Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa
File:                     88f09a26-8b70-4d31-b73b-01df50c56e50.roa (raw, json)
Hash identifier:          Laqa3V0Au6vb7+f7Tb+4UyhSNCxdZNY56DQu7bTtRO4=
Subject key identifier:   9C:EE:2A:86:60:3B:8A:E8:F5:8C:73:52:46:D4:32:9A:5B:9C:C2:3B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1B3B4BC3FBE6B255F91039AF60DC1623A2B61186
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa
Signing time:             Fri 28 Mar 2025 17:51:37 +0000
ROA not before:           Fri 28 Mar 2025 17:51:37 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        155.146.128.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:3b:4b:c3:fb:e6:b2:55:f9:10:39:af:60:dc:16:23:a2:b6:11:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 28 17:51:37 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5c:18:50:f3:ea:6d:d3:3b:e4:e3:55:00:a8:
                    a2:96:d7:24:4f:f7:9f:fb:91:54:06:72:e3:2a:e6:
                    bf:29:cb:d8:73:f0:06:37:5b:4a:97:57:6b:b2:9f:
                    99:6a:7b:d3:64:47:ac:15:3e:e4:0f:74:74:ad:ad:
                    b2:b5:7a:68:aa:06:83:f1:d7:e4:bb:9f:0c:a6:fa:
                    d6:a6:78:63:13:19:26:c8:89:a8:33:b6:45:f1:33:
                    94:23:c2:3d:7b:3f:99:89:67:c4:c3:45:76:ba:8d:
                    ad:5d:78:b4:0b:30:f9:75:1e:26:d6:1b:66:e1:5f:
                    2f:96:04:58:89:90:96:35:78:bb:42:7e:65:3c:0d:
                    89:10:19:d1:d3:ad:64:31:3b:b1:1b:32:c1:c6:d2:
                    62:1d:fc:f9:d9:1b:f8:77:69:0d:08:81:06:dc:e4:
                    44:e0:ec:37:ae:c9:f6:c6:4a:a1:ef:9e:1a:12:20:
                    8b:e3:63:82:c1:c1:43:18:aa:f2:e1:4d:a2:44:9b:
                    a6:af:99:98:9c:a1:a2:4e:aa:8c:45:f1:93:af:82:
                    92:ad:07:64:0f:05:ea:9f:d1:d2:a1:d0:e2:32:c1:
                    f3:ee:ce:00:6c:85:cd:e6:ff:ee:14:37:d6:35:e3:
                    ef:04:da:f1:cd:4b:27:9d:82:6a:05:31:92:02:cd:
                    43:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:EE:2A:86:60:3B:8A:E8:F5:8C:73:52:46:D4:32:9A:5B:9C:C2:3B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.146.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5d:75:56:27:73:27:65:1e:c4:d0:45:54:e9:81:26:ae:f3:85:
         dd:5f:58:86:12:e8:36:22:79:be:ba:c1:88:c6:22:1f:e2:90:
         0c:1f:05:52:e6:65:86:4c:de:f0:48:bc:eb:64:17:ba:a2:52:
         58:7e:9c:36:f5:f7:c6:5f:15:f4:41:4c:58:04:1b:bf:63:fb:
         01:40:16:71:76:da:0e:e6:95:a6:bb:c5:16:a8:5f:c8:b7:fe:
         86:bd:44:72:40:ef:2d:d7:5d:04:c0:fc:93:8b:1c:0b:ac:90:
         cc:53:c3:f1:84:63:26:fa:ce:d9:b1:c9:75:f6:e3:fd:89:e9:
         0f:6b:22:88:73:87:b6:af:c4:54:89:44:44:52:e0:64:dc:18:
         58:d6:35:1b:0c:2a:24:05:84:f9:d2:34:b8:9f:a2:f8:f0:50:
         1b:02:d2:8a:93:30:70:40:de:69:e1:f3:d4:92:70:f0:6c:6f:
         d4:3b:b0:c0:ed:96:5a:38:a5:17:b9:ae:31:2a:23:e4:3d:92:
         a7:89:b3:a1:8e:1e:e7:d8:d7:3e:fc:63:45:c7:e2:98:48:d8:
         f9:58:13:8f:83:bf:47:77:ac:c8:e6:85:ca:47:bb:aa:f8:34:
         04:9f:b6:97:7a:b0:8a:2d:93:d4:76:48:28:de:5c:25:36:9c:
         c5:15:00:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGztLw/vmslX5EDmvYNwWI6K2EYYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI4MTc1MTM3WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMTZlMDQxYzU4ZDk5MjZmNzA5OTIzOTQ2YWJiNThjNjNk
YWYyMzNhNzg5Zjg2NjdkYjJlYzA0YzZhYTJhZWU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuXBhQ8+pt0zvk41UAqKKW1yRP95/7kVQGcuMq5r8py9hz
8AY3W0qXV2uyn5lqe9NkR6wVPuQPdHStrbK1emiqBoPx1+S7nwym+tameGMTGSbI
iagztkXxM5Qjwj17P5mJZ8TDRXa6ja1deLQLMPl1HibWG2bhXy+WBFiJkJY1eLtC
fmU8DYkQGdHTrWQxO7EbMsHG0mId/PnZG/h3aQ0IgQbc5ETg7DeuyfbGSqHvnhoS
IIvjY4LBwUMYqvLhTaJEm6avmZicoaJOqoxF8ZOvgpKtB2QPBeqf0dKh0OIywfPu
zgBshc3m/+4UN9Y14+8E2vHNSyedgmoFMZICzUMlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnO4qhmA7iuj1jHNSRtQymlucwjswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg4ZjA5YTI2LThiNzAtNGQzMS1iNzNiLTAxZGY1MGM1NmU1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASbkoAwDQYJKoZIhvcNAQELBQADggEBAF11VidzJ2UexNBFVOmBJq7zhd1f
WIYS6DYieb66wYjGIh/ikAwfBVLmZYZM3vBIvOtkF7qiUlh+nDb198ZfFfRBTFgE
G79j+wFAFnF22g7mlaa7xRaoX8i3/oa9RHJA7y3XXQTA/JOLHAuskMxTw/GEYyb6
ztmxyXX24/2J6Q9rIohzh7avxFSJRERS4GTcGFjWNRsMKiQFhPnSNLifovjwUBsC
0oqTMHBA3mnh89SScPBsb9Q7sMDtllo4pRe5rjEqI+Q9kqeJs6GOHufY1z78Y0XH
4phI2PlYE4+Dv0d3rMjmhcpHu6r4NASftpd6sIotk9R2SCjeXCU2nMUVAHI=
-----END CERTIFICATE-----