Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50891610-f1cb-4b7a-a57d-137d51c307c3.roa
File:                     50891610-f1cb-4b7a-a57d-137d51c307c3.roa (raw, json)
Hash identifier:          Q+e53ap1zNYQODpaUr4lSVtgTCWOsk54oRQzNpU3t0M=
Subject key identifier:   13:F2:81:27:DB:44:A3:F1:2D:B0:0B:67:10:62:62:3D:36:3B:0A:A5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0DFA6E1EC9EA053EF7E699377D0494BE98191BCB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50891610-f1cb-4b7a-a57d-137d51c307c3.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.133.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:fa:6e:1e:c9:ea:05:3e:f7:e6:99:37:7d:04:94:be:98:19:1b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=757d62e8405cb2658aad46b5360c009b745742756459d566225010328730f9e6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c9:07:6f:7c:bc:fa:5c:aa:d0:63:97:07:70:
                    6a:9c:f7:4f:07:41:3c:ea:8a:f2:d3:24:4f:54:85:
                    3e:ae:b7:2a:01:49:5e:81:34:e0:2a:7f:4e:88:08:
                    df:1d:c0:bd:44:08:fc:40:a4:61:21:25:8f:12:3b:
                    81:5b:97:2c:51:80:e3:d1:9c:d4:91:a6:d5:15:94:
                    3e:91:ef:fc:35:f4:3e:70:54:ba:bd:6b:f8:cd:fb:
                    cc:08:ec:23:ac:ac:ff:5a:44:d8:18:e2:fc:ed:35:
                    7d:9a:83:1d:bf:79:a5:91:ef:78:ac:5d:21:d0:27:
                    66:0b:46:79:06:fb:ba:ed:3a:f4:62:fa:36:29:d2:
                    2b:fb:19:57:50:5d:a6:3e:df:f3:58:74:32:8a:f2:
                    c4:2d:11:43:d3:9b:d9:e9:60:d6:9f:52:c2:ed:cb:
                    ce:9f:9d:a5:4a:f3:a9:ab:25:3b:ce:7f:97:6d:85:
                    2c:6d:54:08:ac:63:5a:6b:42:e9:0d:68:5b:ff:f8:
                    6f:21:a4:75:f2:b9:24:84:a4:e2:95:d9:6b:98:57:
                    61:f1:4f:d3:0c:33:d4:54:ce:e3:17:24:4a:7a:ec:
                    3a:bb:b5:9d:69:0e:a3:41:7e:7d:e8:a6:dc:1a:e1:
                    92:93:b4:3b:7f:90:70:eb:63:aa:1d:5f:b5:f0:17:
                    9a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:F2:81:27:DB:44:A3:F1:2D:B0:0B:67:10:62:62:3D:36:3B:0A:A5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50891610-f1cb-4b7a-a57d-137d51c307c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:af:57:7c:98:9a:5a:66:b4:bc:09:e6:25:15:48:5a:06:e6:
         29:0f:ef:80:94:c0:98:a3:ef:a1:cd:ce:2b:1f:a4:3c:74:43:
         fe:84:d7:fb:80:83:fa:17:79:8d:a8:15:5d:11:fb:83:ca:05:
         cd:42:be:36:da:93:d4:fe:c3:69:7f:5e:31:20:fa:45:20:47:
         79:74:a0:e1:36:d5:8d:03:45:9f:b1:d9:0d:48:fb:46:99:67:
         8d:9d:fb:d2:b5:25:df:d1:aa:96:f8:8a:62:28:c0:ef:7d:db:
         66:ca:c7:ff:84:c6:50:60:3b:43:e0:c2:7d:18:85:e0:36:eb:
         07:be:79:81:88:04:5a:40:91:da:c9:ca:93:ab:d0:a8:43:65:
         dc:12:96:5e:10:11:72:23:09:ba:48:08:26:74:45:64:be:5e:
         97:db:b4:6d:7f:bb:e8:d4:a0:03:b6:54:95:b2:24:d1:ce:98:
         43:3b:d0:92:0f:ba:c1:11:08:50:1e:5c:55:8c:91:d8:d7:c3:
         6c:a1:50:ad:d5:c2:2b:fe:f2:97:39:a1:43:e1:b8:5a:94:7f:
         72:bc:b4:05:45:5a:be:81:79:bb:bb:79:75:2d:6d:81:c5:a9:
         67:d4:8b:b2:a6:e2:ec:6f:00:96:ba:2b:d9:69:4c:1f:52:7a:
         f2:21:15:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDfpuHsnqBT735pk3fQSUvpgZG8swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTdkNjJlODQwNWNiMjY1OGFhZDQ2YjUzNjBjMDA5Yjc0
NTc0Mjc1NjQ1OWQ1NjYyMjUwMTAzMjg3MzBmOWU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkyQdvfLz6XKrQY5cHcGqc908HQTzqivLTJE9UhT6utyoB
SV6BNOAqf06ICN8dwL1ECPxApGEhJY8SO4FblyxRgOPRnNSRptUVlD6R7/w19D5w
VLq9a/jN+8wI7COsrP9aRNgY4vztNX2agx2/eaWR73isXSHQJ2YLRnkG+7rtOvRi
+jYp0iv7GVdQXaY+3/NYdDKK8sQtEUPTm9npYNafUsLty86fnaVK86mrJTvOf5dt
hSxtVAisY1prQukNaFv/+G8hpHXyuSSEpOKV2WuYV2HxT9MMM9RUzuMXJEp67Dq7
tZ1pDqNBfn3optwa4ZKTtDt/kHDrY6odX7XwF5r9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUE/KBJ9tEo/EtsAtnEGJiPTY7CqUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUwODkxNjEwLWYxY2ItNGI3YS1hNTdkLTEzN2Q1MWMzMDdjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEoUwDQYJKoZIhvcNAQELBQADggEBAMGvV3yYmlpmtLwJ5iUVSFoG5ikP
74CUwJij76HNzisfpDx0Q/6E1/uAg/oXeY2oFV0R+4PKBc1Cvjbak9T+w2l/XjEg
+kUgR3l0oOE21Y0DRZ+x2Q1I+0aZZ42d+9K1Jd/Rqpb4imIowO9922bKx/+ExlBg
O0Pgwn0YheA26we+eYGIBFpAkdrJypOr0KhDZdwSll4QEXIjCbpICCZ0RWS+Xpfb
tG1/u+jUoAO2VJWyJNHOmEM70JIPusERCFAeXFWMkdjXw2yhUK3Vwiv+8pc5oUPh
uFqUf3K8tAVFWr6Bebu7eXUtbYHFqWfUi7Km4uxvAJa6K9lpTB9SevIhFS4=
-----END CERTIFICATE-----