Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4cf6724f-3a3f-48d4-9f79-c57894a336dd.roa
File:                     4cf6724f-3a3f-48d4-9f79-c57894a336dd.roa (raw, json)
Hash identifier:          QZLuTerT8miMjieor++g//eSWzC28j4l/SwV864YMTQ=
Subject key identifier:   E6:42:F3:CB:98:D2:93:6B:96:DF:6C:7D:B2:D2:A7:7E:F3:7D:1E:E8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09FB85D31A62630DAF1CB4202FD3BBF86D5BC752
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4cf6724f-3a3f-48d4-9f79-c57894a336dd.roa
Signing time:             Fri 07 Mar 2025 00:01:30 +0000
ROA not before:           Fri 07 Mar 2025 00:01:30 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        136.18.50.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:fb:85:d3:1a:62:63:0d:af:1c:b4:20:2f:d3:bb:f8:6d:5b:c7:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  7 00:01:30 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:82:b9:af:1d:b9:80:a2:24:15:d6:f1:03:83:
                    14:17:ed:3f:17:96:de:79:d0:17:89:f7:4d:d7:64:
                    cc:be:dc:d5:0b:a1:32:e3:e5:88:2d:8b:c7:d1:6f:
                    74:23:78:4a:e4:f3:b5:bf:de:33:25:98:df:fd:f2:
                    67:7e:01:b6:a4:5d:83:a0:ab:d8:9c:7d:26:50:fa:
                    f7:ad:49:d1:8e:68:9d:ec:b4:6f:77:ba:d5:04:d5:
                    7d:99:0c:c9:fa:95:5a:d2:09:a2:3f:ab:f5:4a:22:
                    1e:4f:55:54:46:97:ce:3e:d8:47:a6:17:b7:8e:f1:
                    c8:f2:d0:56:73:d2:c0:01:77:53:46:ce:f9:8c:b6:
                    1f:91:e4:4c:23:3a:25:b9:f4:46:c5:93:5a:c3:56:
                    6f:8e:39:cf:a3:94:33:cb:9f:02:97:f7:59:b5:ab:
                    2b:d3:d2:8e:b7:7a:61:e1:31:d6:a0:5a:cc:3d:c0:
                    a3:cf:c7:65:47:a5:b0:29:2b:bb:19:bc:98:42:dc:
                    e2:c1:03:8a:c3:0b:37:95:cd:5b:80:a8:bc:6d:d2:
                    41:e6:64:5b:ad:c4:25:4b:44:78:45:90:5e:c8:97:
                    5e:86:f5:20:52:b6:0b:d4:08:cc:8d:4b:6b:ec:31:
                    7f:6c:1c:4f:e6:c6:64:96:45:e4:25:83:01:3f:53:
                    c3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:42:F3:CB:98:D2:93:6B:96:DF:6C:7D:B2:D2:A7:7E:F3:7D:1E:E8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4cf6724f-3a3f-48d4-9f79-c57894a336dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:6e:11:ee:a0:ee:76:fe:d9:6a:e5:61:ff:9a:e1:e0:70:f7:
         9e:80:38:44:db:a0:05:e2:93:d9:3c:0c:10:22:e1:cc:3a:ce:
         77:fc:6c:d3:fe:f5:25:e4:28:72:6e:2b:44:d8:99:9a:67:74:
         a6:28:75:ee:78:d3:8a:57:82:d3:db:69:12:11:d1:3a:4d:22:
         5c:16:bd:13:93:ea:44:6c:2d:d8:87:16:ec:b2:19:00:54:15:
         91:70:63:9c:53:86:e0:84:fe:8d:9f:30:75:6d:50:16:8a:2a:
         ea:2a:fe:46:d4:01:cd:18:67:26:4f:7e:da:14:e8:e8:d0:3b:
         5a:3f:e2:72:39:4b:01:c9:3f:f4:56:9c:fc:e9:c1:b5:51:1b:
         d4:b1:f4:01:56:c8:5c:96:5c:89:a5:06:58:e3:6f:8e:fb:8b:
         9a:32:36:c2:b5:48:1b:1a:14:4e:f5:88:56:52:6d:e3:dd:c1:
         9b:0d:9b:d9:d1:f4:48:46:d5:cd:a9:a7:3a:f4:f1:68:a3:99:
         22:e5:06:e1:86:96:c1:e3:9d:20:45:70:44:fb:f6:50:09:a0:
         ee:fe:96:3d:cb:6e:40:82:55:2c:60:81:2b:87:14:ab:2b:48:
         5e:2f:c7:06:78:81:6c:0d:31:4e:58:87:ef:b4:f1:fa:87:32:
         fe:4f:d3:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCfuF0xpiYw2vHLQgL9O7+G1bx1IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA3MDAwMTMwWhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNDA3ZGNlZDczMTkyODQ1MTg1NTUyNDc3N2EwZGUyNmMx
MDE3NTA1MTZjYjhjNmY1MDYzYTk4OTU5ODVjZTNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDigrmvHbmAoiQV1vEDgxQX7T8Xlt550BeJ903XZMy+3NUL
oTLj5Ygti8fRb3QjeErk87W/3jMlmN/98md+AbakXYOgq9icfSZQ+vetSdGOaJ3s
tG93utUE1X2ZDMn6lVrSCaI/q/VKIh5PVVRGl84+2EemF7eO8cjy0FZz0sABd1NG
zvmMth+R5EwjOiW59EbFk1rDVm+OOc+jlDPLnwKX91m1qyvT0o63emHhMdagWsw9
wKPPx2VHpbApK7sZvJhC3OLBA4rDCzeVzVuAqLxt0kHmZFutxCVLRHhFkF7Il16G
9SBStgvUCMyNS2vsMX9sHE/mxmSWReQlgwE/U8NhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5kLzy5jSk2uW32x9stKnfvN9HugwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjZjY3MjRmLTNhM2YtNDhkNC05Zjc5LWM1Nzg5NGEzMzZkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGIEjIwDQYJKoZIhvcNAQELBQADggEBAIJuEe6g7nb+2WrlYf+a4eBw956A
OETboAXik9k8DBAi4cw6znf8bNP+9SXkKHJuK0TYmZpndKYode5404pXgtPbaRIR
0TpNIlwWvROT6kRsLdiHFuyyGQBUFZFwY5xThuCE/o2fMHVtUBaKKuoq/kbUAc0Y
ZyZPftoU6OjQO1o/4nI5SwHJP/RWnPzpwbVRG9Sx9AFWyFyWXImlBljjb477i5oy
NsK1SBsaFE71iFZSbePdwZsNm9nR9EhG1c2ppzr08WijmSLlBuGGlsHjnSBFcET7
9lAJoO7+lj3LbkCCVSxggSuHFKsrSF4vxwZ4gWwNMU5Yh++08fqHMv5P08I=
-----END CERTIFICATE-----