Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5dab641b-24fb-48f2-8b71-57a07d630894.roa
File:                     5dab641b-24fb-48f2-8b71-57a07d630894.roa (raw, json)
Hash identifier:          746IAxznJ4XJQfRL1JcOdz+O3v6o5ql6jFK0ZtEyur0=
Subject key identifier:   35:2F:AC:50:21:91:BB:2A:51:D4:09:FE:6B:89:DD:A2:63:25:11:0E
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       5878C97B3F7952C04EA3F3D464BA60670B83A0C1
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5dab641b-24fb-48f2-8b71-57a07d630894.roa
Signing time:             Mon 17 Mar 2025 15:01:09 +0000
ROA not before:           Mon 17 Mar 2025 15:01:09 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.251.252.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:78:c9:7b:3f:79:52:c0:4e:a3:f3:d4:64:ba:60:67:0b:83:a0:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Mar 17 15:01:09 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b4:38:8b:87:9d:36:a3:7b:21:4d:3e:33:04:
                    8c:37:70:98:26:c9:c7:fc:b1:9b:63:91:c4:72:2e:
                    cc:f6:9b:ee:b8:ac:5f:0a:24:d7:7e:89:34:b9:70:
                    2e:22:b5:ef:30:e4:2d:94:8d:29:27:4f:1c:73:1e:
                    06:2c:a3:fa:a7:91:bb:61:f8:b8:f4:3c:09:66:d9:
                    79:46:74:d2:0e:f0:3b:f4:94:18:d2:87:7a:3b:ac:
                    18:ca:d4:1b:e8:0d:bd:e7:72:03:7d:f6:e7:e8:0e:
                    84:55:eb:5e:ce:fd:89:6a:8e:ae:d4:f4:a9:57:1f:
                    a2:49:19:34:a7:f7:e5:46:88:58:c6:59:58:49:89:
                    f7:57:73:4a:0b:8c:a0:0a:e3:8a:aa:78:49:2b:3f:
                    e5:c2:0d:3f:f3:bc:8b:04:d7:1b:46:8d:c8:b5:ab:
                    8c:aa:4d:35:51:1a:f1:44:b0:33:b6:39:17:db:a4:
                    b2:b5:eb:84:26:97:ee:21:2d:08:ab:1b:2c:c0:38:
                    b4:07:1f:62:19:13:6b:c0:82:9c:3b:f4:70:e3:6a:
                    3b:49:e0:9b:33:b6:63:62:4e:9e:f1:a0:a1:b0:7d:
                    4f:a9:de:5a:25:52:5a:dc:e3:43:44:ad:be:f5:60:
                    d7:64:cc:f9:1a:99:70:12:bf:9b:f8:43:71:a4:c4:
                    4c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2F:AC:50:21:91:BB:2A:51:D4:09:FE:6B:89:DD:A2:63:25:11:0E
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5dab641b-24fb-48f2-8b71-57a07d630894.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:a3:aa:46:9b:df:10:ce:8a:7e:6a:46:b9:3b:f1:a4:e6:e2:
         50:bd:80:5b:3f:c1:69:eb:a3:16:d8:d3:27:89:de:46:71:82:
         aa:b1:74:d1:47:cd:ba:f5:0a:f7:da:5d:d7:4d:2e:8a:13:d5:
         0b:5b:a4:45:ef:ee:ea:7c:75:38:fa:98:20:10:5a:fb:2b:84:
         bd:58:a5:fa:72:3f:f2:ef:8d:89:02:d0:13:33:6e:f4:07:cb:
         da:9a:2b:a8:d4:0d:aa:6c:54:f0:3a:a8:0f:7e:2b:b6:07:aa:
         a5:ef:73:3f:15:95:c4:67:12:0f:38:aa:0b:fb:f8:6b:aa:83:
         10:97:3a:d8:fc:42:87:23:c1:a5:7a:f7:17:3d:03:62:a6:1c:
         ef:78:82:29:b2:50:38:76:b8:7b:d7:1f:09:aa:5b:c1:04:6d:
         31:be:e9:f1:a7:b5:18:4b:a2:59:e3:e8:00:9a:26:0b:1b:17:
         2b:73:be:2b:e5:c8:cb:e4:7d:55:98:1e:0e:89:68:33:54:85:
         12:6e:80:15:27:02:c7:50:a0:c5:e0:76:aa:25:8b:44:07:51:
         d3:fa:e6:1b:0a:9b:26:6e:d2:34:4e:dd:5c:67:d8:47:91:e5:
         c9:61:19:f1:32:e7:c8:6c:72:71:2b:b7:91:e9:fd:ea:7a:ad:
         35:97:a3:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWHjJez95UsBOo/PUZLpgZwuDoMEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMzE3MTUwMTA5WhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NWEwNmQwNzI4MzY4MzYwMzk2ZWZhYTNlZTM4Y2NmMzNh
MTFkMmQ4OTc0YjBkNWU2ZDM2NWZmZGU1MmY1NTM1MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvtDiLh502o3shTT4zBIw3cJgmycf8sZtjkcRyLsz2m+64
rF8KJNd+iTS5cC4ite8w5C2UjSknTxxzHgYso/qnkbth+Lj0PAlm2XlGdNIO8Dv0
lBjSh3o7rBjK1BvoDb3ncgN99ufoDoRV617O/Ylqjq7U9KlXH6JJGTSn9+VGiFjG
WVhJifdXc0oLjKAK44qqeEkrP+XCDT/zvIsE1xtGjci1q4yqTTVRGvFEsDO2ORfb
pLK164Qml+4hLQirGyzAOLQHH2IZE2vAgpw79HDjajtJ4JsztmNiTp7xoKGwfU+p
3lolUlrc40NErb71YNdkzPkamXASv5v4Q3GkxEzpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNS+sUCGRuypR1An+a4ndomMlEQ4wHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzVkYWI2NDFiLTI0ZmItNDhmMi04YjcxLTU3YTA3ZDYzMDg5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIX+/wwDQYJKoZIhvcNAQELBQADggEBABGjqkab3xDOin5qRrk78aTm4lC9
gFs/wWnroxbY0yeJ3kZxgqqxdNFHzbr1CvfaXddNLooT1QtbpEXv7up8dTj6mCAQ
WvsrhL1YpfpyP/LvjYkC0BMzbvQHy9qaK6jUDapsVPA6qA9+K7YHqqXvcz8VlcRn
Eg84qgv7+GuqgxCXOtj8QocjwaV69xc9A2KmHO94gimyUDh2uHvXHwmqW8EEbTG+
6fGntRhLolnj6ACaJgsbFytzvivlyMvkfVWYHg6JaDNUhRJugBUnAsdQoMXgdqol
i0QHUdP65hsKmyZu0jRO3Vxn2EeR5clhGfEy58hscnErt5Hp/ep6rTWXo7c=
-----END CERTIFICATE-----