Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/889ebe55-67cc-4f8c-9402-874dd6eb4a3f.roa
File:                     889ebe55-67cc-4f8c-9402-874dd6eb4a3f.roa (raw, json)
Hash identifier:          1WavO313EacsEzbZWvY2WdaQj7eCoxevdtyavsMDNtE=
Subject key identifier:   11:DB:8A:04:CA:0C:94:0B:A9:C4:BD:BC:BA:01:B4:A0:D8:31:4E:1F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       36D66D9836B5EAB07ABF62CB8972D7C595F6B5F3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/889ebe55-67cc-4f8c-9402-874dd6eb4a3f.roa
Signing time:             Mon 25 Nov 2024 00:00:00 +0000
ROA not before:           Mon 25 Nov 2024 00:00:00 +0000
ROA not after:            Mon 30 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        47.128.0.0/14 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:d6:6d:98:36:b5:ea:b0:7a:bf:62:cb:89:72:d7:c5:95:f6:b5:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov 25 00:00:00 2024 GMT
            Not After : Dec 30 23:59:59 2024 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:82:1a:dc:1e:ee:38:55:66:b0:7c:8d:8a:67:
                    a9:f5:cc:69:47:99:bc:9e:ff:d8:e1:24:89:5d:b9:
                    4b:89:76:ec:97:a5:5d:2d:2b:fd:48:c4:34:9b:90:
                    f2:01:21:88:32:78:8a:23:86:8c:09:32:81:b2:c0:
                    32:77:cf:4d:57:c4:cc:68:1d:99:da:a7:f2:a5:f5:
                    ff:e7:04:28:cf:b4:2c:98:55:67:4a:7e:b6:d6:a8:
                    39:89:67:a9:3b:85:ec:96:d6:af:d3:b6:71:bd:c2:
                    48:ae:84:7c:3f:15:29:fc:d8:fd:00:7d:6f:66:a1:
                    ed:a6:f7:c3:94:89:12:1a:8c:b2:38:82:30:a6:0b:
                    b1:52:0f:c5:ea:e2:09:a1:a6:b3:f1:f4:ba:04:97:
                    6f:29:bc:69:d5:3e:fd:a6:8b:25:09:d9:a5:27:94:
                    68:c1:14:dc:0a:f6:8e:4a:87:87:7a:37:cf:d5:73:
                    50:d5:a9:7e:8f:dd:64:ed:61:64:fb:70:58:88:87:
                    2f:b9:74:15:45:b9:cc:8a:03:15:29:1a:7a:50:4b:
                    20:30:5b:72:c9:22:f8:8b:16:38:f0:05:8a:60:96:
                    e7:33:5a:b5:af:da:7a:63:18:b6:76:1c:a9:cb:3f:
                    ec:18:74:c1:ed:3c:e6:58:f1:db:81:ea:ed:3d:1f:
                    14:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:DB:8A:04:CA:0C:94:0B:A9:C4:BD:BC:BA:01:B4:A0:D8:31:4E:1F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/889ebe55-67cc-4f8c-9402-874dd6eb4a3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  47.128.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         28:26:1f:99:42:3a:b0:10:41:66:64:d0:c4:68:47:93:c9:5c:
         57:c2:a8:12:e9:2c:a3:bc:cf:be:16:22:24:9e:5d:5b:b3:4f:
         44:01:6e:0e:72:c6:fc:89:78:39:10:88:f5:0f:84:8b:eb:0b:
         e2:cc:31:68:13:07:28:3e:e3:35:ff:b1:c3:14:ba:44:0c:4e:
         19:bf:8e:4e:35:16:fe:fb:f0:36:13:6a:6f:12:98:41:73:5f:
         15:52:59:55:87:49:ab:73:88:05:19:2f:56:b3:4a:5a:d7:ae:
         de:96:c4:64:79:a7:54:71:3e:35:cb:ac:fe:a2:73:86:45:99:
         ce:35:94:28:f3:54:9d:07:a2:99:fa:e7:52:16:36:03:02:6f:
         17:9b:8f:13:f3:5c:28:4e:1c:cc:f3:50:02:2c:66:11:aa:97:
         c7:66:32:8b:3b:d9:1b:30:1f:fa:07:8c:b5:3c:19:46:06:c6:
         19:7c:f9:4e:60:72:be:bc:76:0e:9f:f2:e5:88:5c:48:c4:20:
         f2:c6:f0:62:37:d4:d6:af:cf:83:c5:4d:52:08:bc:48:6d:40:
         95:2a:bf:ee:70:6f:ef:f8:48:01:75:0f:97:2d:ad:48:a7:57:
         e7:81:dc:f4:68:c6:d9:63:8d:c9:5e:59:5e:b4:38:d9:99:ca:
         fe:a7:cf:48
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNtZtmDa16rB6v2LLiXLXxZX2tfMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMTI1MDAwMDAwWhcNMjQxMjMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYTMwYTA0MDU2NzY5M2I5MTQ4NDI1ZWNkOWNlMDBlZTUx
YzcyZGZjMDU0MGQ3ODBjZTdiZjljZjg3OGZlNzcxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPghrcHu44VWawfI2KZ6n1zGlHmbye/9jhJIlduUuJduyX
pV0tK/1IxDSbkPIBIYgyeIojhowJMoGywDJ3z01XxMxoHZnap/Kl9f/nBCjPtCyY
VWdKfrbWqDmJZ6k7heyW1q/TtnG9wkiuhHw/FSn82P0AfW9moe2m98OUiRIajLI4
gjCmC7FSD8Xq4gmhprPx9LoEl28pvGnVPv2miyUJ2aUnlGjBFNwK9o5Kh4d6N8/V
c1DVqX6P3WTtYWT7cFiIhy+5dBVFucyKAxUpGnpQSyAwW3LJIviLFjjwBYpglucz
WrWv2npjGLZ2HKnLP+wYdMHtPOZY8duB6u09HxTrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUEduKBMoMlAupxL28ugG0oNgxTh8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg4OWViZTU1LTY3Y2MtNGY4Yy05NDAyLTg3NGRkNmViNGEzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIvgDANBgkqhkiG9w0BAQsFAAOCAQEAKCYfmUI6sBBBZmTQxGhHk8lcV8Ko
Eukso7zPvhYiJJ5dW7NPRAFuDnLG/Il4ORCI9Q+Ei+sL4swxaBMHKD7jNf+xwxS6
RAxOGb+OTjUW/vvwNhNqbxKYQXNfFVJZVYdJq3OIBRkvVrNKWteu3pbEZHmnVHE+
Ncus/qJzhkWZzjWUKPNUnQeimfrnUhY2AwJvF5uPE/NcKE4czPNQAixmEaqXx2Yy
izvZGzAf+geMtTwZRgbGGXz5TmByvrx2Dp/y5YhcSMQg8sbwYjfU1q/Pg8VNUgi8
SG1AlSq/7nBv7/hIAXUPly2tSKdX54Hc9GjG2WONyV5ZXrQ42ZnK/qfPSA==
-----END CERTIFICATE-----