Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c8949b2-3b1f-4e63-be1c-18b128989e05.roa
File:                     0c8949b2-3b1f-4e63-be1c-18b128989e05.roa (raw, json)
Hash identifier:          PudjB0UpxeMxDtgee2MtiqaPEmW3EauTRjXAcAMDWvk=
Subject key identifier:   B2:CB:70:3A:EF:D8:89:07:FE:8F:3F:E4:21:1B:80:2D:BD:03:F0:A9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       59190A29B9FB6EB7CF955A2302A4BB099BBEF08D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c8949b2-3b1f-4e63-be1c-18b128989e05.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.176.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:19:0a:29:b9:fb:6e:b7:cf:95:5a:23:02:a4:bb:09:9b:be:f0:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d1:e2:ac:92:00:a3:fc:91:31:a1:d4:bd:f7:
                    2a:e8:ae:f5:73:a3:92:7e:af:94:56:5e:ef:d7:6a:
                    2c:13:f9:de:44:08:a5:15:c2:af:26:eb:cc:b0:02:
                    8e:21:4d:cb:05:ba:d2:64:32:37:e4:60:d0:68:6e:
                    9d:b8:00:38:80:05:63:1d:d6:a5:77:a9:c9:77:f7:
                    cf:b4:91:6e:fb:1c:cf:13:aa:9d:ea:b3:0c:c0:c8:
                    41:46:2a:60:98:a7:7f:db:6e:86:18:5a:91:b1:5d:
                    39:f5:61:ad:2c:1a:51:98:e9:8d:00:93:8b:41:03:
                    58:37:63:39:42:c8:b1:41:f2:e6:12:77:f6:4a:d3:
                    d7:36:bc:70:58:09:d0:52:73:55:ae:23:38:0c:e6:
                    8b:42:41:1b:22:6b:f5:3a:75:5b:ec:38:85:2a:2b:
                    1b:97:85:d2:f6:fd:df:4f:4b:f4:10:73:58:3d:a6:
                    ae:85:e3:88:ab:e4:01:c1:61:ec:07:e1:3c:0c:7f:
                    80:75:e4:78:d0:31:f6:6d:c7:68:9e:6b:c2:85:86:
                    0f:d9:73:9d:41:85:88:3c:ae:a5:48:a4:ba:4e:b8:
                    03:ad:c8:a6:1a:d1:d3:78:03:d6:4e:5d:a6:5b:b6:
                    d6:e8:6c:d0:e9:57:b2:8c:25:88:01:d3:fa:13:04:
                    05:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:CB:70:3A:EF:D8:89:07:FE:8F:3F:E4:21:1B:80:2D:BD:03:F0:A9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c8949b2-3b1f-4e63-be1c-18b128989e05.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b3:79:fa:fe:65:27:f1:e6:27:07:0c:2f:d9:14:ba:4e:0d:8e:
         47:1f:ba:26:35:04:32:b6:12:3d:67:79:5b:8f:2d:26:ae:b6:
         86:6d:dc:c2:b0:42:4c:29:e1:04:b4:b6:51:39:c9:c9:dd:8c:
         1f:7e:b6:16:70:67:5b:5e:85:4f:ab:a3:b7:f7:e7:07:26:d7:
         25:fd:9b:b8:a2:e1:b7:2d:5e:37:56:54:cd:c4:8d:43:be:5e:
         9b:77:20:c3:fa:52:96:59:22:46:90:3b:b3:2b:3e:aa:ac:ed:
         80:fe:b8:4c:d8:1f:4a:73:ed:23:f0:09:1a:ad:14:70:46:c8:
         bb:42:93:17:06:85:08:20:8a:5d:ae:ef:91:ed:fb:19:5c:02:
         0c:9a:98:d4:07:c3:ef:77:ed:c4:56:20:64:57:ff:52:a2:f9:
         be:64:4c:bc:8d:3b:ea:13:32:c6:95:d9:0a:05:5f:0a:ff:12:
         2d:f5:da:e9:e9:46:14:69:45:b8:8d:47:1b:88:52:ff:8d:84:
         71:e9:bf:df:85:29:c1:f9:4f:18:df:b7:6d:35:89:b3:86:41:
         70:6a:54:8e:b6:c9:a0:9b:35:64:94:31:67:fa:1a:6b:7f:e7:
         e3:6f:5c:c5:00:b5:af:d3:ca:82:06:de:f2:26:b9:b4:51:c4:
         8c:68:bd:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWRkKKbn7brfPlVojAqS7CZu+8I0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YTA5OTg3ZWZlNzg2M2FiOTU4ZWIyZDZjZTM1NjVjOTI1
ZGUwN2YxYTZlYzc3MjljM2U1NmYwYmIyYWYyMjM5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu0eKskgCj/JExodS99yrorvVzo5J+r5RWXu/XaiwT+d5E
CKUVwq8m68ywAo4hTcsFutJkMjfkYNBobp24ADiABWMd1qV3qcl398+0kW77HM8T
qp3qswzAyEFGKmCYp3/bboYYWpGxXTn1Ya0sGlGY6Y0Ak4tBA1g3YzlCyLFB8uYS
d/ZK09c2vHBYCdBSc1WuIzgM5otCQRsia/U6dVvsOIUqKxuXhdL2/d9PS/QQc1g9
pq6F44ir5AHBYewH4TwMf4B15HjQMfZtx2iea8KFhg/Zc51BhYg8rqVIpLpOuAOt
yKYa0dN4A9ZOXaZbttbobNDpV7KMJYgB0/oTBAU9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsstwOu/YiQf+jz/kIRuALb0D8KkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBjODk0OWIyLTNiMWYtNGU2My1iZTFjLTE4YjEyODk4OWUwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKW3rAwDQYJKoZIhvcNAQELBQADggEBALN5+v5lJ/HmJwcML9kUuk4Njkcf
uiY1BDK2Ej1neVuPLSautoZt3MKwQkwp4QS0tlE5ycndjB9+thZwZ1tehU+ro7f3
5wcm1yX9m7ii4bctXjdWVM3EjUO+Xpt3IMP6UpZZIkaQO7MrPqqs7YD+uEzYH0pz
7SPwCRqtFHBGyLtCkxcGhQggil2u75Ht+xlcAgyamNQHw+937cRWIGRX/1Ki+b5k
TLyNO+oTMsaV2QoFXwr/Ei312unpRhRpRbiNRxuIUv+NhHHpv9+FKcH5Txjft201
ibOGQXBqVI62yaCbNWSUMWf6Gmt/5+NvXMUAta/TyoIG3vImubRRxIxovQ8=
-----END CERTIFICATE-----