Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7e48273-d97f-45e2-9820-48c08d0db4f5.roa
File:                     c7e48273-d97f-45e2-9820-48c08d0db4f5.roa (raw, json)
Hash identifier:          Ng2+mNd/SJMzNqTCvIW3JWhEkkb3kq4tvcoYKTjdAVo=
Subject key identifier:   42:77:44:9F:6C:70:A9:BA:DB:65:A7:4B:D3:AE:EA:C2:8F:CB:0F:51
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       640694A92074D06FF6727D0275A06414933D0D35
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7e48273-d97f-45e2-9820-48c08d0db4f5.roa
Signing time:             Mon 14 Apr 2025 15:00:21 +0000
ROA not before:           Mon 14 Apr 2025 15:00:21 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.254.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:06:94:a9:20:74:d0:6f:f6:72:7d:02:75:a0:64:14:93:3d:0d:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 14 15:00:21 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=faedcc9ee589798e2d3d48b62d82680861d0f512291b9584773e1face5fcaf6e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2f:6e:74:ac:2b:de:80:ad:19:45:b6:52:00:
                    ca:d0:12:ab:c9:5f:17:3c:7e:e3:97:59:d9:68:f8:
                    e2:d8:42:3a:19:fc:ec:67:8d:c2:d5:91:6d:e5:95:
                    2c:6d:ca:cf:cc:95:27:e3:d8:27:24:8f:f7:9c:5f:
                    6b:d5:68:21:c0:27:a5:91:49:34:8e:c6:c6:b9:5e:
                    b6:5e:bd:5a:fa:68:2a:cf:e4:cb:6f:ea:f7:4b:c4:
                    4c:2b:db:70:c5:ed:07:3b:48:da:4f:c3:9f:18:20:
                    ec:fc:22:6b:73:17:c4:33:da:18:b8:31:47:36:f1:
                    59:e8:74:e2:d5:74:65:03:db:6c:e7:1c:6d:3d:54:
                    6f:b0:a1:1a:a7:0e:37:a7:80:fd:61:38:16:73:36:
                    bc:0f:58:35:6f:54:2b:7d:66:bf:a4:66:a0:e1:af:
                    fe:0a:a7:41:55:ae:d1:1d:2b:8e:6e:c6:11:6c:ed:
                    f1:ce:b5:50:cc:51:85:15:12:dd:12:39:1d:1b:8a:
                    47:91:ff:94:37:c3:b9:08:23:4f:0f:b3:5e:d3:e6:
                    36:82:d4:09:ba:8d:06:d5:79:73:8d:4f:db:a5:dc:
                    2b:29:71:bd:c6:2c:fe:85:df:1a:c9:24:0f:78:76:
                    c7:fb:62:82:8e:e7:c8:7f:ac:92:0a:bd:a3:b4:5f:
                    64:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:77:44:9F:6C:70:A9:BA:DB:65:A7:4B:D3:AE:EA:C2:8F:CB:0F:51
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7e48273-d97f-45e2-9820-48c08d0db4f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:b0:8d:57:60:af:4b:c3:c6:d4:e1:0d:b1:d3:8c:42:0b:4c:
         f0:4f:a2:e9:40:e2:14:ab:ed:21:dc:f1:11:51:3d:8f:9f:4d:
         cd:40:a2:fa:20:db:44:b2:28:18:d4:17:7d:fb:d1:06:1f:5c:
         a9:4c:ef:15:1d:6c:28:e4:87:5f:a7:8f:f7:37:73:36:d4:02:
         c6:a0:6f:09:61:e2:e3:47:ff:d9:89:b4:db:16:72:cd:19:47:
         37:3c:35:d4:2a:16:a7:f3:d5:4b:26:8e:10:53:97:15:db:c9:
         ad:0e:15:35:5a:67:49:b3:da:a1:6c:e2:22:77:9b:e9:d0:76:
         49:4b:b2:20:b2:fa:27:d9:71:c4:53:0c:3c:c3:ea:ed:77:79:
         d7:b3:7d:ec:53:f6:bf:53:c2:68:7b:8a:3a:b0:2e:86:a2:e7:
         44:1c:2a:3d:bb:b1:d9:f0:59:d2:89:1e:37:1f:97:fa:f1:e9:
         fd:89:77:3b:41:1d:ab:e5:60:c4:65:93:f3:d6:0a:c5:50:85:
         e0:bc:1d:a3:8b:38:e8:d7:58:0e:07:c9:21:6e:99:41:6d:7b:
         42:33:9f:91:19:64:02:05:50:06:b6:95:41:1b:46:b9:ae:43:
         a8:31:67:55:c7:69:8a:30:e1:96:4b:1e:c4:f8:72:0f:17:78:
         e1:08:97:75
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZAaUqSB00G/2cn0CdaBkFJM9DTUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE0MTUwMDIxWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWVkY2M5ZWU1ODk3OThlMmQzZDQ4YjYyZDgyNjgwODYx
ZDBmNTEyMjkxYjk1ODQ3NzNlMWZhY2U1ZmNhZjZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJL250rCvegK0ZRbZSAMrQEqvJXxc8fuOXWdlo+OLYQjoZ
/OxnjcLVkW3llSxtys/MlSfj2Cckj/ecX2vVaCHAJ6WRSTSOxsa5XrZevVr6aCrP
5Mtv6vdLxEwr23DF7Qc7SNpPw58YIOz8ImtzF8Qz2hi4MUc28VnodOLVdGUD22zn
HG09VG+woRqnDjengP1hOBZzNrwPWDVvVCt9Zr+kZqDhr/4Kp0FVrtEdK45uxhFs
7fHOtVDMUYUVEt0SOR0bikeR/5Q3w7kII08Ps17T5jaC1Am6jQbVeXONT9ul3Csp
cb3GLP6F3xrJJA94dsf7YoKO58h/rJIKvaO0X2S5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQndEn2xwqbrbZadL067qwo/LD1EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3ZTQ4MjczLWQ5N2YtNDVlMi05ODIwLTQ4YzA4ZDBkYjRmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEv4wDQYJKoZIhvcNAQELBQADggEBAEywjVdgr0vDxtThDbHTjEILTPBP
oulA4hSr7SHc8RFRPY+fTc1Aovog20SyKBjUF3370QYfXKlM7xUdbCjkh1+nj/c3
czbUAsagbwlh4uNH/9mJtNsWcs0ZRzc8NdQqFqfz1UsmjhBTlxXbya0OFTVaZ0mz
2qFs4iJ3m+nQdklLsiCy+ifZccRTDDzD6u13edezfexT9r9Twmh7ijqwLoai50Qc
Kj27sdnwWdKJHjcfl/rx6f2JdztBHavlYMRlk/PWCsVQheC8HaOLOOjXWA4HySFu
mUFte0Izn5EZZAIFUAa2lUEbRrmuQ6gxZ1XHaYow4ZZLHsT4cg8XeOEIl3U=
-----END CERTIFICATE-----