Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/87214f98-2497-4282-a77f-d8cf69f481ff.roa
File:                     87214f98-2497-4282-a77f-d8cf69f481ff.roa (raw, json)
Hash identifier:          kwpHzBBIHP9I9MqIVb9lDJL0UeXr1hHkF71EUD/ouHA=
Subject key identifier:   41:ED:79:8F:4A:DE:35:B1:0E:40:20:6B:FE:5D:89:D2:CA:E1:E8:AF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       476D5FCFA38AE46AEF531E836E25BF9F9F7CE3CA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/87214f98-2497-4282-a77f-d8cf69f481ff.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.244.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:6d:5f:cf:a3:8a:e4:6a:ef:53:1e:83:6e:25:bf:9f:9f:7c:e3:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:be:b7:49:64:cf:bf:f3:19:9b:aa:47:91:75:
                    44:df:98:3e:12:19:5e:52:0b:94:a6:39:1f:d9:8a:
                    cc:89:f1:55:2a:34:b9:79:b1:94:bd:85:ca:34:cb:
                    00:4b:70:77:f3:f4:22:c7:7f:80:98:b4:2f:01:b7:
                    3f:ac:12:4c:52:3a:c6:b8:dc:f3:31:5d:2b:53:a5:
                    c1:5e:ad:a8:a0:f8:8e:b1:8c:c2:a6:41:c9:17:ed:
                    b1:db:15:64:45:d7:fa:08:4d:66:6d:c8:b4:3a:58:
                    3f:1f:0f:89:81:2d:e5:5d:fa:85:be:fc:63:b3:88:
                    c9:cd:fe:c3:0e:b9:6b:4b:b1:ed:83:17:5e:5b:60:
                    e9:2d:e0:93:55:a1:2d:17:71:af:3d:ab:4b:7d:a2:
                    cc:29:a8:e7:8f:30:5f:0a:99:1d:81:cc:9f:86:82:
                    f8:37:0f:56:a7:87:6c:a4:e8:18:19:04:e6:f5:31:
                    c0:83:3c:70:87:45:05:6a:0c:36:9b:3e:f1:4f:57:
                    ec:2b:f3:f0:7b:ed:3a:3c:bd:6d:49:8d:dc:79:b5:
                    71:76:b9:6e:44:e3:4c:0c:ef:3b:63:ea:40:32:9a:
                    b6:0d:bb:13:7d:f9:55:25:23:36:42:e2:84:86:9b:
                    59:05:fd:b5:6c:af:70:45:fb:bd:67:fd:64:51:49:
                    e3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:ED:79:8F:4A:DE:35:B1:0E:40:20:6B:FE:5D:89:D2:CA:E1:E8:AF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/87214f98-2497-4282-a77f-d8cf69f481ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         76:e6:75:9c:58:b3:a3:9d:fd:1c:91:06:a4:2a:df:56:0f:a8:
         48:ec:66:8a:1d:6c:fb:78:68:d5:fb:bb:54:0b:d2:fe:45:c8:
         8c:b3:af:66:90:e1:36:3e:ee:c2:2f:d2:59:13:c9:09:37:fc:
         cf:b1:97:c2:a5:a0:87:40:ba:30:7a:5b:6b:ed:f9:28:30:6a:
         f7:6b:94:3d:86:8c:ad:bb:c8:64:0c:bb:a4:3b:4f:60:f4:5a:
         48:eb:62:de:65:e2:fe:73:89:74:af:7f:39:65:15:77:84:d8:
         78:c7:b8:b9:4d:fb:9c:c2:d7:ad:b3:03:bd:8d:31:6b:1a:86:
         57:42:6b:67:3f:31:f2:ee:13:7e:03:6a:51:aa:84:f6:23:e0:
         11:76:3a:a5:e7:00:8c:e2:e7:e7:b4:2b:03:ac:22:c5:1e:fe:
         4b:a0:9f:a3:84:78:f9:e6:b9:c1:a6:62:91:9a:23:aa:19:8b:
         2a:74:24:92:01:42:6e:25:65:48:d2:d3:26:6d:36:82:ee:5d:
         06:83:98:3e:e3:3e:28:02:b2:52:62:df:bd:6e:99:90:8c:bf:
         df:bd:eb:63:ee:1d:d1:58:dd:76:61:2a:93:da:84:7d:91:b6:
         69:5c:31:3f:34:b9:2b:4e:07:f4:52:52:8c:b0:4a:dd:68:a2:
         f2:e1:12:6e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR21fz6OK5GrvUx6DbiW/n59848owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTQ5NmQ5YmUxNDA3OTMzZjJiNzYzZGQxOTRmZjFjYjM1
ZWEyMjdjN2E0MmRlMjJlOGM2MjJjMGM0NDZhNjE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD5vrdJZM+/8xmbqkeRdUTfmD4SGV5SC5SmOR/ZisyJ8VUq
NLl5sZS9hco0ywBLcHfz9CLHf4CYtC8Btz+sEkxSOsa43PMxXStTpcFeraig+I6x
jMKmQckX7bHbFWRF1/oITWZtyLQ6WD8fD4mBLeVd+oW+/GOziMnN/sMOuWtLse2D
F15bYOkt4JNVoS0Xca89q0t9oswpqOePMF8KmR2BzJ+Ggvg3D1anh2yk6BgZBOb1
McCDPHCHRQVqDDabPvFPV+wr8/B77To8vW1Jjdx5tXF2uW5E40wM7ztj6kAymrYN
uxN9+VUlIzZC4oSGm1kF/bVsr3BF+71n/WRRSeP7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQe15j0reNbEOQCBr/l2J0srh6K8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg3MjE0Zjk4LTI0OTctNDI4Mi1hNzdmLWQ4Y2Y2OWY0ODFmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwES9DANBgkqhkiG9w0BAQsFAAOCAQEAduZ1nFizo539HJEGpCrfVg+oSOxm
ih1s+3ho1fu7VAvS/kXIjLOvZpDhNj7uwi/SWRPJCTf8z7GXwqWgh0C6MHpba+35
KDBq92uUPYaMrbvIZAy7pDtPYPRaSOti3mXi/nOJdK9/OWUVd4TYeMe4uU37nMLX
rbMDvY0xaxqGV0JrZz8x8u4TfgNqUaqE9iPgEXY6pecAjOLn57QrA6wixR7+S6Cf
o4R4+ea5waZikZojqhmLKnQkkgFCbiVlSNLTJm02gu5dBoOYPuM+KAKyUmLfvW6Z
kIy/373rY+4d0VjddmEqk9qEfZG2aVwxPzS5K04H9FJSjLBK3Wii8uESbg==
-----END CERTIFICATE-----