Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba15b0da-3dcf-4a78-bae0-49536265a0a0.roa
File:                     ba15b0da-3dcf-4a78-bae0-49536265a0a0.roa (raw, json)
Hash identifier:          9ID8fqhx6wAVlsDlkgExnDBpp3+omIhkCnYu7Nk7O94=
Subject key identifier:   38:F3:7C:0C:86:95:F9:1B:E2:DE:CF:EE:F1:5C:D2:01:5B:BD:41:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       731F654F32F351DE12AC546E1373DD38981F56A0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba15b0da-3dcf-4a78-bae0-49536265a0a0.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.138.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:1f:65:4f:32:f3:51:de:12:ac:54:6e:13:73:dd:38:98:1f:56:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=1303a90808aaf3393a8daee514102a4019b027f0fa6ce240eeb29a25cea8f4af, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6c:de:dd:db:bb:93:f9:ed:04:23:e7:68:0f:
                    87:19:13:55:84:49:0e:aa:65:4f:c5:89:55:f7:6a:
                    1d:7b:9a:da:07:df:03:12:c1:03:b2:4b:45:5c:59:
                    2e:56:1a:23:a1:12:93:a3:4b:2c:12:10:63:5d:7d:
                    10:13:cb:7f:d4:6b:72:df:05:28:de:d1:d1:23:0e:
                    e1:8f:3a:c2:d8:79:2c:24:06:1e:97:96:9b:e2:de:
                    e2:c5:fd:92:22:a9:15:32:db:34:76:e2:7d:60:89:
                    23:34:0d:52:47:11:ad:6a:bc:3a:8d:85:32:2c:21:
                    16:44:60:bb:60:d5:70:cb:70:8b:ba:f5:97:c5:7f:
                    b9:88:95:56:73:d7:df:2a:62:d7:ac:f1:a3:b7:43:
                    c9:7f:4c:1d:5c:4e:77:f1:5f:d3:74:3d:68:05:0a:
                    03:da:3d:cc:92:dd:bf:f8:0e:9f:4f:17:43:5e:6d:
                    31:2e:19:fb:f8:12:71:21:bb:0e:77:71:72:c8:f4:
                    d2:35:a5:35:cd:27:08:1d:92:ca:a5:6a:b2:38:26:
                    a2:43:9c:67:ba:c8:6e:38:47:17:bb:df:8d:aa:a3:
                    05:24:8c:81:c1:73:3a:e7:b2:d9:72:eb:83:85:3e:
                    d5:25:3b:0b:76:69:35:88:24:a9:7a:f1:25:14:84:
                    e4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F3:7C:0C:86:95:F9:1B:E2:DE:CF:EE:F1:5C:D2:01:5B:BD:41:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba15b0da-3dcf-4a78-bae0-49536265a0a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:e3:8b:91:26:df:01:1f:2d:92:d6:8d:72:8b:02:d2:e2:7e:
         23:ff:fb:92:3f:00:6d:76:1d:87:12:98:70:1d:d1:06:c1:fb:
         9c:66:eb:08:e8:cb:24:cc:8b:77:25:07:97:15:0b:32:b3:22:
         06:1d:6a:80:ef:82:a5:cf:e8:44:9e:68:0c:17:38:42:e9:16:
         1f:ee:3d:f6:ca:b5:55:78:79:73:1b:16:29:0d:63:51:c8:b3:
         dd:73:4a:ae:c5:bc:d0:3c:af:94:f4:e9:60:83:5c:79:56:09:
         d0:57:13:15:a6:ca:71:2d:89:0c:0d:1a:db:3d:62:b0:36:32:
         44:34:fb:98:ec:f2:d1:48:3d:4d:78:5b:47:c9:d8:77:7b:16:
         c0:da:93:ca:d7:df:a1:b6:7f:c0:02:8a:14:7b:c0:c1:6a:ee:
         83:2f:00:01:ec:f5:dc:3e:a1:cf:2f:e2:c8:52:21:94:17:43:
         8d:c2:1a:17:ee:f7:04:75:c2:c0:ef:4c:20:86:6e:9c:f1:22:
         cb:07:eb:bd:eb:1a:06:98:0a:15:8f:a4:0a:03:b3:c7:62:dc:
         01:26:9c:80:a4:32:c1:f2:33:ff:ca:17:0b:54:92:69:05:ad:
         88:86:a8:0d:02:3d:69:91:ab:c7:89:c0:1e:50:d3:f0:b4:8d:
         f5:4c:ac:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcx9lTzLzUd4SrFRuE3PdOJgfVqAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzAzYTkwODA4YWFmMzM5M2E4ZGFlZTUxNDEwMmE0MDE5
YjAyN2YwZmE2Y2UyNDBlZWIyOWEyNWNlYThmNGFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8bN7d27uT+e0EI+doD4cZE1WESQ6qZU/FiVX3ah17mtoH
3wMSwQOyS0VcWS5WGiOhEpOjSywSEGNdfRATy3/Ua3LfBSje0dEjDuGPOsLYeSwk
Bh6Xlpvi3uLF/ZIiqRUy2zR24n1giSM0DVJHEa1qvDqNhTIsIRZEYLtg1XDLcIu6
9ZfFf7mIlVZz198qYtes8aO3Q8l/TB1cTnfxX9N0PWgFCgPaPcyS3b/4Dp9PF0Ne
bTEuGfv4EnEhuw53cXLI9NI1pTXNJwgdksqlarI4JqJDnGe6yG44Rxe7342qowUk
jIHBczrnstly64OFPtUlOwt2aTWIJKl68SUUhOSTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOPN8DIaV+Rvi3s/u8VzSAVu9QY4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhMTViMGRhLTNkY2YtNGE3OC1iYWUwLTQ5NTM2MjY1YTBhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEoowDQYJKoZIhvcNAQELBQADggEBAIjji5Em3wEfLZLWjXKLAtLifiP/
+5I/AG12HYcSmHAd0QbB+5xm6wjoyyTMi3clB5cVCzKzIgYdaoDvgqXP6ESeaAwX
OELpFh/uPfbKtVV4eXMbFikNY1HIs91zSq7FvNA8r5T06WCDXHlWCdBXExWmynEt
iQwNGts9YrA2MkQ0+5js8tFIPU14W0fJ2Hd7FsDak8rX36G2f8ACihR7wMFq7oMv
AAHs9dw+oc8v4shSIZQXQ43CGhfu9wR1wsDvTCCGbpzxIssH673rGgaYChWPpAoD
s8di3AEmnICkMsHyM//KFwtUkmkFrYiGqA0CPWmRq8eJwB5Q0/C0jfVMrCE=
-----END CERTIFICATE-----