Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/80051317-81e4-416b-892a-affc2e301f81.roa
File:                     80051317-81e4-416b-892a-affc2e301f81.roa (raw, json)
Hash identifier:          45difHvIJ+Ftzr3IxQV2ehJE8jwW8dHRAX1bgfsZ9/M=
Subject key identifier:   D2:8D:58:F9:95:1F:23:97:51:D7:33:67:85:73:D7:03:1E:0E:5F:FB
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       52F8556A71D8F467FC91C508815B46A68F2A3092
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/80051317-81e4-416b-892a-affc2e301f81.roa
Signing time:             Sat 29 Mar 2025 00:10:04 +0000
ROA not before:           Sat 29 Mar 2025 00:10:04 +0000
ROA not after:            Sat 03 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.178.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:f8:55:6a:71:d8:f4:67:fc:91:c5:08:81:5b:46:a6:8f:2a:30:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Mar 29 00:10:04 2025 GMT
            Not After : May  3 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:55:1c:55:48:a4:a1:ce:57:14:bd:26:b3:58:
                    3f:3d:8e:37:49:d5:7f:bd:8c:0d:4c:6d:ae:ac:21:
                    50:df:06:23:e0:77:96:bd:01:00:55:5c:3c:03:df:
                    4d:a7:79:eb:bc:96:41:cc:ff:65:f8:a5:5a:72:43:
                    3c:30:85:45:55:f5:c8:93:aa:ed:f7:1e:c2:aa:ff:
                    d5:4c:82:30:31:37:ec:01:d4:67:39:ed:ca:69:4c:
                    c6:c3:b5:39:d0:50:cf:3e:4f:fe:f7:ca:8a:f4:af:
                    74:ed:3f:69:87:a4:78:47:0f:08:2d:ec:82:df:0e:
                    e6:e0:2a:2a:6b:6d:28:57:6a:b1:ea:84:b7:04:19:
                    77:0a:e1:5f:fd:0e:60:b3:44:35:51:31:21:b8:3b:
                    1d:65:a0:da:a0:50:a9:24:7d:9e:42:41:90:e5:dd:
                    d4:98:33:bb:59:c7:28:3c:aa:f8:e1:45:46:6b:25:
                    53:ce:80:42:d7:0c:72:63:89:7b:da:3b:05:44:c6:
                    ee:28:86:46:96:ac:bb:8c:43:ff:61:80:1c:31:47:
                    25:0f:4d:2b:03:26:88:ff:5b:d4:91:00:e2:4e:9f:
                    8a:d1:20:f4:4d:ff:3a:0c:bc:de:c5:e5:fe:ec:8e:
                    02:85:d6:2d:99:d1:4e:ce:41:00:b0:dc:24:3e:fc:
                    29:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8D:58:F9:95:1F:23:97:51:D7:33:67:85:73:D7:03:1E:0E:5F:FB
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/80051317-81e4-416b-892a-affc2e301f81.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:86:ad:36:34:6c:ff:98:10:7f:8b:c2:63:d7:5e:cc:29:ea:
         00:1d:bb:8b:d2:3a:96:99:19:07:76:3e:2b:51:24:7c:7b:33:
         89:c7:64:f1:7f:de:41:c6:34:98:f1:f1:1a:11:33:93:40:ee:
         15:59:e5:82:fc:6d:df:c8:ae:1c:56:1a:bf:59:af:85:76:7b:
         4d:94:6e:c5:0f:d8:1d:4e:3b:7d:47:87:2b:a4:03:f5:8e:d9:
         f2:0b:fa:d8:85:d0:d9:ca:01:2d:24:9b:b9:0c:d8:93:18:b5:
         3b:f0:e3:c8:eb:b1:36:a9:e3:0b:ca:2a:b7:8f:0c:ae:2e:0c:
         6f:ca:bf:2f:b5:07:df:e9:86:e2:78:f2:ff:bf:c3:f0:b4:d0:
         a4:4d:f7:66:12:0c:f6:da:63:a9:3e:03:76:3f:87:0e:0d:2c:
         d0:eb:d2:f5:29:a0:94:32:a3:c2:e9:99:e8:af:69:63:66:e3:
         2e:91:2c:4b:90:3e:84:3c:74:4b:51:37:d6:46:bf:fb:a7:75:
         d1:dc:8e:cf:8e:81:35:b9:ca:f8:f5:36:2e:bb:d3:fa:72:5a:
         6b:0b:9a:c6:12:31:d3:76:24:3b:16:81:19:ae:b2:ef:f0:a7:
         2c:f5:21:8a:40:6f:c6:c9:74:06:51:6b:7a:70:a6:65:5e:dc:
         82:b0:f8:a7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUvhVanHY9Gf8kcUIgVtGpo8qMJIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMzI5MDAxMDA0WhcNMjUwNTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDBkOGU1YWNiMTJlNWZmNTQ3ODk1MTIxMjQ4ZDZlNjMx
ZjYxZWE2NWQ1NDNjYThlMzEwNWFiMDkwZTI4MzdjMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD0VRxVSKShzlcUvSazWD89jjdJ1X+9jA1Mba6sIVDfBiPg
d5a9AQBVXDwD302neeu8lkHM/2X4pVpyQzwwhUVV9ciTqu33HsKq/9VMgjAxN+wB
1Gc57cppTMbDtTnQUM8+T/73yor0r3TtP2mHpHhHDwgt7ILfDubgKiprbShXarHq
hLcEGXcK4V/9DmCzRDVRMSG4Ox1loNqgUKkkfZ5CQZDl3dSYM7tZxyg8qvjhRUZr
JVPOgELXDHJjiXvaOwVExu4ohkaWrLuMQ/9hgBwxRyUPTSsDJoj/W9SRAOJOn4rR
IPRN/zoMvN7F5f7sjgKF1i2Z0U7OQQCw3CQ+/ClTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0o1Y+ZUfI5dR1zNnhXPXAx4OX/swHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzgwMDUxMzE3LTgxZTQtNDE2Yi04OTJhLWFmZmMyZTMwMWY4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFM37IwDQYJKoZIhvcNAQELBQADggEBAA2GrTY0bP+YEH+LwmPXXswp6gAd
u4vSOpaZGQd2PitRJHx7M4nHZPF/3kHGNJjx8RoRM5NA7hVZ5YL8bd/IrhxWGr9Z
r4V2e02UbsUP2B1OO31HhyukA/WO2fIL+tiF0NnKAS0km7kM2JMYtTvw48jrsTap
4wvKKrePDK4uDG/Kvy+1B9/phuJ48v+/w/C00KRN92YSDPbaY6k+A3Y/hw4NLNDr
0vUpoJQyo8LpmeivaWNm4y6RLEuQPoQ8dEtRN9ZGv/unddHcjs+OgTW5yvj1Ni67
0/pyWmsLmsYSMdN2JDsWgRmusu/wpyz1IYpAb8bJdAZRa3pwpmVe3IKw+Kc=
-----END CERTIFICATE-----