Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/d5bcdba4-b39f-49d7-81da-145442d6f180.roa
File:                     d5bcdba4-b39f-49d7-81da-145442d6f180.roa (raw, json)
Hash identifier:          cVY33U5Tw7UEyj5eQvUJKb1CmLiJr0DPjxxKlnhl2sM=
Subject key identifier:   18:56:B4:54:9D:A8:09:4E:0D:35:D0:9B:E1:CD:6F:FA:3D:D6:10:B9
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       26309CF8C34F4B225BF0D821111C1FE7B1F216AB
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/d5bcdba4-b39f-49d7-81da-145442d6f180.roa
Signing time:             Mon 17 Mar 2025 15:10:15 +0000
ROA not before:           Mon 17 Mar 2025 15:10:15 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.177.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:30:9c:f8:c3:4f:4b:22:5b:f0:d8:21:11:1c:1f:e7:b1:f2:16:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Mar 17 15:10:15 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:84:d8:60:9a:f1:a8:ab:d9:8d:93:e2:09:8b:
                    d0:cc:dd:14:4c:77:f7:c2:c7:01:7b:c3:bf:f8:f6:
                    5e:20:ab:89:19:44:01:fa:d0:fd:b1:02:3d:a6:40:
                    eb:cf:5e:19:72:70:1a:f3:ed:25:47:87:41:ac:3b:
                    02:2e:c3:15:be:b5:54:9b:95:7c:0c:ae:09:c1:63:
                    2f:2d:73:d2:d0:96:95:a4:22:9a:ea:bd:51:b0:81:
                    52:f0:dc:e1:ff:16:85:9e:a6:b6:36:23:bd:78:86:
                    b9:75:5c:b1:e4:b7:bd:8e:35:1e:32:23:ca:0e:17:
                    7b:2e:de:5f:94:e8:30:67:1c:3c:b1:3c:4a:d9:03:
                    55:11:15:ce:cd:44:f7:49:a5:a8:0f:eb:db:ed:e7:
                    a0:fa:2c:bc:1b:43:93:aa:e0:1d:77:47:24:f6:8d:
                    a0:7d:ac:56:93:d7:88:71:98:fc:dc:08:51:8c:2e:
                    e2:15:ca:48:32:a7:dd:f8:b2:65:23:d5:57:4c:e4:
                    65:95:e1:89:04:87:72:08:17:74:1b:0d:22:fb:3b:
                    bb:89:02:c1:af:c7:7a:4f:ee:6d:31:5e:19:ff:70:
                    38:34:29:f4:49:25:2d:3c:98:fc:90:ad:35:e5:31:
                    c4:14:59:70:df:58:82:c5:5f:26:63:7e:7b:58:c1:
                    61:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:56:B4:54:9D:A8:09:4E:0D:35:D0:9B:E1:CD:6F:FA:3D:D6:10:B9
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/d5bcdba4-b39f-49d7-81da-145442d6f180.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:fd:c6:ee:9e:34:f7:5c:bf:88:86:09:f7:7f:7d:cc:c4:bb:
         61:e3:5b:6c:d5:c0:16:f2:bd:48:9c:69:bd:36:3f:e8:58:bb:
         d8:3c:12:9d:4e:c8:01:7e:15:59:83:de:f7:80:93:59:2c:90:
         ea:57:35:09:52:ac:ca:6c:91:ea:df:2f:c8:10:5e:86:ad:38:
         18:51:f3:39:8c:da:b9:fd:d0:6c:86:00:64:81:7c:b4:d1:87:
         2f:36:27:88:51:b6:59:6e:57:ae:d3:4a:4d:7d:20:b8:63:09:
         c2:12:a7:00:f0:95:6a:9e:61:cf:ce:87:da:73:66:0b:2b:86:
         83:48:b9:9b:a7:04:3f:b6:d1:1e:0a:f1:16:c1:03:16:ea:d6:
         52:12:3d:4a:fb:77:db:da:67:e1:12:d9:77:fd:26:51:ce:c3:
         7e:cf:32:4d:ef:79:68:92:e2:cb:24:a8:a0:4a:0b:44:57:00:
         d9:4b:69:c7:bd:c7:1c:e3:3e:57:64:04:2b:07:39:13:fd:f9:
         63:f6:53:ef:db:37:e2:26:d1:1b:a6:77:d4:e7:ca:5b:98:3a:
         1c:67:b2:7f:fa:e4:d3:62:80:7d:f2:be:ed:51:9e:aa:1a:23:
         6d:c7:ff:a2:60:85:4f:79:72:f3:2e:51:87:5f:9f:f6:c3:25:
         67:75:54:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJjCc+MNPSyJb8NghERwf57HyFqswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMzE3MTUxMDE1WhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzEyNGRkYjlkOTMzN2JlN2MwMzk1ZjdmOTUwODk5MTVh
ZDc4N2M2NmFjOWQyNTg4ZjNlZDJhYTVkNzM5YWI4MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVhNhgmvGoq9mNk+IJi9DM3RRMd/fCxwF7w7/49l4gq4kZ
RAH60P2xAj2mQOvPXhlycBrz7SVHh0GsOwIuwxW+tVSblXwMrgnBYy8tc9LQlpWk
IprqvVGwgVLw3OH/FoWeprY2I714hrl1XLHkt72ONR4yI8oOF3su3l+U6DBnHDyx
PErZA1URFc7NRPdJpagP69vt56D6LLwbQ5Oq4B13RyT2jaB9rFaT14hxmPzcCFGM
LuIVykgyp934smUj1VdM5GWV4YkEh3IIF3QbDSL7O7uJAsGvx3pP7m0xXhn/cDg0
KfRJJS08mPyQrTXlMcQUWXDfWILFXyZjfntYwWH5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGFa0VJ2oCU4NNdCb4c1v+j3WELkwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2Q1YmNkYmE0LWIzOWYtNDlkNy04MWRhLTE0NTQ0MmQ2ZjE4MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM37EwDQYJKoZIhvcNAQELBQADggEBAEj9xu6eNPdcv4iGCfd/fczEu2Hj
W2zVwBbyvUicab02P+hYu9g8Ep1OyAF+FVmD3veAk1kskOpXNQlSrMpskerfL8gQ
XoatOBhR8zmM2rn90GyGAGSBfLTRhy82J4hRtlluV67TSk19ILhjCcISpwDwlWqe
Yc/Oh9pzZgsrhoNIuZunBD+20R4K8RbBAxbq1lISPUr7d9vaZ+ES2Xf9JlHOw37P
Mk3veWiS4sskqKBKC0RXANlLace9xxzjPldkBCsHORP9+WP2U+/bN+Im0Rumd9Tn
yluYOhxnsn/65NNigH3yvu1RnqoaI23H/6JghU95cvMuUYdfn/bDJWd1VC4=
-----END CERTIFICATE-----