Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29ea3365-d45f-449b-bb3e-b7c353eddd64.roa
File:                     29ea3365-d45f-449b-bb3e-b7c353eddd64.roa (raw, json)
Hash identifier:          GTIGN/NP9Gg6Q3b0Ie7Nt/N9I5/YPhN0K3DFxGKoV7Y=
Subject key identifier:   C5:0A:A5:7D:C3:A0:EB:77:47:EB:CE:0B:A5:83:63:36:98:59:7C:11
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28ACB3C7B99367E240E82B2C1CC7B7D915FFD673
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29ea3365-d45f-449b-bb3e-b7c353eddd64.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.95.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:ac:b3:c7:b9:93:67:e2:40:e8:2b:2c:1c:c7:b7:d9:15:ff:d6:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=a12465b2cb9a046dfa29ba9e62e4aed45d6050196cde0b7fe4f063664f01297f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d5:ff:71:6f:eb:c4:1c:50:bc:cb:2e:ed:87:
                    df:a6:64:a9:81:6e:1e:19:59:0b:6c:e7:9d:44:ce:
                    5d:b6:45:72:15:6a:08:e7:29:0a:98:46:b0:0a:1c:
                    a5:82:1e:ae:39:40:45:5b:63:d1:12:48:2f:94:c0:
                    73:5b:50:58:e5:5b:2c:a2:ee:79:4f:32:d5:e3:2f:
                    ab:7c:df:b4:51:e6:94:cb:2d:c9:23:c0:66:3a:89:
                    aa:39:74:27:62:00:ab:1e:b4:2c:1d:32:12:b0:ee:
                    8a:bf:e2:87:e3:68:02:61:df:e6:3a:6f:5b:c9:21:
                    40:78:f9:7c:1c:25:3c:fe:98:f2:d1:26:68:20:c2:
                    18:be:5b:71:68:23:0f:c6:13:93:0d:86:b9:04:56:
                    1c:75:98:49:cd:eb:35:46:bc:13:71:b0:dd:b4:70:
                    51:b2:26:c2:63:c7:10:76:fd:ab:52:02:6d:b4:0b:
                    3d:04:d6:54:e1:75:86:51:a9:bd:9f:f0:f2:2c:fa:
                    43:78:5a:71:ab:57:37:2a:40:96:7c:2c:8e:ca:4a:
                    a3:11:79:69:ac:1d:81:77:50:ab:51:74:53:16:72:
                    67:9a:f0:d8:ec:69:c4:84:73:78:9d:a3:49:33:66:
                    25:53:cb:de:5d:e9:e8:c4:ed:82:f8:54:24:1f:78:
                    96:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:0A:A5:7D:C3:A0:EB:77:47:EB:CE:0B:A5:83:63:36:98:59:7C:11
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29ea3365-d45f-449b-bb3e-b7c353eddd64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.95.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8b:50:0c:b1:72:cd:52:3f:39:ed:62:57:c1:12:a7:4b:78:4e:
         ea:fa:a0:0a:b4:ce:80:1f:fe:5d:38:62:66:dc:0e:ec:9d:5e:
         74:53:4b:64:ab:18:06:21:6b:18:33:50:13:5b:78:ce:01:35:
         91:c0:b9:1b:bd:25:b4:31:ac:13:41:6e:77:ae:0b:b9:c0:ba:
         fd:e7:c2:8a:a6:79:36:05:0c:15:7e:5b:3d:a6:45:80:5c:55:
         d7:b7:1d:69:d2:15:54:9d:63:c0:27:ca:22:e3:24:bc:25:bf:
         a4:e1:49:0e:15:2f:e6:f4:42:62:bc:45:b8:2d:dc:b9:31:0a:
         ee:0f:6e:93:83:41:3d:91:bb:cd:73:cf:3f:ae:fa:cb:16:98:
         99:d3:73:84:56:41:54:1e:f5:ac:c5:4f:68:ab:14:94:e4:d9:
         8b:68:3d:bf:f9:b2:d7:16:8e:e1:71:22:7d:2a:75:86:ea:56:
         a3:03:cd:31:a4:39:5c:f6:2c:20:d6:ea:02:06:68:ea:73:14:
         a8:78:ce:37:b3:50:af:97:1d:ba:3f:49:7c:52:49:17:c3:2e:
         22:db:a1:7e:a5:a2:b4:17:36:4e:c0:67:c2:5c:7a:b8:93:a2:
         38:dc:f0:79:f5:e9:b3:32:81:12:d4:26:67:03:84:96:ec:37:
         89:84:1e:23
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKKyzx7mTZ+JA6CssHMe32RX/1nMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTI0NjViMmNiOWEwNDZkZmEyOWJhOWU2MmU0YWVkNDVk
NjA1MDE5NmNkZTBiN2ZlNGYwNjM2NjRmMDEyOTdmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ1f9xb+vEHFC8yy7th9+mZKmBbh4ZWQts551Ezl22RXIV
agjnKQqYRrAKHKWCHq45QEVbY9ESSC+UwHNbUFjlWyyi7nlPMtXjL6t837RR5pTL
LckjwGY6iao5dCdiAKsetCwdMhKw7oq/4ofjaAJh3+Y6b1vJIUB4+XwcJTz+mPLR
Jmggwhi+W3FoIw/GE5MNhrkEVhx1mEnN6zVGvBNxsN20cFGyJsJjxxB2/atSAm20
Cz0E1lThdYZRqb2f8PIs+kN4WnGrVzcqQJZ8LI7KSqMReWmsHYF3UKtRdFMWcmea
8NjsacSEc3ido0kzZiVTy95d6ejE7YL4VCQfeJYdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxQqlfcOg63dH684LpYNjNphZfBEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5ZWEzMzY1LWQ0NWYtNDQ5Yi1iYjNlLWI3YzM1M2VkZGQ2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASXzANBgkqhkiG9w0BAQsFAAOCAQEAi1AMsXLNUj857WJXwRKnS3hO6vqg
CrTOgB/+XThiZtwO7J1edFNLZKsYBiFrGDNQE1t4zgE1kcC5G70ltDGsE0Fud64L
ucC6/efCiqZ5NgUMFX5bPaZFgFxV17cdadIVVJ1jwCfKIuMkvCW/pOFJDhUv5vRC
YrxFuC3cuTEK7g9uk4NBPZG7zXPPP676yxaYmdNzhFZBVB71rMVPaKsUlOTZi2g9
v/my1xaO4XEifSp1hupWowPNMaQ5XPYsINbqAgZo6nMUqHjON7NQr5cduj9JfFJJ
F8MuItuhfqWitBc2TsBnwlx6uJOiONzwefXpszKBEtQmZwOEluw3iYQeIw==
-----END CERTIFICATE-----