Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aad96b30-1df5-422a-98de-5a088803b52a.roa
File:                     aad96b30-1df5-422a-98de-5a088803b52a.roa (raw, json)
Hash identifier:          20H+hoH+m81eQ/aGTYKLCIbmS41mKjs7rhgIFcdEZ1w=
Subject key identifier:   E7:09:E9:42:8F:CD:9A:7E:1B:1E:87:89:96:EF:7E:F6:6C:9C:66:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       361BEAF52E183A72E7C329E5B49054E528B28EA0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aad96b30-1df5-422a-98de-5a088803b52a.roa
Signing time:             Wed 19 Mar 2025 00:10:16 +0000
ROA not before:           Wed 19 Mar 2025 00:10:16 +0000
ROA not after:            Wed 23 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.152.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:1b:ea:f5:2e:18:3a:72:e7:c3:29:e5:b4:90:54:e5:28:b2:8e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 19 00:10:16 2025 GMT
            Not After : Apr 23 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:15:9c:24:68:4b:7a:d6:fc:8b:03:a6:b6:ba:
                    c8:68:dc:13:e0:fc:34:7f:1a:a8:ea:35:bc:61:da:
                    fc:57:b3:3a:81:6d:5c:a5:8a:59:dc:79:f6:41:7d:
                    f2:3d:08:aa:cb:31:c2:0f:bc:d1:12:07:27:e5:25:
                    6f:eb:22:6b:5f:4c:01:cd:88:10:87:55:c0:37:d8:
                    76:fb:e3:63:d6:ad:42:23:90:ab:06:45:60:ff:af:
                    aa:43:91:2f:3f:f6:01:79:07:a2:16:c1:f9:4d:8b:
                    dd:c8:06:d8:1e:10:97:7b:94:1d:d9:2e:af:2b:1d:
                    09:79:02:20:cf:59:b9:ea:8a:18:4d:9c:8f:6a:d3:
                    a4:9b:a1:36:75:e0:fb:dd:2e:8d:bc:dc:11:28:05:
                    69:74:51:2d:8b:1f:f3:f9:5b:bd:92:83:75:f3:74:
                    bb:68:70:2f:ec:23:86:cb:f8:4c:7a:1d:27:90:c3:
                    aa:95:0f:6c:b4:64:f3:1e:4d:8e:fb:b3:7c:55:03:
                    d6:72:5e:42:00:24:0f:21:37:36:80:a2:81:3a:ea:
                    e7:a4:11:4d:23:92:34:af:53:ae:03:67:3b:df:e1:
                    32:67:e8:23:a9:4f:05:9b:d4:cc:9d:59:12:0e:2c:
                    e2:0a:8c:83:ad:31:c2:d3:a6:2a:59:9f:ad:7f:27:
                    8e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:09:E9:42:8F:CD:9A:7E:1B:1E:87:89:96:EF:7E:F6:6C:9C:66:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aad96b30-1df5-422a-98de-5a088803b52a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8a:fb:84:48:7e:36:72:a4:cb:55:79:33:51:5e:43:31:ad:4d:
         6d:a6:97:39:e0:90:cf:41:b8:31:5b:b5:92:bb:4f:2c:ac:89:
         b5:26:0a:ab:d4:0f:70:05:2f:75:c5:73:80:5e:ed:c6:a7:c1:
         97:ae:53:78:7b:c3:ac:35:96:fa:f7:41:98:0c:05:6c:88:52:
         cf:5d:b9:c1:91:ab:69:ae:57:c4:72:b0:f1:9e:17:ee:61:d5:
         b7:80:76:26:b3:71:73:2b:25:c2:74:6d:9c:6c:cb:1e:70:5b:
         69:24:b4:f4:d5:7d:ea:38:0b:50:4b:35:2e:29:ba:b0:df:57:
         eb:ab:12:e0:37:ab:78:fb:de:e2:23:b6:20:72:a6:5f:fb:9a:
         ad:b2:ea:ec:0a:e5:5d:ef:02:ee:93:f6:29:a5:64:1d:f8:62:
         cc:da:45:08:ec:e9:16:35:63:57:ac:91:d6:fa:87:4f:ef:ae:
         40:cb:7c:b4:53:4f:e6:ad:d1:da:bb:43:b1:4f:70:d5:5a:3a:
         97:ad:0d:7e:ec:da:9a:19:8e:4d:09:81:7d:7f:1f:78:77:f5:
         50:e0:57:c3:cc:3a:4e:f0:62:f8:db:3e:43:e7:a8:a4:9d:cd:
         60:d6:3b:24:3c:27:34:9f:03:52:62:de:c3:86:fb:03:3e:b8:
         4f:44:17:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNhvq9S4YOnLnwynltJBU5SiyjqAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE5MDAxMDE2WhcNMjUwNDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOGE0NzdiZDU4NmRjOTE4OTA1ZTE0ODI2MmVhOWJmYjg4
MzAyZGE3ZWZmYTJiOGZmZmU1ZmE3OWY0MTk3NDJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8FZwkaEt61vyLA6a2usho3BPg/DR/GqjqNbxh2vxXszqB
bVylilncefZBffI9CKrLMcIPvNESByflJW/rImtfTAHNiBCHVcA32Hb742PWrUIj
kKsGRWD/r6pDkS8/9gF5B6IWwflNi93IBtgeEJd7lB3ZLq8rHQl5AiDPWbnqihhN
nI9q06SboTZ14PvdLo283BEoBWl0US2LH/P5W72Sg3XzdLtocC/sI4bL+Ex6HSeQ
w6qVD2y0ZPMeTY77s3xVA9ZyXkIAJA8hNzaAooE66uekEU0jkjSvU64DZzvf4TJn
6COpTwWb1MydWRIOLOIKjIOtMcLTpipZn61/J47JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5wnpQo/Nmn4bHoeJlu9+9mycZtEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FhZDk2YjMwLTFkZjUtNDIyYS05OGRlLTVhMDg4ODAzYjUyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOIEpgwDQYJKoZIhvcNAQELBQADggEBAIr7hEh+NnKky1V5M1FeQzGtTW2m
lzngkM9BuDFbtZK7TyysibUmCqvUD3AFL3XFc4Be7canwZeuU3h7w6w1lvr3QZgM
BWyIUs9ducGRq2muV8RysPGeF+5h1beAdiazcXMrJcJ0bZxsyx5wW2kktPTVfeo4
C1BLNS4purDfV+urEuA3q3j73uIjtiBypl/7mq2y6uwK5V3vAu6T9imlZB34Ysza
RQjs6RY1Y1eskdb6h0/vrkDLfLRTT+at0dq7Q7FPcNVaOpetDX7s2poZjk0JgX1/
H3h39VDgV8PMOk7wYvjbPkPnqKSdzWDWOyQ8JzSfA1Ji3sOG+wM+uE9EFy8=
-----END CERTIFICATE-----