Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1481cf29-99e3-4885-b606-0d56cca957b0.roa
File:                     1481cf29-99e3-4885-b606-0d56cca957b0.roa (raw, json)
Hash identifier:          1IMxgzNGu1h9KDNnD7iLiE/SOwrljlDu1266WKcHjwk=
Subject key identifier:   75:21:25:6A:73:C1:55:4E:B8:BE:2D:1E:47:CD:34:86:AE:D9:39:3F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7974744AADC2F4F25E5AA996AF8071E226FA411C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1481cf29-99e3-4885-b606-0d56cca957b0.roa
Signing time:             Fri 07 Mar 2025 00:40:16 +0000
ROA not before:           Fri 07 Mar 2025 00:40:16 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.228.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:74:74:4a:ad:c2:f4:f2:5e:5a:a9:96:af:80:71:e2:26:fa:41:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  7 00:40:16 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b7:82:0b:fd:80:90:1c:dd:69:39:20:29:fe:
                    77:6f:ed:06:c8:60:b8:be:ed:58:7b:78:27:a1:55:
                    05:2f:4c:43:d0:41:78:b3:79:1f:f5:58:e8:4e:5c:
                    66:28:36:14:7b:73:2b:d3:4c:0a:da:bb:6a:fe:1e:
                    ef:9f:70:ce:7a:f9:2e:34:e5:b9:27:52:0d:98:15:
                    d9:82:76:c7:9b:73:ce:d6:8e:75:88:86:8c:c2:d6:
                    83:74:ec:f0:32:1d:0b:16:66:5c:68:37:17:ef:54:
                    2a:a7:73:20:51:21:28:ea:9e:e0:16:85:ae:12:18:
                    73:fb:43:a9:05:15:5a:b3:8f:10:fe:fc:df:00:e3:
                    c9:9e:ea:8f:52:0d:ec:8d:5d:4d:05:ea:ff:70:c1:
                    cf:b4:70:c9:d2:ca:70:1e:68:8f:a0:b3:6a:9e:68:
                    e7:5c:9c:8f:6b:0a:ac:64:3a:4b:24:b9:f6:0c:e6:
                    e5:32:57:c6:d0:2c:a7:6d:3f:ab:19:f4:06:bd:67:
                    ee:6b:6a:7c:96:41:81:84:4a:99:c2:d6:78:c7:65:
                    f1:4c:61:0e:ad:f6:ed:33:ae:d4:b5:94:64:cd:a6:
                    b8:f8:25:c5:39:b3:0f:02:2a:fa:1b:69:f2:b7:8f:
                    5c:c5:d6:0a:ee:79:cc:74:5d:e0:cd:57:20:fc:5f:
                    70:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:21:25:6A:73:C1:55:4E:B8:BE:2D:1E:47:CD:34:86:AE:D9:39:3F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1481cf29-99e3-4885-b606-0d56cca957b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:6d:d1:31:e2:31:32:4c:5e:9a:6d:45:7f:2d:8b:61:fa:03:
         a5:fc:f4:c8:b0:5c:61:2c:60:86:0a:3b:de:c9:6f:32:47:f6:
         eb:fc:80:61:c7:ab:5e:70:06:81:3c:be:51:74:bc:aa:d8:c1:
         93:32:6d:01:06:10:69:e4:6f:2f:80:f9:a8:98:9d:c6:df:fc:
         7d:06:ea:b0:d2:c0:cd:77:1a:75:fe:32:92:59:f7:3b:dd:20:
         59:c2:a6:2c:4a:56:18:36:65:bb:48:86:61:ad:c0:de:71:df:
         5b:6f:33:8e:38:09:99:6b:6c:b7:b5:54:88:03:b0:98:37:5f:
         0d:59:61:4b:dc:66:88:45:d7:59:44:f5:15:9a:2e:8d:ab:72:
         a2:2f:b7:3d:72:1c:48:06:a6:2f:b8:cd:e1:42:72:1d:16:25:
         5f:c5:c2:51:a4:fb:94:91:74:02:92:3b:5d:1e:8d:b5:17:ea:
         6f:b5:d8:a2:9f:0f:a4:78:ec:9e:2b:2c:e0:33:50:9e:67:cf:
         6a:26:0a:49:2f:e4:66:a6:88:4f:91:10:a2:55:3d:95:b7:bc:
         1f:ca:ca:65:67:6f:16:32:4c:72:97:4f:ab:b4:99:2c:eb:33:
         7a:ba:3d:04:82:c1:65:3f:4c:22:82:f3:8e:22:37:08:2e:07:
         89:51:fb:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeXR0Sq3C9PJeWqmWr4Bx4ib6QRwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzA3MDA0MDE2WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDdlZjBjM2Y2YWI2MzJmOWUzOTc0MjBkMjY3YzMyMWVl
MzJmNzViZGJlYjlkNDY3MjM4MTAzNmFiNjliNjkxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmt4IL/YCQHN1pOSAp/ndv7QbIYLi+7Vh7eCehVQUvTEPQ
QXizeR/1WOhOXGYoNhR7cyvTTArau2r+Hu+fcM56+S405bknUg2YFdmCdsebc87W
jnWIhozC1oN07PAyHQsWZlxoNxfvVCqncyBRISjqnuAWha4SGHP7Q6kFFVqzjxD+
/N8A48me6o9SDeyNXU0F6v9wwc+0cMnSynAeaI+gs2qeaOdcnI9rCqxkOkskufYM
5uUyV8bQLKdtP6sZ9Aa9Z+5ranyWQYGESpnC1njHZfFMYQ6t9u0zrtS1lGTNprj4
JcU5sw8CKvobafK3j1zF1gruecx0XeDNVyD8X3DBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdSElanPBVU64vi0eR800hq7ZOT8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE0ODFjZjI5LTk5ZTMtNDg4NS1iNjA2LTBkNTZjY2E5NTdiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0X+QwDQYJKoZIhvcNAQELBQADggEBABNt0THiMTJMXpptRX8ti2H6A6X8
9MiwXGEsYIYKO97JbzJH9uv8gGHHq15wBoE8vlF0vKrYwZMybQEGEGnkby+A+aiY
ncbf/H0G6rDSwM13GnX+MpJZ9zvdIFnCpixKVhg2ZbtIhmGtwN5x31tvM444CZlr
bLe1VIgDsJg3Xw1ZYUvcZohF11lE9RWaLo2rcqIvtz1yHEgGpi+4zeFCch0WJV/F
wlGk+5SRdAKSO10ejbUX6m+12KKfD6R47J4rLOAzUJ5nz2omCkkv5GamiE+REKJV
PZW3vB/KymVnbxYyTHKXT6u0mSzrM3q6PQSCwWU/TCKC844iNwguB4lR+60=
-----END CERTIFICATE-----