Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/540927fd-1162-4248-a84a-55576a06a59a.roa
File:                     540927fd-1162-4248-a84a-55576a06a59a.roa (raw, json)
Hash identifier:          fNCy5O/WaKSgkgAcWsyV79aWFr1DYiz2i45xUAUhyVk=
Subject key identifier:   44:C7:73:C1:B6:84:99:03:46:05:CE:53:11:4F:99:60:C8:EE:C2:B9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       79F7958A57A04A99ACD3033BCC35A2387FAF2884
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/540927fd-1162-4248-a84a-55576a06a59a.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.2.19.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:f7:95:8a:57:a0:4a:99:ac:d3:03:3b:cc:35:a2:38:7f:af:28:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3d:f6:66:c7:56:19:df:2c:03:4e:ad:ba:17:
                    66:84:69:f4:16:a8:94:0f:b4:a3:0f:bb:a1:5b:5b:
                    3b:33:0c:60:0a:23:13:d9:0c:99:e4:b6:04:ab:6c:
                    1d:44:e4:63:dc:b6:1f:4a:4e:34:10:3b:ff:f5:0c:
                    6d:97:75:ae:12:a5:32:1b:ba:f9:bd:dc:35:c8:80:
                    08:a2:21:3e:2e:a5:3e:0f:98:42:50:46:d4:cf:ba:
                    a7:75:c4:b5:3d:ca:d6:64:f7:63:33:3a:e2:78:d5:
                    99:0f:f0:52:00:8f:63:c4:dd:5c:a0:51:16:1b:e1:
                    d2:1d:21:dd:d7:80:7c:cb:0a:6b:24:da:ef:9d:c1:
                    e6:46:0f:18:59:25:d6:32:40:0d:42:7e:95:9f:83:
                    f3:38:91:01:48:d6:b4:f3:18:b6:92:c1:16:26:0b:
                    f3:09:c4:45:61:5a:d3:42:76:75:5f:e3:de:4c:1a:
                    e1:79:da:3f:b4:dd:05:98:e7:a8:56:16:d2:9e:86:
                    71:cc:7c:9f:8e:f1:df:84:71:bd:d2:ea:b4:81:e1:
                    f8:35:3a:45:c0:25:75:98:49:fd:d3:b8:c5:c8:be:
                    bc:e2:cf:de:35:10:48:63:5a:ff:83:8c:b8:74:8d:
                    9c:05:76:91:19:c8:8f:57:ed:5b:a9:0f:c5:c0:2a:
                    a7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C7:73:C1:B6:84:99:03:46:05:CE:53:11:4F:99:60:C8:EE:C2:B9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/540927fd-1162-4248-a84a-55576a06a59a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:48:51:ed:bb:78:b1:8e:35:15:d6:d8:e0:77:5b:37:54:2e:
         29:69:e6:33:9d:49:f9:17:96:54:0c:0d:92:61:36:62:21:dd:
         e0:a0:8c:73:50:1e:6d:6e:5a:53:a9:6d:48:2d:6a:2a:7c:3f:
         fd:9d:77:0c:78:9c:ec:cc:27:f9:fe:ef:c7:ca:f7:54:31:41:
         bb:f8:48:e4:97:fd:79:44:f2:ab:67:a8:76:53:af:3a:3b:9f:
         48:4e:08:c5:a0:70:a8:be:5a:e6:b3:33:d1:e9:ed:04:bc:d6:
         d0:64:cb:c2:d0:84:d1:10:00:20:50:e7:b8:31:d2:b9:99:f1:
         e4:d8:75:5b:97:cb:ee:6e:83:ea:a5:de:0a:f2:8a:69:11:67:
         08:c3:cb:49:2b:bf:f6:05:f5:b6:ae:1f:ee:c6:ba:21:9d:cf:
         17:d6:d5:f2:e8:1d:ce:ca:91:2b:e1:d8:5a:1b:24:a6:d7:8f:
         63:7d:c8:0d:93:3d:70:7f:4f:cf:f2:9b:fa:b7:f2:29:4e:34:
         a0:cc:7c:58:9d:0d:a1:78:0c:8a:46:ce:73:6e:5a:18:4f:75:
         08:65:69:b0:f0:b3:6e:89:83:f9:fe:d6:fb:5c:a5:aa:34:2e:
         b0:0f:40:ac:32:28:3a:7b:ce:f8:d3:fe:0f:0e:16:ce:0b:a4:
         eb:b5:18:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUefeVilegSpms0wM7zDWiOH+vKIQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjRhMTBhMTk4NzZjZDZkMzFlMTZjZDkzMjIyMTZiNDA1
MGFmOTFlZTkzMmMyYzdlYWMyOWJlMjRmZjcyNzU2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0PfZmx1YZ3ywDTq26F2aEafQWqJQPtKMPu6FbWzszDGAK
IxPZDJnktgSrbB1E5GPcth9KTjQQO//1DG2Xda4SpTIbuvm93DXIgAiiIT4upT4P
mEJQRtTPuqd1xLU9ytZk92MzOuJ41ZkP8FIAj2PE3VygURYb4dIdId3XgHzLCmsk
2u+dweZGDxhZJdYyQA1CfpWfg/M4kQFI1rTzGLaSwRYmC/MJxEVhWtNCdnVf495M
GuF52j+03QWY56hWFtKehnHMfJ+O8d+Ecb3S6rSB4fg1OkXAJXWYSf3TuMXIvrzi
z941EEhjWv+DjLh0jZwFdpEZyI9X7VupD8XAKqdXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURMdzwbaEmQNGBc5TEU+ZYMjuwrkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU0MDkyN2ZkLTExNjItNDI0OC1hODRhLTU1NTc2YTA2YTU5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAhMwDQYJKoZIhvcNAQELBQADggEBAEpIUe27eLGONRXW2OB3WzdULilp
5jOdSfkXllQMDZJhNmIh3eCgjHNQHm1uWlOpbUgtaip8P/2ddwx4nOzMJ/n+78fK
91QxQbv4SOSX/XlE8qtnqHZTrzo7n0hOCMWgcKi+WuazM9Hp7QS81tBky8LQhNEQ
ACBQ57gx0rmZ8eTYdVuXy+5ug+ql3gryimkRZwjDy0krv/YF9bauH+7GuiGdzxfW
1fLoHc7KkSvh2FobJKbXj2N9yA2TPXB/T8/ym/q38ilONKDMfFidDaF4DIpGznNu
WhhPdQhlabDws26Jg/n+1vtcpao0LrAPQKwyKDp7zvjT/g8OFs4LpOu1GJ8=
-----END CERTIFICATE-----