Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52e698cb-7ef2-4f07-b77c-1efce483dab4.roa
File:                     52e698cb-7ef2-4f07-b77c-1efce483dab4.roa (raw, json)
Hash identifier:          AOycN2KuE8cFCQSeXNgUKJw9ocEvCHj5lH6vJbslqvw=
Subject key identifier:   56:5F:7E:4F:AC:36:E8:EC:82:73:18:9E:CA:D4:1E:64:F5:9D:EC:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B862C67F4ED9C50CD5666C62C255A17BDF90B54
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52e698cb-7ef2-4f07-b77c-1efce483dab4.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.131.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:86:2c:67:f4:ed:9c:50:cd:56:66:c6:2c:25:5a:17:bd:f9:0b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=7d43dcf5e90a3c53163c05b4b3a32f1d26ad0197dfd36bd25d2d1f09611f70d1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a6:bf:46:73:ae:ff:a3:a3:1d:a9:60:69:b1:
                    28:ca:8e:58:2b:2d:53:23:ce:d9:c3:1a:2d:89:c7:
                    e5:7e:e6:d1:b2:17:4c:f2:d3:c1:bb:dd:d2:70:76:
                    c7:7e:1c:0b:a6:5a:55:31:f6:9d:04:4b:52:43:54:
                    eb:15:de:c3:97:53:86:79:f0:53:54:0d:84:e6:75:
                    53:44:24:ba:22:12:1d:33:e6:6b:95:3a:fd:5d:e6:
                    85:dc:39:c9:14:41:32:a0:a7:9c:7d:2e:a9:e3:f2:
                    7d:70:90:2f:53:7a:f7:da:7e:91:31:49:88:a8:b4:
                    13:a1:7f:88:c3:49:75:c0:18:a9:ce:3e:c4:76:6d:
                    a7:56:c7:8d:81:fc:ba:47:df:2b:d5:6d:49:61:31:
                    60:c3:ff:5d:8e:4f:55:b1:ce:d3:9c:23:81:82:e3:
                    65:f4:0c:9c:29:4d:b9:89:aa:7d:66:ba:bf:d2:46:
                    ec:f0:f6:37:37:3d:29:16:81:f3:96:11:41:07:20:
                    57:f8:a5:d0:fd:cb:2b:19:53:47:1c:60:b8:8a:00:
                    05:a4:00:06:85:72:c6:70:c7:97:b0:2e:37:cd:1d:
                    3a:a5:93:27:69:46:63:2d:3f:31:ff:46:99:95:0f:
                    80:b1:3e:f5:49:57:74:3a:cd:bb:96:fc:89:c8:32:
                    93:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:5F:7E:4F:AC:36:E8:EC:82:73:18:9E:CA:D4:1E:64:F5:9D:EC:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52e698cb-7ef2-4f07-b77c-1efce483dab4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:92:f0:76:13:75:e2:4c:4c:52:3c:fb:37:c1:4b:c2:f5:8c:
         63:f7:28:02:63:c8:b1:5f:c7:ff:14:d8:bb:db:a4:7a:26:ad:
         bb:cc:89:8d:ce:d2:e1:53:a3:46:82:8e:ff:31:0b:6b:ea:bd:
         d5:2f:d8:49:7e:23:ba:68:65:5d:ca:4e:ad:f0:ef:f8:0b:e4:
         ee:66:8d:f3:ca:33:d1:e2:44:ad:e1:77:22:21:29:70:db:3d:
         b8:e9:9b:d1:9e:aa:03:0b:5e:34:e6:47:fb:a2:a2:41:e2:03:
         d7:2b:1d:0e:c8:de:59:15:f8:0a:4c:3f:54:8e:0b:c8:84:ff:
         6c:db:5d:87:26:28:18:ad:44:b3:d3:d8:64:65:10:1c:52:22:
         17:f6:33:d6:c2:62:1b:7c:80:2d:4c:89:ba:62:1e:fe:a4:ad:
         37:ab:f9:65:21:17:0b:d4:41:9f:7d:d8:08:25:04:e4:c6:c8:
         43:ab:88:7f:16:92:27:eb:58:dc:2a:08:fc:1f:bb:98:aa:20:
         80:84:40:fd:61:16:89:1e:e1:17:c8:37:bb:be:cc:1b:ef:40:
         11:09:91:95:fd:88:a6:0f:42:aa:99:21:12:7f:1b:22:5b:ef:
         a2:d5:58:82:4b:df:7f:a9:af:77:91:3a:63:39:f2:f3:4c:cc:
         e6:2a:15:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG4YsZ/TtnFDNVmbGLCVaF735C1QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDQzZGNmNWU5MGEzYzUzMTYzYzA1YjRiM2EzMmYxZDI2
YWQwMTk3ZGZkMzZiZDI1ZDJkMWYwOTYxMWY3MGQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUpr9Gc67/o6MdqWBpsSjKjlgrLVMjztnDGi2Jx+V+5tGy
F0zy08G73dJwdsd+HAumWlUx9p0ES1JDVOsV3sOXU4Z58FNUDYTmdVNEJLoiEh0z
5muVOv1d5oXcOckUQTKgp5x9Lqnj8n1wkC9TevfafpExSYiotBOhf4jDSXXAGKnO
PsR2badWx42B/LpH3yvVbUlhMWDD/12OT1WxztOcI4GC42X0DJwpTbmJqn1mur/S
Ruzw9jc3PSkWgfOWEUEHIFf4pdD9yysZU0ccYLiKAAWkAAaFcsZwx5ewLjfNHTql
kydpRmMtPzH/RpmVD4CxPvVJV3Q6zbuW/InIMpOnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVl9+T6w26OyCcxieytQeZPWd7MMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUyZTY5OGNiLTdlZjItNGYwNy1iNzdjLTFlZmNlNDgzZGFiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEoMwDQYJKoZIhvcNAQELBQADggEBADGS8HYTdeJMTFI8+zfBS8L1jGP3
KAJjyLFfx/8U2LvbpHomrbvMiY3O0uFTo0aCjv8xC2vqvdUv2El+I7poZV3KTq3w
7/gL5O5mjfPKM9HiRK3hdyIhKXDbPbjpm9GeqgMLXjTmR/uiokHiA9crHQ7I3lkV
+ApMP1SOC8iE/2zbXYcmKBitRLPT2GRlEBxSIhf2M9bCYht8gC1MibpiHv6krTer
+WUhFwvUQZ992AglBOTGyEOriH8WkifrWNwqCPwfu5iqIICEQP1hFoke4RfIN7u+
zBvvQBEJkZX9iKYPQqqZIRJ/GyJb76LVWIJL33+pr3eROmM58vNMzOYqFVc=
-----END CERTIFICATE-----