Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7da15d33-cbbd-410c-9bf9-e6513ede574d.roa
File:                     7da15d33-cbbd-410c-9bf9-e6513ede574d.roa (raw, json)
Hash identifier:          u7bGHTMF+uTRmCYBgJjwFJ+HZy5MblJWQPb0WHofxSQ=
Subject key identifier:   C6:02:9C:BE:AF:80:1B:81:6F:BA:2D:F4:D6:27:CF:45:A4:00:1E:3A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6CB2ABACC41795CF076A1A913ECDA699289717A4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7da15d33-cbbd-410c-9bf9-e6513ede574d.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.140.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:b2:ab:ac:c4:17:95:cf:07:6a:1a:91:3e:cd:a6:99:28:97:17:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=e6140422430565f09fcf1be5aee028c3f28204de7a467c1fafbc3879f983d0a7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a0:63:be:7f:14:d8:6b:03:02:1a:8f:d9:7d:
                    4f:f0:1d:25:dd:e8:0c:85:d2:0d:19:b1:5f:3e:41:
                    32:3c:b3:2b:0a:38:d8:de:49:35:49:3f:e6:5b:1f:
                    76:7d:f7:26:c5:35:7f:fc:da:84:33:f0:88:fc:e3:
                    58:ef:c5:a5:a9:8e:e1:8e:1b:9b:f7:1f:37:a0:ad:
                    20:83:0e:65:58:57:bb:ea:95:75:73:fa:e6:c7:3e:
                    fa:6d:72:1b:7d:da:02:95:fc:82:b1:ff:54:e0:33:
                    28:8b:b5:51:6b:a5:5d:9c:11:05:1e:dd:ae:48:9f:
                    65:cb:0c:e7:29:63:f8:90:84:bc:4a:2f:d8:b3:5a:
                    c6:e7:9f:7c:4d:2a:e9:14:db:8c:a4:47:20:d5:f0:
                    ea:8e:0e:4d:75:73:f6:7f:1e:06:7a:47:6b:57:e3:
                    c5:7e:8b:0f:b7:5a:89:03:f4:af:5d:ee:19:c0:93:
                    55:83:c4:20:41:cd:68:ac:84:27:c2:ea:dc:24:59:
                    29:94:c1:ee:6d:49:cf:0a:2c:b5:c5:83:29:fa:80:
                    ee:8b:ec:1b:6d:d4:1e:3b:a5:bc:40:1e:ba:b3:a5:
                    b6:b1:c4:64:cf:f9:76:95:36:4e:23:3e:68:4e:88:
                    55:6c:c7:ca:e8:d8:25:bd:0b:76:38:3a:cf:04:89:
                    52:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:02:9C:BE:AF:80:1B:81:6F:BA:2D:F4:D6:27:CF:45:A4:00:1E:3A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7da15d33-cbbd-410c-9bf9-e6513ede574d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.140.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a6:02:1c:67:24:62:a6:47:50:c7:f3:05:5d:69:f0:ee:96:07:
         21:9b:17:ab:b9:1c:0b:a5:c2:fb:f9:70:18:8e:bb:33:71:42:
         42:5c:cc:8c:a2:35:19:33:46:32:25:cf:fe:72:72:25:0b:53:
         02:fa:1e:82:dc:17:ac:e4:97:10:29:ab:ff:cc:56:3f:a3:f1:
         f2:0d:5d:82:71:57:1f:3a:5c:99:3c:51:4a:e8:e1:51:91:14:
         eb:bb:c9:2c:28:62:e3:36:ef:31:01:45:23:46:58:70:6d:50:
         f3:19:ec:cb:5a:b9:40:2d:68:41:69:70:a6:51:a1:79:13:a1:
         94:c9:34:14:57:2e:a1:6b:df:fa:cf:25:cb:fa:54:a0:c1:49:
         8c:75:01:7a:5d:21:80:af:5f:51:0c:c1:71:c5:6a:16:5a:24:
         a6:6f:89:b5:3f:ce:74:b3:82:96:de:66:c0:52:2e:14:ff:28:
         73:0a:d0:23:2c:d0:63:81:cd:07:d4:34:a4:04:36:4a:d0:59:
         7a:91:9d:d3:79:be:0a:f1:08:67:50:cc:69:79:73:6d:93:73:
         fb:fd:de:7f:4d:05:37:cf:e6:4b:fb:da:13:8e:4e:1a:15:7a:
         70:cc:50:08:67:95:57:a1:d8:e0:cd:ee:04:1a:0a:7c:8f:0d:
         9b:99:fa:3d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbLKrrMQXlc8HahqRPs2mmSiXF6QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNjE0MDQyMjQzMDU2NWYwOWZjZjFiZTVhZWUwMjhjM2Yy
ODIwNGRlN2E0NjdjMWZhZmJjMzg3OWY5ODNkMGE3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFoGO+fxTYawMCGo/ZfU/wHSXd6AyF0g0ZsV8+QTI8sysK
ONjeSTVJP+ZbH3Z99ybFNX/82oQz8Ij841jvxaWpjuGOG5v3HzegrSCDDmVYV7vq
lXVz+ubHPvptcht92gKV/IKx/1TgMyiLtVFrpV2cEQUe3a5In2XLDOcpY/iQhLxK
L9izWsbnn3xNKukU24ykRyDV8OqODk11c/Z/HgZ6R2tX48V+iw+3WokD9K9d7hnA
k1WDxCBBzWishCfC6twkWSmUwe5tSc8KLLXFgyn6gO6L7Btt1B47pbxAHrqzpbax
xGTP+XaVNk4jPmhOiFVsx8ro2CW9C3Y4Os8EiVK3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxgKcvq+AG4Fvui301ifPRaQAHjowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdkYTE1ZDMzLWNiYmQtNDEwYy05YmY5LWU2NTEzZWRlNTc0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCIjDANBgkqhkiG9w0BAQsFAAOCAQEApgIcZyRipkdQx/MFXWnw7pYHIZsX
q7kcC6XC+/lwGI67M3FCQlzMjKI1GTNGMiXP/nJyJQtTAvoegtwXrOSXECmr/8xW
P6Px8g1dgnFXHzpcmTxRSujhUZEU67vJLChi4zbvMQFFI0ZYcG1Q8xnsy1q5QC1o
QWlwplGheROhlMk0FFcuoWvf+s8ly/pUoMFJjHUBel0hgK9fUQzBccVqFlokpm+J
tT/OdLOClt5mwFIuFP8ocwrQIyzQY4HNB9Q0pAQ2StBZepGd03m+CvEIZ1DMaXlz
bZNz+/3ef00FN8/mS/vaE45OGhV6cMxQCGeVV6HY4M3uBBoKfI8Nm5n6PQ==
-----END CERTIFICATE-----