Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bb02548-0394-4c22-b446-d1d217b919f6.roa
File:                     1bb02548-0394-4c22-b446-d1d217b919f6.roa (raw, json)
Hash identifier:          c/r/co9hSC1L7m0BLNxxuZfl/2SlzRUw9lnyA05tdBE=
Subject key identifier:   01:A2:5A:F7:CC:40:9E:C2:92:8D:8D:49:56:1F:A9:37:AC:FA:16:2A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       27B4A191A9714455D5E353BA58F79C4F38E5C9EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bb02548-0394-4c22-b446-d1d217b919f6.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.134.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:b4:a1:91:a9:71:44:55:d5:e3:53:ba:58:f7:9c:4f:38:e5:c9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=82d0678f721565862ee850722f4daa955f89aa584fe19a083714a5cba5ff5fda, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:11:e4:bc:46:12:ad:82:32:c7:1e:fd:ba:e3:
                    f8:dc:42:4b:c6:3c:e4:65:bc:50:77:1d:12:3e:be:
                    ce:65:c1:11:59:24:a3:6c:f6:6d:7d:d6:bf:5a:49:
                    ae:bb:81:89:00:68:c9:60:cf:86:ff:60:ec:c9:d0:
                    f0:52:7a:a5:6b:53:70:27:a3:14:bb:68:7d:9a:f0:
                    8b:8b:aa:84:7b:5b:27:c9:d9:b2:a9:5d:9e:d3:ae:
                    c2:c1:38:1c:41:33:1d:ad:14:eb:d1:a4:59:f1:63:
                    6c:b1:0b:3c:48:fd:99:32:0c:fb:8d:c0:50:c5:dc:
                    df:99:f1:b8:cc:36:a8:27:16:d7:c9:aa:88:39:28:
                    10:c4:5a:38:80:4c:74:0e:c1:58:3b:aa:9d:7e:91:
                    63:72:ef:10:40:4e:05:9b:37:f0:10:07:aa:2f:ce:
                    5e:dc:fe:a5:61:c0:1c:8a:b2:c3:76:e7:d6:66:ac:
                    87:45:03:98:ae:99:9b:10:c6:a3:89:14:be:49:2c:
                    0d:ed:65:8d:fc:fc:71:c1:a7:74:fd:ec:93:7e:9b:
                    e9:e5:3c:ef:74:50:32:78:58:1a:e8:51:3d:8f:c0:
                    b8:70:25:d8:a6:3f:5a:e3:c3:c6:4a:4c:44:2e:79:
                    a5:c3:41:c9:98:38:fc:5d:01:e7:ec:18:62:d5:65:
                    6f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A2:5A:F7:CC:40:9E:C2:92:8D:8D:49:56:1F:A9:37:AC:FA:16:2A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bb02548-0394-4c22-b446-d1d217b919f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:f9:2f:6f:d5:e3:7d:f6:fc:c9:c4:21:3b:97:96:7c:ef:07:
         3e:0a:bb:3f:84:52:49:83:24:04:ef:df:28:6a:e1:b8:89:84:
         5d:55:2a:6f:6c:5c:2c:dc:b0:c6:da:b5:b7:5f:b5:ac:94:84:
         c2:8c:5e:b3:e7:e1:b4:2c:83:bd:ad:cc:a3:a5:34:c3:4f:df:
         7c:a7:53:fb:96:bd:b6:9a:df:e8:ff:0b:0e:41:dc:7b:64:29:
         05:59:ae:50:2e:0e:e0:c1:19:24:7b:71:46:07:46:59:d3:3c:
         61:0d:aa:67:ff:e0:28:1d:0a:d2:cd:cc:6f:38:54:66:cb:ee:
         dd:12:cc:9b:0d:77:dc:11:4a:e7:28:fd:fd:94:8d:ab:e0:bf:
         15:b2:ef:2a:89:63:57:34:bb:40:88:0a:c1:df:af:3d:2c:28:
         3e:75:61:1b:9d:27:e0:c7:9c:a4:41:56:b3:36:94:0e:52:82:
         db:99:0d:c1:fb:f4:7f:8a:b0:d7:06:9b:2a:82:a1:a8:25:18:
         6d:d5:59:04:a6:91:8d:f5:1d:d8:32:85:7f:60:7d:86:88:38:
         a0:7a:0a:95:65:27:dc:ed:0f:ab:5e:21:e4:30:c4:15:08:eb:
         bc:5c:8a:f1:40:1d:94:3a:ed:7f:86:8d:45:16:3d:8d:c2:e6:
         1a:d0:7d:76
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ7ShkalxRFXV41O6WPecTzjlyeowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MmQwNjc4ZjcyMTU2NTg2MmVlODUwNzIyZjRkYWE5NTVm
ODlhYTU4NGZlMTlhMDgzNzE0YTVjYmE1ZmY1ZmRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkEeS8RhKtgjLHHv264/jcQkvGPORlvFB3HRI+vs5lwRFZ
JKNs9m191r9aSa67gYkAaMlgz4b/YOzJ0PBSeqVrU3AnoxS7aH2a8IuLqoR7WyfJ
2bKpXZ7TrsLBOBxBMx2tFOvRpFnxY2yxCzxI/ZkyDPuNwFDF3N+Z8bjMNqgnFtfJ
qog5KBDEWjiATHQOwVg7qp1+kWNy7xBATgWbN/AQB6ovzl7c/qVhwByKssN259Zm
rIdFA5iumZsQxqOJFL5JLA3tZY38/HHBp3T97JN+m+nlPO90UDJ4WBroUT2PwLhw
JdimP1rjw8ZKTEQueaXDQcmYOPxdAefsGGLVZW//AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAaJa98xAnsKSjY1JVh+pN6z6FiowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFiYjAyNTQ4LTAzOTQtNGMyMi1iNDQ2LWQxZDIxN2I5MTlmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEoYwDQYJKoZIhvcNAQELBQADggEBAJ/5L2/V4332/MnEITuXlnzvBz4K
uz+EUkmDJATv3yhq4biJhF1VKm9sXCzcsMbatbdftayUhMKMXrPn4bQsg72tzKOl
NMNP33ynU/uWvbaa3+j/Cw5B3HtkKQVZrlAuDuDBGSR7cUYHRlnTPGENqmf/4Cgd
CtLNzG84VGbL7t0SzJsNd9wRSuco/f2UjavgvxWy7yqJY1c0u0CICsHfrz0sKD51
YRudJ+DHnKRBVrM2lA5SgtuZDcH79H+KsNcGmyqCoaglGG3VWQSmkY31HdgyhX9g
fYaIOKB6CpVlJ9ztD6teIeQwxBUI67xcivFAHZQ67X+GjUUWPY3C5hrQfXY=
-----END CERTIFICATE-----