Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cdf326e3-e3f5-4e24-81db-b3229ac03a45.roa
File:                     cdf326e3-e3f5-4e24-81db-b3229ac03a45.roa (raw, json)
Hash identifier:          I/AC80sljAmdZJXbhL92Ehp9nZ+q4mo8g8FGVSiXpgY=
Subject key identifier:   45:46:FC:91:50:44:FD:C4:B1:CF:A3:04:D4:51:A9:AA:3E:B9:E8:4B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       14AA83A9450417D156B9E053BC961AA94706F5A0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cdf326e3-e3f5-4e24-81db-b3229ac03a45.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.137.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:aa:83:a9:45:04:17:d1:56:b9:e0:53:bc:96:1a:a9:47:06:f5:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=6c63fba8b22631f85c52f6e66d51944a2361a53d4730488d3bb91817132ee6ff, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:45:f6:68:34:fc:45:17:c8:06:dc:9d:92:10:
                    b8:fa:47:ea:1a:de:e4:68:34:45:38:54:24:63:5c:
                    a6:30:ad:cd:ed:0f:2f:7e:56:3e:5a:61:9e:c7:43:
                    cb:31:da:be:e3:67:0f:34:46:dd:af:0c:fb:a8:88:
                    68:9a:6b:95:ce:90:a1:84:da:6c:da:66:b8:15:82:
                    07:52:7a:1e:0b:9b:2d:fd:4d:e2:34:69:ab:a0:a8:
                    ab:8d:a3:df:e6:55:1c:92:12:57:f0:b5:54:34:1c:
                    46:4f:b4:7e:53:6c:73:96:b7:f7:df:fb:8c:34:4b:
                    e2:d8:46:48:e2:6a:d0:06:a5:d1:f6:12:28:df:62:
                    7a:81:b3:3f:9e:70:cb:6d:4a:12:55:96:ae:e2:ca:
                    d1:69:b4:02:2c:e9:7a:c5:1e:0c:25:21:31:05:32:
                    93:f3:40:0f:35:b7:e6:7d:16:19:80:e3:7d:56:ed:
                    55:53:fd:99:cc:ba:b5:38:f9:8c:b1:ec:7b:13:95:
                    fa:a5:ee:ff:7d:a1:53:cd:99:48:5d:58:1f:34:da:
                    42:0c:67:b8:60:2d:43:eb:c7:aa:de:76:de:e8:6f:
                    70:aa:3e:9b:9c:9e:10:42:21:3e:8a:5b:79:f0:93:
                    ca:03:f2:b0:38:ae:fe:c4:80:d5:e5:3c:1e:e9:6f:
                    f6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:46:FC:91:50:44:FD:C4:B1:CF:A3:04:D4:51:A9:AA:3E:B9:E8:4B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cdf326e3-e3f5-4e24-81db-b3229ac03a45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.137.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7a:aa:77:f2:70:d3:e7:a1:ae:15:de:88:e8:c4:90:ba:ee:db:
         59:69:9c:77:a5:47:47:14:c7:e9:32:63:fe:da:0a:14:42:ad:
         38:0e:dc:a9:92:a0:8b:46:68:d6:fb:62:ac:77:91:36:6d:67:
         f2:9d:33:e8:5c:ac:93:b4:de:19:e6:39:d4:b4:7f:64:06:8d:
         37:a8:89:85:6b:a2:fb:cc:cc:9c:21:53:45:a7:a9:1b:b6:21:
         f5:a7:09:99:18:1d:af:f3:ef:aa:26:b1:e1:f6:38:58:25:4c:
         be:aa:1d:23:06:53:9d:c7:8b:f7:60:7f:b5:85:a3:bf:97:e1:
         f5:f5:3c:c1:ff:79:52:26:b3:40:79:38:46:6f:0e:d4:8a:67:
         ef:23:11:7b:b0:a3:a6:05:f1:1e:b0:4b:5b:f5:24:ec:e2:e3:
         8c:c3:2a:a0:47:77:d4:02:71:45:d7:51:68:18:9f:d5:a5:72:
         77:31:8e:17:c8:20:e2:21:3e:64:b6:05:62:46:dc:e2:4a:26:
         40:f0:2e:ed:7f:87:70:f5:bc:43:a9:cf:12:b9:27:34:24:c6:
         e9:82:2b:3c:76:57:9c:0e:f6:e0:e3:dd:e8:c9:b9:6d:49:35:
         80:50:30:29:e6:ac:4c:76:2b:cd:74:91:dd:be:18:9b:0f:e1:
         d8:b9:19:17
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFKqDqUUEF9FWueBTvJYaqUcG9aAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YzYzZmJhOGIyMjYzMWY4NWM1MmY2ZTY2ZDUxOTQ0YTIz
NjFhNTNkNDczMDQ4OGQzYmI5MTgxNzEzMmVlNmZmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmRfZoNPxFF8gG3J2SELj6R+oa3uRoNEU4VCRjXKYwrc3t
Dy9+Vj5aYZ7HQ8sx2r7jZw80Rt2vDPuoiGiaa5XOkKGE2mzaZrgVggdSeh4Lmy39
TeI0aaugqKuNo9/mVRySElfwtVQ0HEZPtH5TbHOWt/ff+4w0S+LYRkjiatAGpdH2
EijfYnqBsz+ecMttShJVlq7iytFptAIs6XrFHgwlITEFMpPzQA81t+Z9FhmA431W
7VVT/ZnMurU4+Yyx7HsTlfql7v99oVPNmUhdWB802kIMZ7hgLUPrx6redt7ob3Cq
PpucnhBCIT6KW3nwk8oD8rA4rv7EgNXlPB7pb/YvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURUb8kVBE/cSxz6ME1FGpqj656EswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NkZjMyNmUzLWUzZjUtNGUyNC04MWRiLWIzMjI5YWMwM2E0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASiTANBgkqhkiG9w0BAQsFAAOCAQEAeqp38nDT56GuFd6I6MSQuu7bWWmc
d6VHRxTH6TJj/toKFEKtOA7cqZKgi0Zo1vtirHeRNm1n8p0z6Fysk7TeGeY51LR/
ZAaNN6iJhWui+8zMnCFTRaepG7Yh9acJmRgdr/Pvqiax4fY4WCVMvqodIwZTnceL
92B/tYWjv5fh9fU8wf95UiazQHk4Rm8O1Ipn7yMRe7CjpgXxHrBLW/Uk7OLjjMMq
oEd31AJxRddRaBif1aVydzGOF8gg4iE+ZLYFYkbc4komQPAu7X+HcPW8Q6nPErkn
NCTG6YIrPHZXnA724OPd6Mm5bUk1gFAwKeasTHYrzXSR3b4Ymw/h2LkZFw==
-----END CERTIFICATE-----