Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d7ef98b-4bfd-4aa1-a626-740050af71b3.roa
File:                     9d7ef98b-4bfd-4aa1-a626-740050af71b3.roa (raw, json)
Hash identifier:          QE+UHHD+Br9WXRu0GRDHS5uD2+xntk2+zn+Ea+twR2g=
Subject key identifier:   96:66:74:3A:60:BD:68:B4:8A:F7:96:BF:29:15:64:85:A7:A7:A0:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A81BB316BA004F6CB4B02A78FD4DA06498D9A8A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d7ef98b-4bfd-4aa1-a626-740050af71b3.roa
Signing time:             Mon 14 Apr 2025 15:01:24 +0000
ROA not before:           Mon 14 Apr 2025 15:01:24 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.136.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:81:bb:31:6b:a0:04:f6:cb:4b:02:a7:8f:d4:da:06:49:8d:9a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 14 15:01:24 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=3a0908107a1035834d65620d8c23fc33a2f35aea1f54afbb04d02f5419c632c3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:50:3d:72:7d:81:81:34:14:cb:86:0e:41:fe:
                    8e:33:26:d4:45:43:17:a9:22:9a:6c:a3:22:33:ba:
                    b8:e1:8d:97:5f:31:de:1a:be:cd:fa:20:fe:f8:39:
                    3f:ef:2c:03:ff:0e:8e:00:56:ce:33:43:23:ad:a5:
                    d4:04:ad:99:65:a2:36:a1:13:bd:96:28:04:0a:47:
                    0f:5b:6e:78:05:c0:dc:c1:36:96:0a:6c:89:da:4c:
                    73:89:03:7b:e6:e6:bc:13:d3:eb:74:57:d5:de:e1:
                    b4:04:a9:91:bb:db:a3:2f:b0:f2:d7:6f:a5:21:c7:
                    39:ea:9f:18:6f:af:06:bc:19:1f:4b:6e:8b:a3:33:
                    fc:83:c1:1d:bd:c3:44:c7:8c:84:bc:34:fe:85:4d:
                    ee:12:b3:72:00:77:85:24:28:60:ba:be:e5:0d:01:
                    68:74:dd:f0:12:d0:79:4f:2e:b7:7b:c2:e3:a8:78:
                    2e:b8:11:87:dd:7f:f6:b7:dd:df:ee:ca:61:fb:65:
                    a5:d1:de:66:14:45:4f:d4:66:e0:e3:fe:cf:76:cb:
                    f9:41:a9:54:65:3f:33:a2:a6:0c:1e:87:e0:91:2d:
                    20:4a:06:df:c4:3b:6e:15:9b:ed:d4:e8:41:07:ea:
                    32:91:5d:53:6e:fd:1d:ce:0d:05:2e:58:6e:5a:c2:
                    ad:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:66:74:3A:60:BD:68:B4:8A:F7:96:BF:29:15:64:85:A7:A7:A0:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d7ef98b-4bfd-4aa1-a626-740050af71b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a1:31:24:35:24:a7:9c:c3:a3:cc:10:67:f2:da:ef:38:b0:
         4f:e6:8b:e7:98:ca:77:c6:5f:16:85:95:d5:2e:e6:a8:5f:55:
         eb:1e:6c:c9:e7:29:9b:58:67:75:e8:bd:b7:2d:cb:24:fb:2c:
         b1:60:eb:6c:ef:c6:cc:74:16:b9:9d:73:1c:e4:b8:bd:21:72:
         49:ab:75:e7:7c:2e:39:64:41:fc:20:f1:f9:bd:bd:8c:f4:d5:
         ae:0a:92:58:de:9d:4a:85:03:ed:34:7b:9b:bf:7d:ac:da:4b:
         5d:a6:8a:f0:9c:c5:de:67:11:bf:fd:40:2c:8b:a8:38:bb:f8:
         a7:a1:a1:57:cd:1d:34:a2:01:2e:1b:26:4d:53:90:cb:2f:1e:
         30:8a:02:de:06:3c:77:cb:02:68:4f:f7:23:74:19:61:1b:82:
         e2:2e:48:b7:a8:cd:53:b8:9f:ae:e9:f5:9a:f0:07:21:6a:51:
         c4:2e:40:93:e4:c4:ab:41:a5:ce:c5:44:10:f4:7d:39:75:23:
         51:92:4c:18:cf:ea:35:f6:73:d0:6e:da:62:b9:d9:ac:88:10:
         51:50:0f:83:1f:1d:f9:7e:97:e5:bc:5e:69:e1:e2:73:d5:a0:
         fe:14:e6:f2:b3:1e:5c:ae:84:97:0a:8c:5a:d2:d9:d5:fe:17:
         27:6a:17:d9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSoG7MWugBPbLSwKnj9TaBkmNmoowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE0MTUwMTI0WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTA5MDgxMDdhMTAzNTgzNGQ2NTYyMGQ4YzIzZmMzM2Ey
ZjM1YWVhMWY1NGFmYmIwNGQwMmY1NDE5YzYzMmMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDUD1yfYGBNBTLhg5B/o4zJtRFQxepIppsoyIzurjhjZdf
Md4avs36IP74OT/vLAP/Do4AVs4zQyOtpdQErZllojahE72WKAQKRw9bbngFwNzB
NpYKbInaTHOJA3vm5rwT0+t0V9Xe4bQEqZG726MvsPLXb6Uhxznqnxhvrwa8GR9L
boujM/yDwR29w0THjIS8NP6FTe4Ss3IAd4UkKGC6vuUNAWh03fAS0HlPLrd7wuOo
eC64EYfdf/a33d/uymH7ZaXR3mYURU/UZuDj/s92y/lBqVRlPzOipgweh+CRLSBK
Bt/EO24Vm+3U6EEH6jKRXVNu/R3ODQUuWG5awq11AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlmZ0OmC9aLSK95a/KRVkhaenoEowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkN2VmOThiLTRiZmQtNGFhMS1hNjI2LTc0MDA1MGFmNzFiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEogwDQYJKoZIhvcNAQELBQADggEBAB+hMSQ1JKecw6PMEGfy2u84sE/m
i+eYynfGXxaFldUu5qhfVesebMnnKZtYZ3XovbctyyT7LLFg62zvxsx0Frmdcxzk
uL0hckmrded8LjlkQfwg8fm9vYz01a4KkljenUqFA+00e5u/fazaS12mivCcxd5n
Eb/9QCyLqDi7+KehoVfNHTSiAS4bJk1TkMsvHjCKAt4GPHfLAmhP9yN0GWEbguIu
SLeozVO4n67p9ZrwByFqUcQuQJPkxKtBpc7FRBD0fTl1I1GSTBjP6jX2c9Bu2mK5
2ayIEFFQD4MfHfl+l+W8Xmnh4nPVoP4U5vKzHlyuhJcKjFrS2dX+FydqF9k=
-----END CERTIFICATE-----