Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4494c901-02a9-4dc9-8503-d358c046d1a4.roa
File:                     4494c901-02a9-4dc9-8503-d358c046d1a4.roa (raw, json)
Hash identifier:          O18y6fpBWswP3dSKxqkrv9Dr4JeJAaoxpnL1635TYX8=
Subject key identifier:   92:72:72:CC:9B:82:6A:E4:4A:79:8B:CF:E1:C7:CB:84:71:86:21:2F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2F632BCC8D8247BBBDFB1DECCFECD5509F153A70
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4494c901-02a9-4dc9-8503-d358c046d1a4.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.186.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:63:2b:cc:8d:82:47:bb:bd:fb:1d:ec:cf:ec:d5:50:9f:15:3a:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:95:9b:6a:72:fd:0c:e3:06:44:97:e9:1c:64:
                    e2:e4:96:b6:8d:c4:d2:ab:fd:fb:e3:a7:bb:c7:5e:
                    ed:0f:03:92:b1:bf:11:19:43:c1:e3:16:b9:af:8e:
                    48:38:43:9d:db:51:0c:7f:01:33:97:dd:af:29:c6:
                    d2:03:90:da:cb:20:f6:ba:94:0e:44:7f:28:5f:1c:
                    2f:7a:ec:b8:60:46:fc:e4:7a:72:93:c1:d4:57:4d:
                    7c:a9:4e:6e:f8:b1:4d:a8:b0:21:70:80:a3:9a:39:
                    b3:4b:55:6b:e2:3e:2b:47:e7:2f:6e:2a:82:f6:2c:
                    51:f6:4d:77:1c:4e:4a:89:14:2d:2e:2a:29:2f:3f:
                    50:fa:d1:b9:7b:5b:2f:51:f3:eb:b3:d2:8b:ce:f2:
                    c2:a4:14:44:2e:a2:67:07:20:d8:c7:d3:fa:3f:b3:
                    5c:d6:4a:fc:9a:ac:7b:5b:20:5a:0b:fc:2c:0a:f8:
                    98:7f:3e:9b:6a:3a:21:3d:29:7e:3e:09:f2:79:b4:
                    83:d7:d1:8c:99:19:cb:45:90:84:82:e3:26:c6:20:
                    33:9c:a8:0e:2c:eb:1c:5f:5b:22:44:ae:bb:15:fa:
                    e4:d3:2c:ee:48:c8:53:76:00:03:8b:85:eb:a6:22:
                    9f:20:7c:28:cc:14:2d:80:57:97:c3:ac:8d:95:64:
                    90:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:72:72:CC:9B:82:6A:E4:4A:79:8B:CF:E1:C7:CB:84:71:86:21:2F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4494c901-02a9-4dc9-8503-d358c046d1a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.186.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         5e:d6:0a:02:54:3c:59:e9:57:a7:db:17:fc:a5:fe:ac:bf:04:
         c8:57:95:d6:2f:b8:fc:82:ab:2a:e2:70:fd:e3:e5:a7:d0:80:
         c8:fe:0b:19:8d:5e:15:77:d0:f6:49:ee:b4:78:6d:23:93:9e:
         e5:8f:5a:ca:1f:1e:7a:5f:4f:53:53:64:b7:03:23:37:98:f9:
         e2:92:dd:38:4e:64:b8:34:ad:48:20:82:f9:6f:37:d7:21:2a:
         a2:49:d8:1e:b9:51:33:37:55:4f:47:e2:f0:97:30:14:60:bb:
         86:d0:b8:e9:c8:76:ac:3c:88:0b:0c:92:5c:8f:77:07:e2:33:
         8f:c3:a6:10:f0:b0:f7:9d:2d:f9:de:c1:db:5a:cf:68:99:3c:
         8d:ab:87:11:5c:1a:9d:e8:ea:29:5c:7a:2f:07:01:c4:5f:fc:
         31:03:52:d9:92:f8:bd:47:e4:cb:11:c9:4a:e9:6d:ca:bf:c7:
         20:10:a4:39:93:03:31:1f:aa:77:b6:8e:11:a6:77:8b:8d:3b:
         77:4a:ac:a4:f7:69:18:7a:97:ba:d2:88:a6:06:91:01:51:96:
         28:b9:74:36:be:b6:eb:8d:cf:66:27:cd:1d:07:fb:ac:5d:23:
         e4:91:bf:27:ae:c9:c6:fb:19:cf:25:60:ea:c1:6c:37:47:96:
         6e:11:57:70
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUL2MrzI2CR7u9+x3sz+zVUJ8VOnAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTExYTFjOTQ3MmJkYmVhNjY4MTAxYzhiYmUxYzM1NDQy
MTQzYWM2MmUzOGQxMTE1NzdhNDhmMmYwMzBiOGE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD4lZtqcv0M4wZEl+kcZOLklraNxNKr/fvjp7vHXu0PA5Kx
vxEZQ8HjFrmvjkg4Q53bUQx/ATOX3a8pxtIDkNrLIPa6lA5EfyhfHC967LhgRvzk
enKTwdRXTXypTm74sU2osCFwgKOaObNLVWviPitH5y9uKoL2LFH2TXccTkqJFC0u
KikvP1D60bl7Wy9R8+uz0ovO8sKkFEQuomcHINjH0/o/s1zWSvyarHtbIFoL/CwK
+Jh/PptqOiE9KX4+CfJ5tIPX0YyZGctFkISC4ybGIDOcqA4s6xxfWyJErrsV+uTT
LO5IyFN2AAOLheumIp8gfCjMFC2AV5fDrI2VZJCjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUknJyzJuCauRKeYvP4cfLhHGGIS8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ0OTRjOTAxLTAyYTktNGRjOS04NTAzLWQzNThjMDQ2ZDFhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESujANBgkqhkiG9w0BAQsFAAOCAQEAXtYKAlQ8WelXp9sX/KX+rL8EyFeV
1i+4/IKrKuJw/ePlp9CAyP4LGY1eFXfQ9knutHhtI5Oe5Y9ayh8eel9PU1NktwMj
N5j54pLdOE5kuDStSCCC+W831yEqoknYHrlRMzdVT0fi8JcwFGC7htC46ch2rDyI
CwySXI93B+Izj8OmEPCw950t+d7B21rPaJk8jauHEVwanejqKVx6LwcBxF/8MQNS
2ZL4vUfkyxHJSultyr/HIBCkOZMDMR+qd7aOEaZ3i407d0qspPdpGHqXutKIpgaR
AVGWKLl0Nr62643PZifNHQf7rF0j5JG/J67JxvsZzyVg6sFsN0eWbhFXcA==
-----END CERTIFICATE-----