Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e55ff418-99ea-4935-b28f-27cebea5f8ec.roa
File:                     e55ff418-99ea-4935-b28f-27cebea5f8ec.roa (raw, json)
Hash identifier:          o80f0mcJ2TFcOEYTIEurdnJacObrfPy0dsAf5oQypdM=
Subject key identifier:   A9:E7:BA:EE:0C:FB:92:99:88:B9:8F:2D:B2:2E:8E:82:CA:47:96:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       44AF4E275B3674BC924832A60283E446BF7E23BD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e55ff418-99ea-4935-b28f-27cebea5f8ec.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.248.64.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:af:4e:27:5b:36:74:bc:92:48:32:a6:02:83:e4:46:bf:7e:23:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:86:73:79:0d:d9:6d:58:03:80:61:bc:ad:5e:
                    29:37:13:ad:f2:fb:e0:db:fa:d9:bf:9c:f2:dd:c8:
                    d4:ab:78:e7:18:29:48:d4:4f:ce:99:61:01:c0:67:
                    e6:1a:c0:49:7f:b3:91:d6:c6:fc:f9:9c:18:fb:20:
                    e6:2a:ba:c4:82:b0:10:0c:0f:c8:e5:0c:ab:03:7f:
                    c5:b6:2f:18:09:78:cb:75:06:5e:45:87:ff:fb:eb:
                    30:5f:a3:1d:20:5d:d1:9c:38:01:9b:5f:d5:51:5a:
                    35:3c:12:b6:8e:9a:d9:12:42:28:0b:8e:1e:3b:40:
                    66:94:00:0d:b3:fe:ea:6b:b7:aa:4c:88:41:1f:58:
                    f1:81:ce:41:eb:77:5b:f2:9a:10:b3:ed:6a:b5:29:
                    b4:16:17:48:2c:a8:ac:36:09:fc:72:60:1d:9b:b9:
                    7c:4a:ab:d6:4e:19:58:9b:1d:47:5f:e5:cd:db:32:
                    0e:82:a8:fb:13:89:c0:df:36:25:81:d4:17:64:0d:
                    82:b6:fd:4e:36:8b:86:78:ae:87:1c:06:8f:98:80:
                    c9:f9:3b:7d:13:fa:5c:a0:f7:75:f7:6c:12:3b:fa:
                    fd:f9:bf:b8:f1:a1:87:1b:bf:d7:4d:ce:74:cc:9f:
                    74:d5:c4:52:59:c6:25:ee:7f:f3:20:da:92:26:da:
                    6f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E7:BA:EE:0C:FB:92:99:88:B9:8F:2D:B2:2E:8E:82:CA:47:96:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e55ff418-99ea-4935-b28f-27cebea5f8ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.248.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         50:f1:c5:d8:76:f1:0b:76:72:e5:7f:69:cc:c0:44:fa:ef:d1:
         f6:ff:4d:7d:d0:9f:74:36:ca:45:f6:d7:95:b7:28:a1:ed:f5:
         75:d3:71:40:a1:2c:23:4d:6f:65:31:e0:0f:47:d3:31:a1:0b:
         19:56:79:3f:84:81:66:f9:09:87:e3:0d:e4:28:22:b4:07:14:
         0b:05:c8:c3:41:58:e6:32:d8:77:d7:9b:ff:83:fa:0f:3f:f9:
         29:b4:98:5e:91:b5:52:51:0e:8d:63:f4:64:80:c5:da:82:21:
         92:e3:36:a6:1d:a8:ea:df:3e:59:eb:52:13:43:52:48:ae:94:
         96:5b:3e:97:44:56:74:b2:0e:6f:37:06:0e:a3:64:75:98:76:
         8e:bd:93:19:51:df:b9:5a:b0:8e:bf:54:0e:a7:85:a3:8a:53:
         eb:e8:57:bb:ec:f5:b6:de:d3:c0:e6:91:39:53:c0:43:9e:3d:
         7b:de:5d:22:9e:a3:7d:49:4d:3c:f4:f1:b4:1b:7c:9a:85:e7:
         3f:7a:f4:cc:5c:d2:75:61:20:12:e4:11:69:c8:14:73:d9:05:
         d6:be:55:c5:87:6e:3d:d6:47:6b:0d:29:3d:f7:17:3f:1f:83:
         7c:62:93:62:5e:63:5e:3e:fa:76:44:54:e6:bf:dc:c9:e6:bf:
         82:b5:ef:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURK9OJ1s2dLySSDKmAoPkRr9+I70wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZTc2NjRjZTQ2ZDgwMjQwYjdmN2E1YmIwNDM1MWQ5MmYz
ZDc5ZWMwMTQ0YmNmN2QzMDVhY2FjZWFjZWYyMjNlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwhnN5DdltWAOAYbytXik3E63y++Db+tm/nPLdyNSreOcY
KUjUT86ZYQHAZ+YawEl/s5HWxvz5nBj7IOYqusSCsBAMD8jlDKsDf8W2LxgJeMt1
Bl5Fh//76zBfox0gXdGcOAGbX9VRWjU8EraOmtkSQigLjh47QGaUAA2z/uprt6pM
iEEfWPGBzkHrd1vymhCz7Wq1KbQWF0gsqKw2CfxyYB2buXxKq9ZOGVibHUdf5c3b
Mg6CqPsTicDfNiWB1BdkDYK2/U42i4Z4roccBo+YgMn5O30T+lyg93X3bBI7+v35
v7jxoYcbv9dNznTMn3TVxFJZxiXuf/Mg2pIm2m9lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqee67gz7kpmIuY8tsi6OgspHlncwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U1NWZmNDE4LTk5ZWEtNDkzNS1iMjhmLTI3Y2ViZWE1ZjhlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP+EAwDQYJKoZIhvcNAQELBQADggEBAFDxxdh28Qt2cuV/aczARPrv0fb/
TX3Qn3Q2ykX215W3KKHt9XXTcUChLCNNb2Ux4A9H0zGhCxlWeT+EgWb5CYfjDeQo
IrQHFAsFyMNBWOYy2HfXm/+D+g8/+Sm0mF6RtVJRDo1j9GSAxdqCIZLjNqYdqOrf
PlnrUhNDUkiulJZbPpdEVnSyDm83Bg6jZHWYdo69kxlR37lasI6/VA6nhaOKU+vo
V7vs9bbe08DmkTlTwEOePXveXSKeo31JTTz08bQbfJqF5z969Mxc0nVhIBLkEWnI
FHPZBda+VcWHbj3WR2sNKT33Fz8fg3xik2JeY14++nZEVOa/3Mnmv4K178g=
-----END CERTIFICATE-----