Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef1af7e0-6933-4e52-8fd0-aa7abf670f30.roa
File:                     ef1af7e0-6933-4e52-8fd0-aa7abf670f30.roa (raw, json)
Hash identifier:          I7m1y623g4kBrFLCR37/6bszBFGMvw6sxx2ai9U1oq0=
Subject key identifier:   B2:DF:D2:DC:3A:4A:80:DC:AB:64:A5:8B:F0:F5:96:31:1C:0C:B9:15
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5595A1A2D4EB329542B022DF5F546CF4B3B79D39
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef1af7e0-6933-4e52-8fd0-aa7abf670f30.roa
Signing time:             Tue 18 Mar 2025 00:31:46 +0000
ROA not before:           Tue 18 Mar 2025 00:31:46 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.18.128.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:95:a1:a2:d4:eb:32:95:42:b0:22:df:5f:54:6c:f4:b3:b7:9d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:31:46 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f7:e2:c9:e4:5e:a5:5b:f6:ed:67:39:43:ea:
                    f8:d6:46:da:84:ef:bc:50:51:e5:eb:9c:eb:39:6e:
                    27:f2:47:f1:16:62:9f:19:4f:20:03:cb:d7:7f:18:
                    aa:d5:07:3b:65:3c:b7:3a:a4:57:a4:91:7c:f1:e5:
                    12:9b:e8:25:c8:61:31:c9:ce:60:26:dd:75:9b:29:
                    0b:20:34:19:75:72:38:37:dd:fa:75:8f:5d:c0:00:
                    6a:af:4f:b8:d1:58:ee:28:ea:3e:34:69:e3:25:36:
                    2a:1d:d1:99:bc:24:e8:2c:45:b7:a8:d6:19:38:4e:
                    6c:c7:96:35:b2:9e:b6:f5:1c:ef:be:5b:d9:30:9d:
                    88:86:ea:fc:f9:15:72:63:f4:85:e1:b0:f5:e8:17:
                    4a:c7:3e:b2:e1:22:f6:38:2a:bc:b0:ce:95:c5:9c:
                    5d:fe:c1:29:1c:2c:43:98:0a:00:07:28:71:d9:e9:
                    96:26:b9:ef:f6:e2:d2:08:45:30:b2:70:8f:74:07:
                    f3:5d:09:a6:f0:32:0d:f8:c9:2b:32:6a:19:42:4f:
                    46:cd:8b:ea:ed:87:85:46:6b:ff:5c:9c:45:4f:a5:
                    45:60:71:cb:86:a7:68:22:a1:bc:05:16:8f:28:5c:
                    d7:9b:40:4c:c4:b7:a3:88:f7:dd:e9:57:c3:02:8f:
                    5e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:DF:D2:DC:3A:4A:80:DC:AB:64:A5:8B:F0:F5:96:31:1C:0C:B9:15
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef1af7e0-6933-4e52-8fd0-aa7abf670f30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.18.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b6:e3:87:c8:c4:24:37:50:a4:a2:54:2a:0f:35:9f:c8:7c:6c:
         f4:52:2c:11:6b:9b:ac:ab:00:19:dc:4a:f4:10:c5:67:29:f1:
         c3:c8:2f:fd:20:5f:f1:ac:f5:aa:6b:27:de:e5:7b:33:e9:9f:
         4f:bc:32:68:22:ec:f7:07:ef:d6:3d:85:2f:cd:99:3b:ec:df:
         6b:b6:d0:46:aa:d8:bb:04:09:7d:49:2a:9c:9c:94:62:db:96:
         69:2e:e3:4f:8c:dc:cd:d4:6e:18:c4:68:f9:ca:16:0b:a6:1b:
         a4:60:a2:96:23:04:5b:67:89:b2:4d:42:d4:1e:a1:a2:ee:4c:
         fd:61:63:44:12:34:7c:bf:f5:fe:f3:c0:f1:36:c9:ac:4f:68:
         2d:37:87:61:ef:e5:06:53:ce:e1:eb:e8:7d:15:0d:96:0a:20:
         81:b7:90:39:ef:01:be:c9:98:af:63:e4:eb:3b:b5:d0:92:fd:
         07:7c:2d:72:ef:89:88:bb:01:1a:13:cb:e3:54:ba:22:7f:78:
         d1:95:6f:c9:e4:3c:79:e0:bd:61:8e:d9:59:91:af:d8:66:1e:
         7c:e4:3c:4d:6f:fc:af:93:3b:93:46:38:8f:03:8d:16:d5:21:
         68:2c:cf:d9:7e:17:10:d0:e4:de:57:9c:39:27:85:ff:68:1f:
         97:c1:29:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVZWhotTrMpVCsCLfX1Rs9LO3nTkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDAzMTQ2WhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDAxMmE1NDk5NDBiOGM2MzI1YWI2ODEzZjU5YWQ2ZDNh
ZjRmMGQxMThmY2EyYWM5MzJiMGJkNzFhNGY4OWU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDp9+LJ5F6lW/btZzlD6vjWRtqE77xQUeXrnOs5bifyR/EW
Yp8ZTyADy9d/GKrVBztlPLc6pFekkXzx5RKb6CXIYTHJzmAm3XWbKQsgNBl1cjg3
3fp1j13AAGqvT7jRWO4o6j40aeMlNiod0Zm8JOgsRbeo1hk4TmzHljWynrb1HO++
W9kwnYiG6vz5FXJj9IXhsPXoF0rHPrLhIvY4KrywzpXFnF3+wSkcLEOYCgAHKHHZ
6ZYmue/24tIIRTCycI90B/NdCabwMg34ySsyahlCT0bNi+rth4VGa/9cnEVPpUVg
ccuGp2giobwFFo8oXNebQEzEt6OI993pV8MCj167AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUst/S3DpKgNyrZKWL8PWWMRwMuRUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmMWFmN2UwLTY5MzMtNGU1Mi04ZmQwLWFhN2FiZjY3MGYzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQyEoAwDQYJKoZIhvcNAQELBQADggEBALbjh8jEJDdQpKJUKg81n8h8bPRS
LBFrm6yrABncSvQQxWcp8cPIL/0gX/Gs9aprJ97lezPpn0+8Mmgi7PcH79Y9hS/N
mTvs32u20Eaq2LsECX1JKpyclGLblmku40+M3M3UbhjEaPnKFgumG6RgopYjBFtn
ibJNQtQeoaLuTP1hY0QSNHy/9f7zwPE2yaxPaC03h2Hv5QZTzuHr6H0VDZYKIIG3
kDnvAb7JmK9j5Os7tdCS/Qd8LXLviYi7ARoTy+NUuiJ/eNGVb8nkPHngvWGO2VmR
r9hmHnzkPE1v/K+TO5NGOI8DjRbVIWgsz9l+FxDQ5N5XnDknhf9oH5fBKZc=
-----END CERTIFICATE-----