Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5b09980c-2595-4c1d-b49b-31358bd74d52.roa
File:                     5b09980c-2595-4c1d-b49b-31358bd74d52.roa (raw, json)
Hash identifier:          SZ3PhS850NfQOIv8DGU51ABlfKOTb1fFmDC1AhfJRyw=
Subject key identifier:   C1:9D:18:67:01:AA:F1:89:B5:30:58:98:F4:E3:BB:00:38:AE:60:7E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       50B75E3A1066BEED71873813992F3866A9D8264F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5b09980c-2595-4c1d-b49b-31358bd74d52.roa
Signing time:             Mon 31 Mar 2025 17:00:08 +0000
ROA not before:           Mon 31 Mar 2025 17:00:08 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.140.0.0/15 maxlen: 15

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:b7:5e:3a:10:66:be:ed:71:87:38:13:99:2f:38:66:a9:d8:26:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 31 17:00:08 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=d12b43ffa4cb850b51dccfb240818eb49cd2cd99106560ea81b725a7a16d1c7a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:87:53:32:59:1c:9a:5a:04:2b:3a:19:18:ef:
                    92:a1:27:d4:0f:5c:1f:85:57:29:72:6b:a8:4a:e0:
                    56:2f:aa:ae:59:9d:be:66:77:6e:87:1c:6a:b2:90:
                    76:12:3b:04:4d:d5:a5:b9:63:14:b0:c4:53:6e:c5:
                    af:25:0d:23:e1:b8:7d:ec:80:92:b3:a1:1c:67:89:
                    b4:76:b6:6d:38:6c:92:26:0f:9c:0e:c7:33:ae:ac:
                    3c:0d:76:d6:f0:9f:85:68:bc:24:2f:7c:3a:56:b9:
                    db:0d:97:c1:8f:a9:7e:68:24:53:e9:1b:d5:58:f4:
                    b1:87:80:11:2c:67:91:27:c8:cc:28:a3:93:19:e5:
                    d6:0a:74:db:67:81:17:a8:ab:33:6f:22:88:dd:9e:
                    11:7f:f5:53:cc:8a:63:c6:e9:e2:6a:6f:23:d8:21:
                    10:be:26:6e:9d:b3:ec:24:83:23:a7:86:bb:ff:ef:
                    c7:98:8f:2c:79:cb:d6:bb:17:03:be:6d:f1:2c:92:
                    7c:ea:11:e3:73:38:ba:f9:a5:45:34:5a:a6:7d:ba:
                    c9:9e:19:5e:a8:23:c8:4a:15:e4:a9:88:50:39:7c:
                    62:fb:eb:ba:34:9c:e9:c6:dd:5b:fe:af:3c:ed:5f:
                    c5:86:db:71:b1:31:1b:c8:cf:e9:e4:1b:d1:08:28:
                    05:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:9D:18:67:01:AA:F1:89:B5:30:58:98:F4:E3:BB:00:38:AE:60:7E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5b09980c-2595-4c1d-b49b-31358bd74d52.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.140.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         32:af:22:6b:82:f6:09:98:63:6e:80:89:65:70:3e:b9:5f:bb:
         de:19:b3:90:aa:d0:06:90:4c:74:f2:28:23:77:ba:c0:6c:d9:
         9a:4c:a5:28:8a:39:10:e7:e5:ab:95:70:05:41:31:ec:f4:45:
         43:fd:97:15:fc:d9:6a:b8:64:25:d1:86:54:75:83:b5:69:a1:
         5b:07:e4:c4:d4:ba:a2:c6:27:34:2b:51:7e:4d:82:45:18:b0:
         11:70:cf:0d:0a:4b:e3:59:c5:69:d0:55:1f:ba:c0:86:05:f9:
         57:11:5f:af:03:c9:8b:3f:98:94:79:ef:37:9f:b2:12:26:d0:
         a2:90:6a:dc:fc:57:5b:2b:e0:50:83:e9:82:78:3e:ff:d2:ef:
         3a:21:4b:27:1e:78:ab:7e:72:48:d4:12:ea:33:f7:ca:9b:91:
         d4:b6:6e:d8:c9:b0:d3:0d:a0:7d:11:3a:6d:f9:d8:94:3d:88:
         f6:82:d4:3c:00:e1:fc:4e:d3:56:9a:ae:28:23:96:20:4f:d5:
         49:54:9e:4f:11:77:da:e4:fe:b0:4b:64:fb:2a:b6:6e:0c:0e:
         53:16:5e:4f:ff:43:66:dd:e9:06:8b:f4:b6:29:92:cf:aa:83:
         f4:f1:99:35:dd:bf:01:d2:bb:c3:9a:03:28:04:5a:a2:6f:e9:
         70:23:35:46
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUULdeOhBmvu1xhzgTmS84ZqnYJk8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzMxMTcwMDA4WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTJiNDNmZmE0Y2I4NTBiNTFkY2NmYjI0MDgxOGViNDlj
ZDJjZDk5MTA2NTYwZWE4MWI3MjVhN2ExNmQxYzdhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0h1MyWRyaWgQrOhkY75KhJ9QPXB+FVylya6hK4FYvqq5Z
nb5md26HHGqykHYSOwRN1aW5YxSwxFNuxa8lDSPhuH3sgJKzoRxnibR2tm04bJIm
D5wOxzOurDwNdtbwn4VovCQvfDpWudsNl8GPqX5oJFPpG9VY9LGHgBEsZ5EnyMwo
o5MZ5dYKdNtngReoqzNvIojdnhF/9VPMimPG6eJqbyPYIRC+Jm6ds+wkgyOnhrv/
78eYjyx5y9a7FwO+bfEsknzqEeNzOLr5pUU0WqZ9usmeGV6oI8hKFeSpiFA5fGL7
67o0nOnG3Vv+rzztX8WG23GxMRvIz+nkG9EIKAVdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwZ0YZwGq8Ym1MFiY9OO7ADiuYH4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzViMDk5ODBjLTI1OTUtNGMxZC1iNDliLTMxMzU4YmQ3NGQ1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESjDANBgkqhkiG9w0BAQsFAAOCAQEAMq8ia4L2CZhjboCJZXA+uV+73hmz
kKrQBpBMdPIoI3e6wGzZmkylKIo5EOflq5VwBUEx7PRFQ/2XFfzZarhkJdGGVHWD
tWmhWwfkxNS6osYnNCtRfk2CRRiwEXDPDQpL41nFadBVH7rAhgX5VxFfrwPJiz+Y
lHnvN5+yEibQopBq3PxXWyvgUIPpgng+/9LvOiFLJx54q35ySNQS6jP3ypuR1LZu
2Mmw0w2gfRE6bfnYlD2I9oLUPADh/E7TVpquKCOWIE/VSVSeTxF32uT+sEtk+yq2
bgwOUxZeT/9DZt3pBov0timSz6qD9PGZNd2/AdK7w5oDKARaom/pcCM1Rg==
-----END CERTIFICATE-----