:56:e6:ce:
         1b:ce:93:15:30:61:76:81:e4:d5:c1:6f:85:00:19:6b:60:0b:
         93:1a:3a:0c:d7:17:2c:3f:46:f5:51:e4:71:21:f9:bf:4d:c1:
         d7:fa:38:93:da:a0:64:26:21:8e:2d:07:56:22:4d:4d:d3:cc:
         23:f7:e5:4a:fd:16:11:34:02:9a:2a:30:a1:e5:45:45:68:d6:
         a2:d5:8d:ac:a8:8a:8a:7e:09:69:5c:aa:26:42:38:a7:54:b8:
         15:b2:bd:2f:25:82:f2:5f:8c:93:10:99:2f:f5:f9:34:f8:81:
         76:21:23:50:1b:7d:44:9e:4c:33:11:56:e3:a0:ef:b3:90:e9:
         ef:be:e0:ac:4e:25:a0:ee:67:b5:af:a3:f7:c7:a0:ce:c1:b8:
         6f:2f:88:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYq68mh8YxHEb9yZBjbRivec9G18wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUwMzIxMDA0MDIzWhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODAxYTAwM2VlMTExNGJhZTA4NTUzMjQ1OWFlZjFhMGRj
ZTA1ZTJlMWI1YTZmNjhjNDA2MTgwMjkxYTUxMjhhMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjouwNwB67pl936FC6FaLfaH5J0kZKD7sql5FPQr2LgfbY
Oj5GRTadRPQxNAJgpONV98/bcAc3fCJeeliUty1a2UQxzcZBLig7H6B+i/D7UjFb
VgePvnZJ3uC+o46s+NFWPLZs77zhXrDVes/B5gZsKnmMLe54Ikf1T+0R+XmGnFBc
e/aNnO85c1BNE3//rrSduqmz7rFVspRMIEj+6Aq/ftzxE7ynmkdlFB1SZrd6A5Vm
BMp/XHP7TEfjb7BkkqvZBeW3fyuqfEb2xwLBD2p43TuxcfDTzezSwwxYGO9fJ1yX
xE6+qkOoaSctQTNZkfqN6MLLEw+mLpvKlWWKAKyxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVGQfzohBWAI6Rtyhhu8D1R+1JncwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2EyM2Y1N2JmLTM5NDctNDhjNC05MWYxLWU0MzY0YjdkOTRhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXPq6AwDQYJKoZIhvcNAQELBQADggEBAIM0Qhdwny/3j36iH0I4QmUXJjYa
A6GVKmdi5C/GXXxBudZGcA5xjjFBxbLZXH0eM1JyhSutjZrXkRLKxq7uq3XFde9W
bAa+drdcwEc+semmcGLeF44XzXhFhRFZVtiTEmcI9efXgKkvaFbmzhvOkxUwYXaB
5NXBb4UAGWtgC5MaOgzXFyw/RvVR5HEh+b9Nwdf6OJPaoGQmIY4tB1YiTU3TzCP3
5Ur9FhE0ApoqMKHlRUVo1qLVjayoiop+CWlcqiZCOKdUuBWyvS8lgvJfjJMQmS/1
+TT4gXYhI1AbfUSeTDMRVuOg77OQ6e++4KxOJaDuZ7Wvo/fHoM7BuG8viBk=
-----END CERTIFICATE-----