Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a053781e-694c-4266-815e-b30ac527ee8b.roa
File:                     a053781e-694c-4266-815e-b30ac527ee8b.roa (raw, json)
Hash identifier:          O3PeINVLMxa3LVZcr9q/KAc5GMyQAGcEJp0pKR1cUtw=
Subject key identifier:   74:B5:76:FB:4B:2F:ED:0F:E5:3A:3C:7E:D8:B2:8D:CF:60:C1:18:9A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       477D880FB647FB44D2F1ADA45FAA0A9E0F968567
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a053781e-694c-4266-815e-b30ac527ee8b.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        18.39.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:7d:88:0f:b6:47:fb:44:d2:f1:ad:a4:5f:aa:0a:9e:0f:96:85:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:78:a5:be:e8:be:7b:74:d7:de:ef:dd:e5:ce:
                    a2:34:92:19:52:48:14:36:ec:bc:a8:a6:0e:ea:8a:
                    5c:a4:4d:93:31:fe:51:a8:56:c6:78:16:c0:d1:5f:
                    75:d3:e8:21:92:7f:08:33:9d:29:3e:e3:4f:47:67:
                    08:1f:42:c3:85:d8:de:fa:d3:8a:6d:56:6d:cb:6b:
                    a2:49:a7:c0:51:0f:98:62:58:33:03:26:73:fb:58:
                    94:7e:83:27:6a:4d:67:8a:eb:29:c5:f1:89:f6:8f:
                    9f:aa:ed:ca:2a:72:53:87:c8:84:18:8c:61:44:d4:
                    54:e5:d6:5a:bc:fa:00:21:f3:0c:8e:5d:40:2d:0e:
                    07:95:7a:19:ea:8b:33:8c:8d:c2:ad:61:00:93:58:
                    62:44:85:f0:6e:5e:45:1d:d8:59:da:8e:fe:5d:1f:
                    97:f4:c4:35:23:5b:82:e4:93:b4:ff:2a:3e:69:d8:
                    a2:ed:14:f0:b7:9e:c9:b8:a2:a9:66:a0:5e:99:6a:
                    eb:0e:3f:b9:a8:a2:c9:62:80:a7:c5:76:db:ba:df:
                    ba:41:3e:f0:3c:c0:a4:6f:5b:9f:32:74:46:d6:f7:
                    06:6d:85:51:e0:15:2f:6f:7b:75:48:0b:7d:82:d9:
                    24:6c:d3:99:fd:3e:60:1c:0c:79:a6:25:78:67:b6:
                    21:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:B5:76:FB:4B:2F:ED:0F:E5:3A:3C:7E:D8:B2:8D:CF:60:C1:18:9A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a053781e-694c-4266-815e-b30ac527ee8b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.39.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7c:56:69:cc:a9:f0:ae:29:85:62:dd:63:fe:c2:a4:cd:8e:5c:
         2e:58:e4:f6:f0:b4:14:85:be:c3:36:43:72:af:5d:e4:a1:0e:
         69:fd:b8:27:1a:3f:6e:9f:fc:4e:3b:f0:3a:4f:0b:86:d0:fd:
         9c:2f:33:b6:cc:37:40:a8:0e:8f:d5:66:66:c2:d4:d1:da:ad:
         ac:19:e4:a8:9f:8c:db:c0:02:2c:0c:61:35:92:83:36:78:7b:
         d3:9c:86:17:66:73:44:7a:66:25:fe:93:48:3c:d9:8d:ba:c0:
         c4:77:6d:2e:7e:98:a6:ef:34:b0:89:9c:89:8d:5a:37:cb:42:
         f4:26:f2:90:17:31:11:4b:63:31:fa:46:3b:2c:04:b1:04:f0:
         39:d9:48:63:ba:d1:39:d2:48:4a:1d:8e:f9:cf:04:93:87:d8:
         7d:6b:84:51:92:b5:fb:2a:ec:01:0a:8f:01:50:f6:68:ec:85:
         31:5b:1d:eb:59:83:85:c5:0c:51:7e:b4:22:12:c1:e4:0b:c5:
         21:a9:27:91:75:17:67:ce:08:cb:82:0c:d6:5d:d9:5d:17:88:
         f5:9b:81:dc:ae:eb:3e:fc:c5:e5:17:cc:a8:ca:03:b3:1a:53:
         dd:57:7d:46:b4:a9:4f:54:9b:0d:28:dc:87:ab:00:6a:18:62:
         82:40:a2:05
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR32ID7ZH+0TS8a2kX6oKng+WhWcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxODEyNGJkYzJkMTVmNmQ4YTYzMGZkNmUyM2NkY2U3NGI0
OTRjNGY0NmU4YjU4OWEwNzI1NTNiNjQ3MTA4NTRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqeKW+6L57dNfe793lzqI0khlSSBQ27Lyopg7qilykTZMx
/lGoVsZ4FsDRX3XT6CGSfwgznSk+409HZwgfQsOF2N7604ptVm3La6JJp8BRD5hi
WDMDJnP7WJR+gydqTWeK6ynF8Yn2j5+q7coqclOHyIQYjGFE1FTl1lq8+gAh8wyO
XUAtDgeVehnqizOMjcKtYQCTWGJEhfBuXkUd2Fnajv5dH5f0xDUjW4Lkk7T/Kj5p
2KLtFPC3nsm4oqlmoF6ZausOP7moosligKfFdtu637pBPvA8wKRvW58ydEbW9wZt
hVHgFS9ve3VIC32C2SRs05n9PmAcDHmmJXhntiHXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUdLV2+0sv7Q/lOjx+2LKNz2DBGJowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EwNTM3ODFlLTY5NGMtNDI2Ni04MTVlLWIzMGFjNTI3ZWU4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASJzANBgkqhkiG9w0BAQsFAAOCAQEAfFZpzKnwrimFYt1j/sKkzY5cLljk
9vC0FIW+wzZDcq9d5KEOaf24Jxo/bp/8TjvwOk8LhtD9nC8ztsw3QKgOj9VmZsLU
0dqtrBnkqJ+M28ACLAxhNZKDNnh705yGF2ZzRHpmJf6TSDzZjbrAxHdtLn6Ypu80
sImciY1aN8tC9CbykBcxEUtjMfpGOywEsQTwOdlIY7rROdJISh2O+c8Ek4fYfWuE
UZK1+yrsAQqPAVD2aOyFMVsd61mDhcUMUX60IhLB5AvFIaknkXUXZ84Iy4IM1l3Z
XReI9ZuB3K7rPvzF5RfMqMoDsxpT3Vd9RrSpT1SbDSjch6sAahhigkCiBQ==
-----END CERTIFICATE-----