Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/886e4de3-8743-4cfc-bbe9-f4d8fe0824b9.roa
File:                     886e4de3-8743-4cfc-bbe9-f4d8fe0824b9.roa (raw, json)
Hash identifier:          KQRkwBkHKzSd8IFQloOXrVp5wdx2L3mDORh9ZJ5JOl4=
Subject key identifier:   F3:84:64:7E:36:24:63:DA:A5:F8:F1:B6:A0:90:33:08:EE:9D:14:B1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       184FA39ACA42A5173DDD1DDB47E99AEBDEB8EDFA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/886e4de3-8743-4cfc-bbe9-f4d8fe0824b9.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.99.32.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:4f:a3:9a:ca:42:a5:17:3d:dd:1d:db:47:e9:9a:eb:de:b8:ed:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b9:a3:b3:ed:aa:ef:0d:0a:55:ed:6c:e3:64:
                    a2:c3:0c:83:4f:f2:14:b1:2d:78:29:23:26:fd:e1:
                    a6:0f:bd:e4:d8:60:24:6f:66:36:e9:ae:bf:af:66:
                    c1:72:1c:93:4b:ae:dd:59:58:db:66:04:fe:0e:2d:
                    9a:35:0d:e3:e9:28:1d:30:2e:74:36:f3:1a:42:d8:
                    d9:39:66:f4:7e:77:aa:ba:27:d1:a4:41:db:8d:08:
                    0c:9e:46:8f:ce:15:09:61:51:7d:73:95:f4:2c:a9:
                    fa:58:5f:d2:1f:77:49:4f:94:0e:b7:0c:2e:69:87:
                    4e:e0:8f:67:10:44:61:3d:97:43:cb:2a:93:73:36:
                    15:ab:89:02:19:fa:22:32:aa:7c:83:46:cb:f0:e0:
                    9d:4a:19:2d:ba:c8:50:8e:71:b1:68:17:c8:35:f0:
                    12:b8:0e:48:24:a5:75:cc:e3:d8:33:98:7f:24:f5:
                    b4:fd:41:de:eb:ee:ce:a5:ec:ad:aa:da:f9:14:7a:
                    f4:ba:13:38:b1:92:c4:dc:7b:b9:2b:df:f0:31:48:
                    15:a1:d9:2b:e7:1e:02:f6:31:1e:26:86:07:2e:08:
                    69:ad:61:f2:3b:fe:a4:b4:13:c0:fa:32:56:00:c8:
                    6d:b1:3b:e5:99:0b:75:b5:21:69:c6:a9:ee:ca:23:
                    26:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:84:64:7E:36:24:63:DA:A5:F8:F1:B6:A0:90:33:08:EE:9D:14:B1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/886e4de3-8743-4cfc-bbe9-f4d8fe0824b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.99.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:f6:47:d1:ac:1b:d9:c4:e7:6d:09:57:6b:af:28:56:09:2c:
         e5:64:0e:15:42:0f:08:a9:e5:05:99:55:12:60:2e:32:39:d8:
         65:1f:bb:d9:3c:3f:f8:ad:4a:f8:02:27:9c:29:73:7f:cb:89:
         76:4b:15:09:9c:9b:d0:c7:91:73:73:50:0f:21:4e:8e:21:44:
         50:3b:37:42:6a:d6:95:75:65:21:3f:3c:88:1f:f6:67:16:e4:
         e8:4f:11:1d:2f:52:85:ec:0c:86:57:a9:7f:ef:7f:f3:71:9d:
         ad:cd:74:09:cf:51:48:94:7c:70:90:4a:77:62:88:02:59:86:
         a4:c0:ca:41:54:4c:51:df:d5:24:18:21:b6:12:6f:4a:70:b0:
         1e:ca:7c:f3:63:a4:2f:01:38:18:a5:a4:2e:e4:77:d0:72:a3:
         4f:d5:a2:94:06:ef:4b:16:55:33:9d:87:80:d1:75:75:3e:17:
         cb:05:8a:f2:be:a0:a2:d3:e6:a3:d6:e9:c8:79:68:0d:93:05:
         9e:65:8e:f0:7f:5a:c5:2c:96:c6:95:8b:23:96:31:eb:36:a4:
         ab:26:32:b2:4a:e2:a7:a6:13:2e:a0:6d:03:c2:1d:07:51:e4:
         13:73:5a:e9:ac:f6:dd:a5:35:71:42:63:ab:ed:4d:10:89:fb:
         b6:6f:7b:9c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGE+jmspCpRc93R3bR+ma69647fowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTFmZTE1MDU2MGZlZWQxN2IyNWQ4MDEzMWRhMjFiODUx
MDc3ZjZiMzc1MWNkM2NjMDBhZjQxZGMzODBmZjk0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHuaOz7arvDQpV7WzjZKLDDINP8hSxLXgpIyb94aYPveTY
YCRvZjbprr+vZsFyHJNLrt1ZWNtmBP4OLZo1DePpKB0wLnQ28xpC2Nk5ZvR+d6q6
J9GkQduNCAyeRo/OFQlhUX1zlfQsqfpYX9Ifd0lPlA63DC5ph07gj2cQRGE9l0PL
KpNzNhWriQIZ+iIyqnyDRsvw4J1KGS26yFCOcbFoF8g18BK4DkgkpXXM49gzmH8k
9bT9Qd7r7s6l7K2q2vkUevS6EzixksTce7kr3/AxSBWh2SvnHgL2MR4mhgcuCGmt
YfI7/qS0E8D6MlYAyG2xO+WZC3W1IWnGqe7KIybFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU84RkfjYkY9ql+PG2oJAzCO6dFLEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg4NmU0ZGUzLTg3NDMtNGNmYy1iYmU5LWY0ZDhmZTA4MjRiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUSYyAwDQYJKoZIhvcNAQELBQADggEBADj2R9GsG9nE520JV2uvKFYJLOVk
DhVCDwip5QWZVRJgLjI52GUfu9k8P/itSvgCJ5wpc3/LiXZLFQmcm9DHkXNzUA8h
To4hRFA7N0Jq1pV1ZSE/PIgf9mcW5OhPER0vUoXsDIZXqX/vf/Nxna3NdAnPUUiU
fHCQSndiiAJZhqTAykFUTFHf1SQYIbYSb0pwsB7KfPNjpC8BOBilpC7kd9Byo0/V
opQG70sWVTOdh4DRdXU+F8sFivK+oKLT5qPW6ch5aA2TBZ5ljvB/WsUslsaViyOW
Mes2pKsmMrJK4qemEy6gbQPCHQdR5BNzWums9t2lNXFCY6vtTRCJ+7Zve5w=
-----END CERTIFICATE-----