Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/de27c147-70ca-4341-9d45-502f706410d9.roa
File:                     de27c147-70ca-4341-9d45-502f706410d9.roa (raw, json)
Hash identifier:          MYddz9PTG1vxDUEriu2OwRzkxd31xAgVexXrJcYu+ow=
Subject key identifier:   14:EB:58:3B:FE:C4:D4:93:CB:2B:7A:AB:25:71:A9:4E:A7:92:21:7C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       403C5AABAA137542A2B4F78259A0EA0CDE9E3E0B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/de27c147-70ca-4341-9d45-502f706410d9.roa
Signing time:             Wed 05 Mar 2025 00:41:02 +0000
ROA not before:           Wed 05 Mar 2025 00:41:02 +0000
ROA not after:            Wed 09 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        137.114.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:3c:5a:ab:aa:13:75:42:a2:b4:f7:82:59:a0:ea:0c:de:9e:3e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  5 00:41:02 2025 GMT
            Not After : Apr  9 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a4:b6:3b:68:88:0c:ed:3c:29:a0:c4:aa:b5:
                    73:a8:a8:e3:ae:45:7b:69:75:e3:ea:9a:39:c4:bb:
                    03:65:d0:23:b1:19:30:62:43:ee:62:d4:1c:f7:6b:
                    f5:58:cc:df:38:b5:aa:32:9a:9b:57:0a:0f:33:da:
                    17:3b:a4:33:1c:9c:dc:ae:e6:5c:3b:99:c9:13:fe:
                    9c:10:b8:82:69:4b:0d:b7:b0:aa:fb:e1:cd:51:f8:
                    fb:b6:f0:a0:b8:98:ea:b3:e5:7c:43:79:61:7e:6a:
                    2a:2a:83:54:05:c9:88:ad:dc:50:ef:86:2b:32:6a:
                    9b:08:ea:81:c3:0d:39:0a:7f:ed:1f:43:dd:8e:a7:
                    66:1a:e7:0a:89:e0:53:b4:d6:18:3a:1b:44:6c:19:
                    b1:4e:2a:8f:0f:de:70:6b:04:0c:5c:64:b8:88:e6:
                    bb:6f:d4:9e:88:a5:ce:b8:4a:df:47:40:38:4a:7d:
                    59:0a:bf:40:59:4c:72:0d:78:d6:0a:e7:14:92:e4:
                    f2:79:8c:96:bf:d7:de:3e:61:00:ac:ab:09:54:99:
                    65:b6:90:26:8a:a6:42:ea:e1:d0:e7:83:84:2b:1c:
                    0d:49:89:5a:49:8e:08:13:c2:41:04:17:54:85:20:
                    bb:be:9c:bd:39:20:e0:f5:86:a6:89:f4:9c:57:46:
                    cf:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:EB:58:3B:FE:C4:D4:93:CB:2B:7A:AB:25:71:A9:4E:A7:92:21:7C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/de27c147-70ca-4341-9d45-502f706410d9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.114.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4d:d3:2f:fe:0d:7a:17:5f:58:10:69:e9:f6:75:8e:12:53:cb:
         4c:25:ac:1b:4e:1e:18:11:ea:ca:4e:69:25:11:5d:bd:d0:e2:
         56:e8:94:01:f4:66:29:da:62:7e:92:c5:a9:3f:57:00:86:93:
         e1:53:74:e3:d4:82:72:52:08:f2:a8:12:34:f5:8a:ef:1e:c4:
         26:47:ee:d5:a3:ff:59:36:3d:93:ec:31:50:74:5a:c1:ca:15:
         e9:b4:a9:b7:53:35:08:4a:46:c8:57:5a:98:84:f8:08:cf:81:
         46:4e:fc:fb:a8:31:5f:44:30:6e:58:f2:b9:47:69:f8:6a:13:
         1d:7c:69:55:f1:e3:f5:d5:78:39:46:96:66:67:27:41:0e:70:
         9a:dc:de:ff:53:4c:6a:fa:c1:11:6a:a7:60:06:d2:2a:be:bb:
         b6:99:11:0e:87:7b:64:84:22:cc:59:b0:03:87:63:d8:c6:57:
         d6:3e:40:71:41:3f:aa:1c:9f:89:08:65:c1:6c:70:24:8d:81:
         7a:c5:cc:44:84:97:5c:12:5f:b7:69:17:a8:8a:e0:0e:41:bb:
         69:73:3a:53:19:ff:80:f0:b8:bf:44:8b:5b:99:36:37:df:d9:
         04:08:0f:80:dd:10:c8:15:21:e2:dc:f7:3a:5f:4c:8d:3d:47:
         0d:64:45:5c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQDxaq6oTdUKitPeCWaDqDN6ePgswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzA1MDA0MTAyWhcNMjUwNDA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZjVlOTA0OGJmNjcxMDNiMDU5YWUxMDdmYjY2YWI0MjJm
NTFiN2VkM2RkNzc4ZGZhOTRiMWQ1N2VkNzVhOTI1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSpLY7aIgM7TwpoMSqtXOoqOOuRXtpdePqmjnEuwNl0COx
GTBiQ+5i1Bz3a/VYzN84taoymptXCg8z2hc7pDMcnNyu5lw7mckT/pwQuIJpSw23
sKr74c1R+Pu28KC4mOqz5XxDeWF+aioqg1QFyYit3FDvhisyapsI6oHDDTkKf+0f
Q92Op2Ya5wqJ4FO01hg6G0RsGbFOKo8P3nBrBAxcZLiI5rtv1J6Ipc64St9HQDhK
fVkKv0BZTHINeNYK5xSS5PJ5jJa/194+YQCsqwlUmWW2kCaKpkLq4dDng4QrHA1J
iVpJjggTwkEEF1SFILu+nL05IOD1hqaJ9JxXRs83AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFOtYO/7E1JPLK3qrJXGpTqeSIXwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RlMjdjMTQ3LTcwY2EtNDM0MS05ZDQ1LTUwMmY3MDY0MTBkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCJcjANBgkqhkiG9w0BAQsFAAOCAQEATdMv/g16F19YEGnp9nWOElPLTCWs
G04eGBHqyk5pJRFdvdDiVuiUAfRmKdpifpLFqT9XAIaT4VN049SCclII8qgSNPWK
7x7EJkfu1aP/WTY9k+wxUHRawcoV6bSpt1M1CEpGyFdamIT4CM+BRk78+6gxX0Qw
bljyuUdp+GoTHXxpVfHj9dV4OUaWZmcnQQ5wmtze/1NMavrBEWqnYAbSKr67tpkR
Dod7ZIQizFmwA4dj2MZX1j5AcUE/qhyfiQhlwWxwJI2BesXMRISXXBJft2kXqIrg
DkG7aXM6Uxn/gPC4v0SLW5k2N9/ZBAgPgN0QyBUh4tz3Ol9MjT1HDWRFXA==
-----END CERTIFICATE-----