Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f0bc47b-12d7-4615-81db-4751f9b68409.roa
File:                     6f0bc47b-12d7-4615-81db-4751f9b68409.roa (raw, json)
Hash identifier:          gzmmEiz+b7tP+zwjGWwp7YMVpbFt07SUNYJ+sd2aABI=
Subject key identifier:   04:B5:8A:1B:F2:CD:39:6F:2A:23:C8:0D:6A:D5:50:1A:CB:7C:8F:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       367F4D75D76069301016D09BEBFCD3D51E49B3B7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f0bc47b-12d7-4615-81db-4751f9b68409.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.50.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:7f:4d:75:d7:60:69:30:10:16:d0:9b:eb:fc:d3:d5:1e:49:b3:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: serialNumber=4cbca341d7314be06801b42e57033a0e12978bbfb73f3f64114cb4c191610c06, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9c:8f:c0:59:52:f8:a5:da:e1:9c:b8:dd:5a:
                    47:77:bc:6f:0d:bd:cc:d3:0c:65:02:69:80:30:a7:
                    1f:6f:50:e6:02:fe:fb:25:5a:97:b7:5b:86:1a:43:
                    0e:f4:8e:91:6e:77:74:0a:88:e4:63:bb:60:08:5a:
                    e4:be:4f:e3:d1:e4:f6:ee:e7:fe:0c:96:f5:0b:61:
                    ee:f0:20:60:27:55:60:39:fe:ec:ea:fc:ea:84:ef:
                    e0:7c:73:99:73:3c:d1:87:d3:f7:f7:7c:be:8d:61:
                    ea:59:c1:44:3e:d4:cd:e6:54:b7:32:32:99:c8:73:
                    a0:61:39:81:9d:50:73:73:26:f3:5c:16:da:a2:9f:
                    c3:ca:39:91:37:86:9c:a4:06:9e:55:7d:20:bd:7c:
                    90:27:ca:0f:04:c9:e1:53:1a:40:5a:97:d5:76:c2:
                    10:09:1d:29:71:e8:67:b4:59:81:d6:cd:97:b7:a6:
                    38:1d:cb:a7:d3:41:56:4d:4f:94:be:fb:fd:68:58:
                    46:be:7a:3c:ee:d4:7b:c7:55:f1:74:bb:14:e0:33:
                    d1:7b:30:1e:d0:89:63:ce:16:47:f3:45:0c:d4:4c:
                    89:50:44:a9:8e:b3:77:39:89:55:19:66:da:df:c8:
                    49:a2:97:1e:d2:59:5b:59:04:c6:82:74:89:24:5e:
                    c7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B5:8A:1B:F2:CD:39:6F:2A:23:C8:0D:6A:D5:50:1A:CB:7C:8F:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f0bc47b-12d7-4615-81db-4751f9b68409.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:08:cb:aa:a3:82:1b:39:8d:61:af:2a:46:2d:66:e4:41:e1:
         db:91:1f:16:4d:d8:c2:c9:e6:68:1d:7f:b6:2e:75:77:d7:09:
         27:45:42:20:56:18:82:8e:fd:ce:c5:db:ef:25:df:df:57:d6:
         83:0a:f5:b6:fc:90:8f:af:36:dc:20:53:50:99:9c:06:43:3d:
         92:9e:5d:f0:62:29:a6:b7:cf:36:90:11:f2:72:f5:a1:26:ec:
         c4:37:1e:52:9b:b7:16:1e:9a:3d:bf:56:04:f6:50:45:90:25:
         f0:a6:96:5e:01:d1:c8:28:cf:f4:e9:80:56:a9:77:ab:f3:98:
         ea:7e:27:6b:db:5f:62:bc:09:4b:12:09:5e:ef:f4:20:33:86:
         0d:45:68:27:f6:ce:cd:d0:90:b1:d3:95:88:ed:e5:31:f7:0f:
         b5:c4:04:bb:38:db:d2:59:89:3d:5e:d2:ce:6f:66:aa:3c:dd:
         ee:4b:3c:01:a8:1b:42:db:0f:ff:77:86:23:2f:ec:ef:c3:e2:
         1e:3d:8e:79:b9:0e:92:60:4c:88:97:d1:e1:ff:e4:ec:64:9c:
         c1:d3:57:6d:61:19:54:3a:51:6e:cd:cb:12:ac:c6:b6:4e:32:
         f6:63:53:2e:31:b7:a2:dd:ec:bb:92:9e:fe:42:a7:04:25:87:
         ea:71:c2:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNn9NdddgaTAQFtCb6/zT1R5Js7cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Y2JjYTM0MWQ3MzE0YmUwNjgwMWI0MmU1NzAzM2EwZTEy
OTc4YmJmYjczZjNmNjQxMTRjYjRjMTkxNjEwYzA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0nI/AWVL4pdrhnLjdWkd3vG8NvczTDGUCaYAwpx9vUOYC
/vslWpe3W4YaQw70jpFud3QKiORju2AIWuS+T+PR5Pbu5/4MlvULYe7wIGAnVWA5
/uzq/OqE7+B8c5lzPNGH0/f3fL6NYepZwUQ+1M3mVLcyMpnIc6BhOYGdUHNzJvNc
Ftqin8PKOZE3hpykBp5VfSC9fJAnyg8EyeFTGkBal9V2whAJHSlx6Ge0WYHWzZe3
pjgdy6fTQVZNT5S++/1oWEa+ejzu1HvHVfF0uxTgM9F7MB7QiWPOFkfzRQzUTIlQ
RKmOs3c5iVUZZtrfyEmilx7SWVtZBMaCdIkkXscRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBLWKG/LNOW8qI8gNatVQGst8j9wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmMGJjNDdiLTEyZDctNDYxNS04MWRiLTQ3NTFmOWI2ODQwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGIEjIwDQYJKoZIhvcNAQELBQADggEBALEIy6qjghs5jWGvKkYtZuRB4duR
HxZN2MLJ5mgdf7YudXfXCSdFQiBWGIKO/c7F2+8l399X1oMK9bb8kI+vNtwgU1CZ
nAZDPZKeXfBiKaa3zzaQEfJy9aEm7MQ3HlKbtxYemj2/VgT2UEWQJfCmll4B0cgo
z/TpgFapd6vzmOp+J2vbX2K8CUsSCV7v9CAzhg1FaCf2zs3QkLHTlYjt5TH3D7XE
BLs429JZiT1e0s5vZqo83e5LPAGoG0LbD/93hiMv7O/D4h49jnm5DpJgTIiX0eH/
5OxknMHTV21hGVQ6UW7NyxKsxrZOMvZjUy4xt6Ld7LuSnv5CpwQlh+pxwlw=
-----END CERTIFICATE-----