Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60e3b713-eebc-44fa-b225-13a35ad6aa74.roa
File:                     60e3b713-eebc-44fa-b225-13a35ad6aa74.roa (raw, json)
Hash identifier:          d6Fs14XCvVdLp38zbenu4niG+siIugXiNjm8F4PhhIs=
Subject key identifier:   FF:4D:E1:5D:18:31:AC:97:CC:39:DD:97:01:70:4D:38:53:F1:58:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5E3904913BAA79D0270AE6A69A18E794D79682A5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60e3b713-eebc-44fa-b225-13a35ad6aa74.roa
Signing time:             Tue 18 Mar 2025 00:31:47 +0000
ROA not before:           Tue 18 Mar 2025 00:31:47 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.18.128.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:39:04:91:3b:aa:79:d0:27:0a:e6:a6:9a:18:e7:94:d7:96:82:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:31:47 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ea:4b:c5:e0:44:a9:3e:0a:ec:a0:ad:47:fb:
                    b2:d8:23:9f:28:1f:d6:8b:ec:f7:ed:6a:2c:1a:5e:
                    90:05:43:73:42:c5:90:45:5b:dc:87:25:24:51:a7:
                    10:37:5d:d1:e1:e1:78:f6:43:26:8b:6b:c2:5a:9f:
                    78:c5:1d:b2:75:5a:e7:b2:29:df:14:eb:cf:80:e3:
                    93:34:07:99:db:e2:e7:78:79:48:d3:6c:89:b3:f7:
                    58:54:07:95:cd:bb:b5:c6:d3:65:3d:5d:8f:f6:cd:
                    e4:c9:b1:b0:72:16:00:64:63:5a:9e:cb:fa:cb:df:
                    5e:c8:41:82:03:6c:f9:20:06:e2:28:c6:9f:e6:f1:
                    e9:41:2a:0b:3f:2b:a8:e7:93:74:03:29:8a:f9:45:
                    fd:9a:53:0f:cd:6c:48:b8:31:8c:16:4f:00:57:47:
                    61:95:49:d9:0c:02:c2:5c:e4:47:28:26:55:a8:9b:
                    af:7b:12:6a:31:5d:b9:25:10:b9:81:f7:94:2a:d8:
                    72:35:f5:f3:14:2c:25:a0:3e:94:26:24:c5:35:f7:
                    06:d3:75:25:48:cd:b8:c9:5d:54:fe:f8:35:7c:a4:
                    69:b8:33:cc:3c:35:70:e4:77:91:f7:17:a1:1b:46:
                    c4:1c:84:64:0e:94:58:74:c7:fd:9c:9f:61:98:91:
                    8e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:4D:E1:5D:18:31:AC:97:CC:39:DD:97:01:70:4D:38:53:F1:58:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60e3b713-eebc-44fa-b225-13a35ad6aa74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.18.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         59:b3:b9:c0:d9:f4:1c:bc:7f:21:00:eb:48:c2:83:cd:e0:8b:
         22:58:b9:7d:2b:03:ca:e4:24:d8:e2:f9:04:66:ae:d9:5b:79:
         15:b5:6e:85:79:df:d7:2b:d8:6a:08:43:f7:14:f4:ba:c3:e5:
         c6:81:3d:51:40:83:57:4a:24:93:c6:c5:80:82:b7:0f:50:de:
         06:27:d7:f4:08:1b:92:2f:ca:ea:02:d1:15:70:7f:c5:40:da:
         f5:32:31:a8:b5:ee:76:23:a5:71:b4:28:3b:2e:f8:54:29:68:
         a7:b7:cf:04:1f:dc:b2:ce:c2:13:16:e0:57:52:3c:e4:a0:73:
         09:dd:50:25:5b:e9:54:9a:51:e4:cd:d6:0e:c4:84:6b:02:51:
         73:73:69:45:8b:5d:7d:a7:e0:28:d7:cc:76:4b:bb:65:b3:ff:
         d3:f0:6c:8a:38:fc:4a:ca:db:e6:c7:4d:c3:ea:46:35:3a:b1:
         3b:34:f7:cf:e8:5e:50:e7:11:67:4e:2c:8d:b1:0b:87:35:77:
         9b:04:2e:d9:dd:39:8c:6c:5f:ef:47:b7:46:27:ef:d7:56:b1:
         29:f6:99:a4:80:28:ac:3d:5e:e7:85:f1:5e:99:b4:a6:df:9b:
         92:4f:54:7e:42:47:a3:cc:bd:61:de:56:6e:cd:aa:b8:f9:ee:
         b6:f7:53:ed
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXjkEkTuqedAnCuammhjnlNeWgqUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDAzMTQ3WhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDFhOGM4OGJjMTQwNWNhYjU1YzFmNDM4MWMyNDc0ZTU4
N2UzMzRiZTdlZGRjODk2YmFmOTMyZTE3ZjZjZTkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCc6kvF4ESpPgrsoK1H+7LYI58oH9aL7PftaiwaXpAFQ3NC
xZBFW9yHJSRRpxA3XdHh4Xj2QyaLa8Jan3jFHbJ1WueyKd8U68+A45M0B5nb4ud4
eUjTbImz91hUB5XNu7XG02U9XY/2zeTJsbByFgBkY1qey/rL317IQYIDbPkgBuIo
xp/m8elBKgs/K6jnk3QDKYr5Rf2aUw/NbEi4MYwWTwBXR2GVSdkMAsJc5EcoJlWo
m697EmoxXbklELmB95Qq2HI19fMULCWgPpQmJMU19wbTdSVIzbjJXVT++DV8pGm4
M8w8NXDkd5H3F6EbRsQchGQOlFh0x/2cn2GYkY7JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/03hXRgxrJfMOd2XAXBNOFPxWCswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYwZTNiNzEzLWVlYmMtNDRmYS1iMjI1LTEzYTM1YWQ2YWE3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYyEoAwDQYJKoZIhvcNAQELBQADggEBAFmzucDZ9By8fyEA60jCg83giyJY
uX0rA8rkJNji+QRmrtlbeRW1boV539cr2GoIQ/cU9LrD5caBPVFAg1dKJJPGxYCC
tw9Q3gYn1/QIG5IvyuoC0RVwf8VA2vUyMai17nYjpXG0KDsu+FQpaKe3zwQf3LLO
whMW4FdSPOSgcwndUCVb6VSaUeTN1g7EhGsCUXNzaUWLXX2n4CjXzHZLu2Wz/9Pw
bIo4/ErK2+bHTcPqRjU6sTs098/oXlDnEWdOLI2xC4c1d5sELtndOYxsX+9Ht0Yn
79dWsSn2maSAKKw9XueF8V6ZtKbfm5JPVH5CR6PMvWHeVm7Nqrj57rb3U+0=
-----END CERTIFICATE-----