Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f09af83b-01c1-4099-8ecc-72a6e6f5b44b.roa
File:                     f09af83b-01c1-4099-8ecc-72a6e6f5b44b.roa (raw, json)
Hash identifier:          KT1bAEXg2GArQWPo/hYX3LDuAzQ7joOC1P4uHimg1qQ=
Subject key identifier:   DB:41:05:BB:44:F0:05:DC:0F:33:63:A7:F9:1F:46:D1:6A:40:2F:C1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       48348482EC65B16244A308127D102C4FCF20A3C3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f09af83b-01c1-4099-8ecc-72a6e6f5b44b.roa
Signing time:             Mon 14 Apr 2025 16:01:17 +0000
ROA not before:           Mon 14 Apr 2025 16:01:17 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.88.0.0/18 maxlen: 18

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:34:84:82:ec:65:b1:62:44:a3:08:12:7d:10:2c:4f:cf:20:a3:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 16:01:17 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=4e632fb565efcba5759d5fbf987d511cfa54ed7f3b1605f2a432e4dd1ec63217, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:15:e5:5b:65:99:1c:65:a5:4b:e9:9f:93:66:
                    ea:74:12:1b:84:66:9c:c6:50:bc:50:71:ce:81:2a:
                    d2:c2:f0:f1:36:a3:d6:10:d1:ae:d4:19:1f:00:9f:
                    13:a8:a9:ae:3b:1b:d1:9c:7b:9a:d1:4b:ee:b1:03:
                    6c:1b:31:00:d2:49:c5:f0:c8:73:3b:d3:1b:b1:2e:
                    a8:67:09:e6:1a:79:a4:ba:77:ae:46:30:3e:d3:46:
                    6f:b7:b4:37:f2:46:21:12:1d:6a:f4:60:81:0f:9a:
                    d0:da:90:c0:4a:a1:02:4e:db:9a:d7:1c:f7:7d:c0:
                    02:76:eb:33:dc:56:d5:f4:e4:98:da:d3:93:89:24:
                    af:1f:61:80:97:d4:7c:4e:ec:16:83:14:79:3b:18:
                    8a:51:8d:77:80:fc:86:d5:f1:3a:98:29:1b:7e:01:
                    70:40:32:09:cb:1c:80:f1:4e:d4:ce:26:da:13:b5:
                    3d:6a:d8:e8:23:16:bc:fe:cc:88:5e:56:0a:2d:9a:
                    23:4e:90:43:43:ee:3e:03:b2:ec:c1:85:af:54:59:
                    46:f4:ff:df:f5:ae:9b:e2:c0:21:36:a8:4f:cb:f6:
                    d9:0e:07:e3:9c:4f:8c:39:fb:45:4e:9b:f4:52:23:
                    cb:fd:2c:e4:28:ff:56:8a:40:cb:3f:77:bb:45:9f:
                    6e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:41:05:BB:44:F0:05:DC:0F:33:63:A7:F9:1F:46:D1:6A:40:2F:C1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f09af83b-01c1-4099-8ecc-72a6e6f5b44b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.88.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         3e:1e:3e:4d:7c:31:9e:70:ab:c6:77:3e:4e:79:ea:8b:54:51:
         39:05:9b:86:1f:63:9d:13:39:cc:66:e9:d0:c7:de:23:de:16:
         94:fd:7d:25:c1:8e:bc:1e:d9:97:df:6f:45:58:96:1f:a0:e2:
         ee:7a:01:3f:07:03:d2:a5:e2:9d:4f:bd:9f:8c:82:5c:bd:61:
         7f:32:35:31:f1:3c:19:57:c9:a6:b5:f0:3f:88:d2:a3:ad:07:
         6b:ce:03:9e:33:06:ed:48:86:24:7c:e1:2e:0e:fb:e9:5f:f1:
         e8:82:6f:c6:0f:d5:ab:32:08:eb:31:b0:0c:d3:90:4c:2e:3c:
         fd:35:59:df:52:99:4d:94:63:74:6c:62:48:c0:83:73:df:e6:
         d7:15:c1:76:35:be:2d:6f:51:7b:13:af:9d:fc:75:d9:72:39:
         95:a7:e8:aa:32:43:b3:ae:5d:e6:14:f3:0d:e2:37:59:6a:66:
         2d:e5:78:bf:f6:f4:d8:63:71:f1:0b:42:38:ef:b1:1f:e8:cd:
         ec:6b:73:da:14:25:ff:d3:a9:f2:58:b1:57:0a:fb:6d:ec:88:
         0c:bd:d9:4a:85:d7:b7:91:d6:b1:1b:67:e2:5b:76:26:7a:87:
         e9:54:f7:97:47:8f:83:3d:69:77:9b:6c:b4:34:e5:1b:ab:d4:
         07:30:fa:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSDSEguxlsWJEowgSfRAsT88go8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTYwMTE3WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTYzMmZiNTY1ZWZjYmE1NzU5ZDVmYmY5ODdkNTExY2Zh
NTRlZDdmM2IxNjA1ZjJhNDMyZTRkZDFlYzYzMjE3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeFeVbZZkcZaVL6Z+TZup0EhuEZpzGULxQcc6BKtLC8PE2
o9YQ0a7UGR8AnxOoqa47G9Gce5rRS+6xA2wbMQDSScXwyHM70xuxLqhnCeYaeaS6
d65GMD7TRm+3tDfyRiESHWr0YIEPmtDakMBKoQJO25rXHPd9wAJ26zPcVtX05Jja
05OJJK8fYYCX1HxO7BaDFHk7GIpRjXeA/IbV8TqYKRt+AXBAMgnLHIDxTtTOJtoT
tT1q2OgjFrz+zIheVgotmiNOkEND7j4DsuzBha9UWUb0/9/1rpviwCE2qE/L9tkO
B+OcT4w5+0VOm/RSI8v9LOQo/1aKQMs/d7tFn27zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU20EFu0TwBdwPM2On+R9G0WpAL8EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YwOWFmODNiLTAxYzEtNDA5OS04ZWNjLTcyYTZlNmY1YjQ0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYSWAAwDQYJKoZIhvcNAQELBQADggEBAD4ePk18MZ5wq8Z3Pk556otUUTkF
m4YfY50TOcxm6dDH3iPeFpT9fSXBjrwe2Zffb0VYlh+g4u56AT8HA9Kl4p1PvZ+M
gly9YX8yNTHxPBlXyaa18D+I0qOtB2vOA54zBu1IhiR84S4O++lf8eiCb8YP1asy
COsxsAzTkEwuPP01Wd9SmU2UY3RsYkjAg3Pf5tcVwXY1vi1vUXsTr538ddlyOZWn
6KoyQ7OuXeYU8w3iN1lqZi3leL/29NhjcfELQjjvsR/ozexrc9oUJf/TqfJYsVcK
+23siAy92UqF17eR1rEbZ+JbdiZ6h+lU95dHj4M9aXebbLQ05Rur1Acw+h4=
-----END CERTIFICATE-----