Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a11252a-2e01-45b8-9435-cfe1354f76d6.roa
File:                     8a11252a-2e01-45b8-9435-cfe1354f76d6.roa (raw, json)
Hash identifier:          Au0inr17EkCjG82gCvjJAT5wvi2+OifEvTHEOp29h1Y=
Subject key identifier:   89:B3:F2:A3:F4:16:55:36:CF:CA:CC:3F:CF:EA:F3:92:37:89:85:26
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       7A755F46EE04E5D80EDDB0D620309B2DAE5D790A
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a11252a-2e01-45b8-9435-cfe1354f76d6.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        23.249.210.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:75:5f:46:ee:04:e5:d8:0e:dd:b0:d6:20:30:9b:2d:ae:5d:79:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:88:80:e9:76:9a:84:b2:32:67:a3:77:86:f1:
                    4b:01:f4:21:1c:11:7e:3e:02:90:90:b2:87:db:8e:
                    a5:5d:74:47:bb:d1:65:02:b5:9c:cb:df:8a:61:5a:
                    99:6d:c1:1b:70:ad:1f:4d:dc:17:e0:71:b1:68:8b:
                    3e:a9:9f:16:51:34:4d:b3:3e:eb:29:19:2d:0e:80:
                    d7:39:84:fb:00:9e:e8:84:e7:8b:0b:01:ed:2e:b9:
                    9a:70:f8:02:2d:9f:e5:50:53:9e:a0:44:65:95:cb:
                    18:00:1e:82:56:26:21:e8:37:44:28:65:3d:b6:3d:
                    91:f1:41:51:cb:27:39:b1:79:8a:cc:be:63:84:c7:
                    d9:5b:b0:01:92:4b:02:16:41:87:67:86:81:23:1a:
                    a8:cb:a3:9d:c5:8a:85:1d:c0:ca:e0:eb:30:ae:f0:
                    05:9a:56:47:cd:ef:b9:1a:e5:bb:59:13:fd:df:05:
                    f7:78:a5:6d:0c:85:3c:fe:3f:13:a7:ed:12:52:b8:
                    64:e2:b7:32:22:1a:79:da:3a:56:f0:4c:99:85:7a:
                    0b:f2:71:af:3a:f1:b7:6b:96:d5:83:3e:44:4f:74:
                    fd:9a:55:60:3f:61:e3:4e:c1:7f:41:fc:b0:7a:02:
                    3c:e5:f7:51:37:c3:09:8a:b9:60:3b:46:06:be:af:
                    33:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B3:F2:A3:F4:16:55:36:CF:CA:CC:3F:CF:EA:F3:92:37:89:85:26
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a11252a-2e01-45b8-9435-cfe1354f76d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:3c:93:28:9f:9a:7a:79:db:bb:f6:d7:1d:e4:70:70:b7:14:
         72:32:3f:4a:c1:6b:e4:8d:c4:77:7d:ea:3f:21:66:e9:28:a9:
         98:10:da:92:f9:99:84:f3:f4:d7:e6:aa:82:8f:20:c6:6e:fb:
         9f:af:a5:3e:2f:03:62:ae:a1:06:f5:13:28:eb:85:71:cf:ed:
         b3:bb:30:46:f6:e5:c5:ec:c1:17:fe:35:f9:2e:57:13:16:90:
         e0:61:ef:f4:d4:50:2d:83:2c:6a:69:16:7a:67:5d:e0:fd:f5:
         8f:1c:7e:7d:41:ec:17:dc:a2:75:26:b5:d0:9f:97:cf:c9:d2:
         ea:51:e5:89:6b:c3:b2:ed:30:de:b0:0e:7d:48:b2:ae:26:e8:
         fc:5e:11:81:e2:ab:a2:65:5a:9b:02:03:b4:c6:fa:cb:4a:34:
         e6:5d:52:5b:a5:3f:15:df:1c:70:b4:04:3f:af:ea:7c:bc:e0:
         9d:fd:91:23:75:76:0b:5b:90:f9:f8:89:3d:6d:31:50:0a:9d:
         eb:22:31:c4:a2:31:e4:9c:ed:24:db:82:f8:8a:16:4d:6a:0b:
         9f:21:fe:54:c4:46:1a:bc:ba:9b:9f:3b:7d:d6:de:5b:55:14:
         46:7f:a5:9b:88:7b:58:03:d0:e8:cc:85:e0:fb:e2:b3:d7:fa:
         39:d4:05:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUenVfRu4E5dgO3bDWIDCbLa5deQowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTIyNTJhMzI5YTFlOTQ3ZDk4ZjVlNzcwN2Q3ZjgzZDg2
NmMyY2NhODkwYjkyMDQxMzMxMTI2Mzk1ZmE3ZGEyMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdiIDpdpqEsjJno3eG8UsB9CEcEX4+ApCQsofbjqVddEe7
0WUCtZzL34phWpltwRtwrR9N3BfgcbFoiz6pnxZRNE2zPuspGS0OgNc5hPsAnuiE
54sLAe0uuZpw+AItn+VQU56gRGWVyxgAHoJWJiHoN0QoZT22PZHxQVHLJzmxeYrM
vmOEx9lbsAGSSwIWQYdnhoEjGqjLo53FioUdwMrg6zCu8AWaVkfN77ka5btZE/3f
Bfd4pW0MhTz+PxOn7RJSuGTitzIiGnnaOlbwTJmFegvyca868bdrltWDPkRPdP2a
VWA/YeNOwX9B/LB6Ajzl91E3wwmKuWA7Rga+rzOnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUibPyo/QWVTbPysw/z+rzkjeJhSYwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzhhMTEyNTJhLTJlMDEtNDViOC05NDM1LWNmZTEzNTRmNzZkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEX+dIwDQYJKoZIhvcNAQELBQADggEBADc8kyifmnp527v21x3kcHC3FHIy
P0rBa+SNxHd96j8hZukoqZgQ2pL5mYTz9NfmqoKPIMZu+5+vpT4vA2KuoQb1Eyjr
hXHP7bO7MEb25cXswRf+NfkuVxMWkOBh7/TUUC2DLGppFnpnXeD99Y8cfn1B7Bfc
onUmtdCfl8/J0upR5Ylrw7LtMN6wDn1Isq4m6PxeEYHiq6JlWpsCA7TG+stKNOZd
UlulPxXfHHC0BD+v6ny84J39kSN1dgtbkPn4iT1tMVAKnesiMcSiMeSc7STbgviK
Fk1qC58h/lTERhq8upufO33W3ltVFEZ/pZuIe1gD0OjMheD74rPX+jnUBU0=
-----END CERTIFICATE-----