Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa
File:                     425248ee-104d-44c2-9568-ff3915e0a91e.roa (raw, json)
Hash identifier:          OGneQTNv2mvX27T5S4VKkkRx2lABl/rphih0YbZT1/w=
Subject key identifier:   C4:5E:CF:C7:D8:6D:49:CF:92:FA:C7:59:B8:98:2A:18:8D:D8:C2:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17C1FC29E582DC48E6B36E9ED98F45468BA25D7A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        136.18.1.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:c1:fc:29:e5:82:dc:48:e6:b3:6e:9e:d9:8f:45:46:8b:a2:5d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=218f41fdaa94f59f6344553890159aca426d2d1a0fd18b36645f39ebc51561b5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fc:86:c5:6b:b0:9e:2f:5e:9f:14:b2:56:03:
                    86:13:89:c9:4e:77:22:17:6b:ce:e4:98:ce:72:97:
                    5e:7b:ad:c7:5c:c4:11:42:1f:18:63:75:67:6e:21:
                    c7:43:25:dd:85:67:97:91:cf:f3:9a:e0:1f:34:74:
                    f4:44:fc:c4:f7:53:36:6f:40:84:c6:55:1c:4e:81:
                    23:ea:16:fe:f4:0a:4f:94:3d:b5:59:f8:87:d4:37:
                    f0:d6:10:5b:83:9b:08:fd:8a:90:28:36:b6:88:c6:
                    55:d2:89:a7:f8:0b:e2:c1:c1:5f:78:c7:2d:28:02:
                    74:af:ee:82:a9:da:87:fa:a7:77:85:09:49:4e:08:
                    a3:34:f3:72:fe:09:47:50:d8:56:25:b6:75:18:df:
                    60:a7:35:79:56:0e:0f:3f:72:ab:c5:54:9f:c5:50:
                    a7:8f:e3:d1:35:f3:c5:9c:0a:a7:d8:ad:11:11:52:
                    61:89:bb:0b:32:ce:8f:ba:0c:00:e8:7f:f6:ce:d6:
                    5c:44:b1:61:c1:2c:d0:70:e5:0d:73:fc:ed:5c:be:
                    3a:28:a5:bd:e8:cb:db:85:ab:97:90:7d:a7:c1:13:
                    27:88:2b:ab:79:71:a6:6d:23:cf:0f:f7:be:4d:ad:
                    b4:32:02:4d:e9:eb:fa:71:3d:55:ee:65:61:4a:1b:
                    c6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:5E:CF:C7:D8:6D:49:CF:92:FA:C7:59:B8:98:2A:18:8D:D8:C2:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:c0:fb:8f:4f:b8:2e:59:dc:aa:8d:81:21:07:1a:b9:ac:73:
         7f:2d:37:a4:64:59:78:1a:e3:9d:21:66:fa:88:89:a4:ff:f2:
         ee:ee:69:9c:f7:04:de:f8:f0:db:d2:eb:bb:2c:d0:15:6f:61:
         f3:50:43:b8:dc:43:3a:48:f9:16:8c:8b:39:ce:b7:91:0b:a5:
         19:34:9d:89:bb:7f:69:40:76:60:7c:59:0c:d1:42:59:1f:cd:
         16:3b:d5:b3:81:76:f6:c9:34:f6:79:b7:c6:b1:2b:46:43:3a:
         7f:a7:1b:c4:dc:02:10:ff:b3:78:4b:77:3b:79:c1:23:3e:64:
         af:19:54:61:b8:f5:47:cc:3c:0c:8b:83:9b:aa:67:23:77:6c:
         c5:3c:f6:6c:d0:d4:89:16:0f:fc:58:69:f7:ff:c7:22:30:9b:
         2c:59:f1:8f:c4:bd:db:e9:44:9f:4d:86:5e:07:4d:05:4a:22:
         b1:25:9f:13:81:3b:73:e9:3a:c8:02:9b:b5:36:06:cb:07:7a:
         a7:74:71:fc:3d:17:83:42:43:e5:87:cf:77:1b:9e:82:e2:e3:
         4f:1a:35:e8:6d:cb:57:cb:c1:0c:ad:c3:08:cb:c0:65:2f:33:
         76:16:b5:70:79:14:0a:f8:2a:cb:6a:db:b1:db:96:74:75:27:
         23:83:dc:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF8H8KeWC3Ejms26e2Y9FRouiXXowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMThmNDFmZGFhOTRmNTlmNjM0NDU1Mzg5MDE1OWFjYTQy
NmQyZDFhMGZkMThiMzY2NDVmMzllYmM1MTU2MWI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6/IbFa7CeL16fFLJWA4YTiclOdyIXa87kmM5yl157rcdc
xBFCHxhjdWduIcdDJd2FZ5eRz/Oa4B80dPRE/MT3UzZvQITGVRxOgSPqFv70Ck+U
PbVZ+IfUN/DWEFuDmwj9ipAoNraIxlXSiaf4C+LBwV94xy0oAnSv7oKp2of6p3eF
CUlOCKM083L+CUdQ2FYltnUY32CnNXlWDg8/cqvFVJ/FUKeP49E188WcCqfYrRER
UmGJuwsyzo+6DADof/bO1lxEsWHBLNBw5Q1z/O1cvjoopb3oy9uFq5eQfafBEyeI
K6t5caZtI88P975NrbQyAk3p6/pxPVXuZWFKG8YFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxF7Px9htSc+S+sdZuJgqGI3YwgMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyNTI0OGVlLTEwNGQtNDRjMi05NTY4LWZmMzkxNWUwYTkxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEgEwDQYJKoZIhvcNAQELBQADggEBAIXA+49PuC5Z3KqNgSEHGrmsc38t
N6RkWXga450hZvqIiaT/8u7uaZz3BN748NvS67ss0BVvYfNQQ7jcQzpI+RaMiznO
t5ELpRk0nYm7f2lAdmB8WQzRQlkfzRY71bOBdvbJNPZ5t8axK0ZDOn+nG8TcAhD/
s3hLdzt5wSM+ZK8ZVGG49UfMPAyLg5uqZyN3bMU89mzQ1IkWD/xYaff/xyIwmyxZ
8Y/EvdvpRJ9Nhl4HTQVKIrElnxOBO3PpOsgCm7U2BssHeqd0cfw9F4NCQ+WHz3cb
noLi408aNehty1fLwQytwwjLwGUvM3YWtXB5FAr4Kstq27HblnR1JyOD3JU=
-----END CERTIFICATE-----