Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b9bfd24e-7c6a-44a6-adcf-d47b47f8fee6.roa
File:                     b9bfd24e-7c6a-44a6-adcf-d47b47f8fee6.roa (raw, json)
Hash identifier:          xquRK0n8n0aqYjjvarB4H8+I7uPF4/X9OBuJujhDzzA=
Subject key identifier:   E0:1C:AB:F9:1B:0A:A9:93:74:3B:BE:7A:4F:D2:09:E7:B5:0D:0B:7E
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       226C108155BC144E67DD103ED93265A9F586C490
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b9bfd24e-7c6a-44a6-adcf-d47b47f8fee6.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        76.223.176.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:6c:10:81:55:bc:14:4e:67:dd:10:3e:d9:32:65:a9:f5:86:c4:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f4:6d:10:e0:a2:27:f3:08:1d:6c:ad:23:df:
                    8d:78:f8:d8:41:9d:5d:fc:15:6d:6f:a1:bf:84:ba:
                    16:f2:44:40:93:d2:c3:d4:e5:fb:e2:99:f0:8f:47:
                    eb:d2:b2:79:90:a8:6f:17:2c:30:84:f7:6a:0e:64:
                    5a:27:1c:84:65:b7:ed:4d:46:e1:b3:44:2d:99:a4:
                    35:9c:3e:88:dd:8f:87:c8:95:4a:04:8c:08:d7:be:
                    ba:09:21:92:31:c6:de:29:da:b4:e1:ba:39:ca:6d:
                    e8:46:52:45:ab:10:bc:98:03:c9:76:cf:9d:2d:a2:
                    2c:6f:34:49:8e:ae:9e:0d:a7:5b:b5:19:4a:8f:1a:
                    1c:3a:57:6d:85:fe:9c:6f:ca:f2:a8:23:c2:44:21:
                    ce:d8:d7:33:25:4d:e3:cd:87:e1:ff:7b:59:0a:5e:
                    a9:3d:e1:26:91:5a:c0:3c:31:41:ff:87:00:7a:34:
                    00:9b:ef:b0:e4:1f:15:68:f5:07:e7:b5:ad:67:c4:
                    27:3b:63:91:2d:1e:cf:de:0b:7e:0c:f3:dd:62:7e:
                    40:0b:3b:e1:08:37:62:d2:12:a7:58:8c:07:f5:cd:
                    86:ae:d5:d9:e3:9c:59:08:73:b6:cf:79:f2:53:72:
                    da:9b:00:be:c1:00:14:8e:d7:3d:e6:33:b0:88:52:
                    2c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1C:AB:F9:1B:0A:A9:93:74:3B:BE:7A:4F:D2:09:E7:B5:0D:0B:7E
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b9bfd24e-7c6a-44a6-adcf-d47b47f8fee6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8d:70:4c:f1:73:24:ff:e9:4f:70:a5:4c:53:da:94:9a:43:22:
         6b:32:92:85:eb:0d:bc:55:1e:73:89:0b:cd:dc:2e:83:39:8c:
         49:79:bd:a6:82:1e:f9:09:d7:80:57:46:a1:aa:2d:d6:9e:4e:
         d7:7d:de:f3:03:be:85:e7:97:a6:f5:b9:19:22:b8:fd:33:ff:
         85:14:57:17:75:8c:7d:90:15:76:98:05:55:71:5f:03:d9:79:
         79:c6:dd:14:38:62:40:77:f7:d2:14:cc:67:a2:5e:c1:6b:40:
         00:ae:fe:8f:63:e2:1a:08:c4:63:69:88:5d:41:40:e2:a4:52:
         41:24:e4:2e:5b:a8:4d:28:5a:95:6d:a9:9a:62:5e:4a:46:60:
         37:a0:ad:7d:dc:78:fc:68:1d:e8:4e:0f:58:bd:a0:2c:20:5a:
         96:42:85:50:96:b9:dd:0e:45:9f:78:10:ed:cd:23:63:75:1d:
         9d:14:35:68:9c:7d:f1:2e:e3:0c:e2:62:b4:fa:7e:1e:0c:eb:
         0a:7d:55:73:94:3d:d2:75:21:02:51:66:e2:62:e6:58:f7:b5:
         71:e7:c1:2e:71:b8:72:59:b3:ff:e7:47:65:1b:12:ed:e6:c6:
         a7:d1:15:1e:54:19:b7:25:ef:55:ef:8c:a3:8c:3e:6d:ca:8f:
         57:f9:5e:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUImwQgVW8FE5n3RA+2TJlqfWGxJAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNWJjNjUyODMxM2NmYWQyY2Q3ZjAxMmVjNGNhOTU3ZDJm
ODRiMmFjNjU1NjZiNWRmYTM5Yzg2YjNlZjczZmY2MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCf9G0Q4KIn8wgdbK0j3414+NhBnV38FW1vob+EuhbyRECT
0sPU5fvimfCPR+vSsnmQqG8XLDCE92oOZFonHIRlt+1NRuGzRC2ZpDWcPojdj4fI
lUoEjAjXvroJIZIxxt4p2rThujnKbehGUkWrELyYA8l2z50toixvNEmOrp4Np1u1
GUqPGhw6V22F/pxvyvKoI8JEIc7Y1zMlTePNh+H/e1kKXqk94SaRWsA8MUH/hwB6
NACb77DkHxVo9Qfnta1nxCc7Y5EtHs/eC34M891ifkALO+EIN2LSEqdYjAf1zYau
1dnjnFkIc7bPefJTctqbAL7BABSO1z3mM7CIUiy9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4Byr+RsKqZN0O756T9IJ57UNC34wHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2I5YmZkMjRlLTdjNmEtNDRhNi1hZGNmLWQ0N2I0N2Y4ZmVlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARM37AwDQYJKoZIhvcNAQELBQADggEBAI1wTPFzJP/pT3ClTFPalJpDImsy
koXrDbxVHnOJC83cLoM5jEl5vaaCHvkJ14BXRqGqLdaeTtd93vMDvoXnl6b1uRki
uP0z/4UUVxd1jH2QFXaYBVVxXwPZeXnG3RQ4YkB399IUzGeiXsFrQACu/o9j4hoI
xGNpiF1BQOKkUkEk5C5bqE0oWpVtqZpiXkpGYDegrX3cePxoHehOD1i9oCwgWpZC
hVCWud0ORZ94EO3NI2N1HZ0UNWicffEu4wziYrT6fh4M6wp9VXOUPdJ1IQJRZuJi
5lj3tXHnwS5xuHJZs//nR2UbEu3mxqfRFR5UGbcl71XvjKOMPm3Kj1f5XgU=
-----END CERTIFICATE-----