Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8528dc4b-312e-45ce-93d3-d1ea15bf2e99.roa
File:                     8528dc4b-312e-45ce-93d3-d1ea15bf2e99.roa (raw, json)
Hash identifier:          ROTryaIfSN2uO0rHMKw1Dqgsfw5FS8/J18x2qei2HCQ=
Subject key identifier:   C0:DB:F3:5C:22:FD:CD:14:29:AF:F3:6D:BD:0D:9D:DD:B2:F7:78:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       58F51503FE76C5C0F6BD5782E2220A37E60D5409
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8528dc4b-312e-45ce-93d3-d1ea15bf2e99.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.236.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:f5:15:03:fe:76:c5:c0:f6:bd:57:82:e2:22:0a:37:e6:0d:54:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:97:77:3d:b3:ea:e5:1f:f5:6d:f0:a1:9a:12:
                    bf:6e:90:f9:85:30:7f:9e:09:db:94:30:74:c3:2b:
                    a9:c5:b1:65:58:9f:ff:f2:fc:25:d8:d9:f0:97:7d:
                    4b:2b:31:ab:41:65:43:ba:c5:2a:52:47:35:4c:42:
                    f1:db:c6:90:bb:38:3a:b5:0a:08:26:e6:93:0d:2c:
                    df:b4:a0:90:b6:bb:12:b0:d6:62:a1:9a:08:e3:f7:
                    ea:fb:1d:cc:76:e5:0c:3f:43:14:f9:4f:7e:f9:fe:
                    65:ca:7e:5a:d4:1d:c4:72:7d:7a:10:c2:09:b5:86:
                    e6:01:e5:ae:00:2d:2b:29:3f:97:97:58:e5:ed:bc:
                    6f:bd:aa:1e:33:2d:52:47:5c:01:d1:40:bb:2d:84:
                    c2:c0:d0:95:a5:1f:38:0c:ef:fa:26:20:ba:b3:09:
                    90:65:00:c8:ce:eb:9c:8a:d4:88:d5:9b:d6:98:dc:
                    b5:dd:34:d2:4d:34:43:5d:ce:00:f9:e5:2c:7e:33:
                    5f:fd:eb:e1:b6:fc:0f:37:e4:a7:f4:f3:69:02:69:
                    f0:c8:01:a5:3c:78:79:9c:b2:9f:a9:b4:e7:86:a8:
                    df:72:a0:e1:4f:96:a7:64:2f:33:3d:6f:2d:bb:d3:
                    3d:72:79:38:b6:f4:94:a9:03:f5:f6:56:21:60:1b:
                    c4:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:DB:F3:5C:22:FD:CD:14:29:AF:F3:6D:BD:0D:9D:DD:B2:F7:78:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8528dc4b-312e-45ce-93d3-d1ea15bf2e99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.236.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         4b:82:f5:35:d8:0c:90:54:a4:55:25:11:75:c8:52:ea:08:2c:
         79:09:81:af:9c:36:a3:02:01:d9:d2:4c:cc:fa:79:e4:43:bb:
         a1:54:04:1d:f3:d4:78:26:13:c4:96:25:de:88:75:6b:b0:71:
         d8:6e:0c:19:c1:7b:a9:77:df:e4:87:f5:9a:fd:18:c1:70:61:
         52:08:24:f6:f2:ad:d8:2f:16:aa:35:c9:52:75:60:a0:08:2a:
         92:7c:5b:9b:45:21:de:67:cf:12:3e:47:5d:c0:35:54:94:eb:
         96:e2:35:f3:1d:48:1c:d9:4e:89:24:f6:b0:e6:3b:74:51:05:
         b1:86:aa:e3:af:76:ac:fa:0c:45:5d:d2:2d:21:7f:ae:80:d8:
         55:df:25:95:cb:68:7d:bc:be:9c:a2:14:fe:c9:ac:52:55:ad:
         fc:06:f1:8d:82:4e:40:72:eb:30:09:bc:93:7d:c7:28:26:a1:
         34:62:fe:c7:3e:19:80:47:0e:58:12:c1:6a:50:57:83:3a:ee:
         3c:3e:1d:a6:ce:b7:c9:7f:15:6e:32:cd:8a:ca:f2:80:93:7a:
         b3:5f:e3:08:aa:c1:91:3f:8d:a8:13:ec:a1:5f:60:fa:c6:a2:
         28:46:c6:a6:9f:7d:f2:7d:ee:e8:33:6d:c5:d4:c0:ee:09:63:
         b7:cc:c9:50
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWPUVA/52xcD2vVeC4iIKN+YNVAkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEzMDAwMDAwWhcNMjUwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDM4MTZjMDBkNGY2ZmI4N2FhM2VmMmFlMjNmODYwMjgx
N2VmOWEyZjI2ZTU2YmVhOWNkMTk2NDY0NGU2MTkzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXl3c9s+rlH/Vt8KGaEr9ukPmFMH+eCduUMHTDK6nFsWVY
n//y/CXY2fCXfUsrMatBZUO6xSpSRzVMQvHbxpC7ODq1Cggm5pMNLN+0oJC2uxKw
1mKhmgjj9+r7Hcx25Qw/QxT5T375/mXKflrUHcRyfXoQwgm1huYB5a4ALSspP5eX
WOXtvG+9qh4zLVJHXAHRQLsthMLA0JWlHzgM7/omILqzCZBlAMjO65yK1IjVm9aY
3LXdNNJNNENdzgD55Sx+M1/96+G2/A835Kf082kCafDIAaU8eHmcsp+ptOeGqN9y
oOFPlqdkLzM9by270z1yeTi29JSpA/X2ViFgG8Q7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwNvzXCL9zRQpr/NtvQ2d3bL3eMowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg1MjhkYzRiLTMxMmUtNDVjZS05M2QzLWQxZWExNWJmMmU5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwES7DANBgkqhkiG9w0BAQsFAAOCAQEAS4L1NdgMkFSkVSURdchS6ggseQmB
r5w2owIB2dJMzPp55EO7oVQEHfPUeCYTxJYl3oh1a7Bx2G4MGcF7qXff5If1mv0Y
wXBhUggk9vKt2C8WqjXJUnVgoAgqknxbm0Uh3mfPEj5HXcA1VJTrluI18x1IHNlO
iST2sOY7dFEFsYaq4692rPoMRV3SLSF/roDYVd8llctofby+nKIU/smsUlWt/Abx
jYJOQHLrMAm8k33HKCahNGL+xz4ZgEcOWBLBalBXgzruPD4dps63yX8VbjLNisry
gJN6s1/jCKrBkT+NqBPsoV9g+saiKEbGpp998n3u6DNtxdTA7gljt8zJUA==
-----END CERTIFICATE-----