Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a554833-7334-4e02-8426-138572f3d41a.roa
File:                     8a554833-7334-4e02-8426-138572f3d41a.roa (raw, json)
Hash identifier:          qmLd3VJphX1u27uNpG5eF1bXkZESM4mdN1C5++AaF2I=
Subject key identifier:   68:4F:0A:CA:EC:C5:3D:37:88:7C:34:5B:74:D8:5B:0F:35:06:3C:AD
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       2B36E63D8D3107697057BB8B1509487925E647D0
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a554833-7334-4e02-8426-138572f3d41a.roa
Signing time:             Mon 17 Mar 2025 15:00:13 +0000
ROA not before:           Mon 17 Mar 2025 15:00:13 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        23.249.217.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:36:e6:3d:8d:31:07:69:70:57:bb:8b:15:09:48:79:25:e6:47:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Mar 17 15:00:13 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6b:22:4d:b4:01:18:95:91:51:5d:5f:fd:d1:
                    68:2f:6a:25:ef:95:0e:16:58:bc:9d:6b:84:4a:a2:
                    a4:c0:08:2d:8e:3a:af:1c:2c:4c:5e:2c:ff:e1:18:
                    8a:e2:29:e0:d3:15:0d:db:2b:78:8f:22:ee:b6:26:
                    e2:75:71:1b:80:85:12:81:7d:b3:cf:2b:bf:95:68:
                    c2:1a:00:28:c5:32:6c:f0:8f:a3:4e:7a:9c:40:32:
                    06:20:4f:37:81:64:ba:97:51:00:20:bc:11:58:2d:
                    9f:5d:49:05:4f:c1:75:ab:0e:60:7a:5c:26:5d:86:
                    5a:b3:a9:43:af:61:01:21:fa:a5:5d:12:e2:1f:97:
                    a0:56:e8:7b:8e:5b:5a:e3:60:de:92:60:9c:01:a3:
                    c1:fe:b1:66:da:c1:cd:ef:a6:01:6e:c1:e1:17:2b:
                    aa:ff:ce:a9:16:cc:87:d0:0a:9f:a7:eb:05:12:ac:
                    80:3a:f0:01:0e:59:65:71:50:5d:17:cd:b3:2d:7f:
                    bc:ba:11:e9:7a:fa:2e:7c:bb:69:64:f9:03:23:5d:
                    99:c1:c7:7f:34:b8:43:d3:cf:5d:73:dd:d7:ba:74:
                    ed:86:e5:1f:6e:74:b2:c4:1f:dc:3e:2c:52:62:8b:
                    09:37:3e:08:d8:5b:e9:57:84:58:87:e0:dc:31:62:
                    9b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:4F:0A:CA:EC:C5:3D:37:88:7C:34:5B:74:D8:5B:0F:35:06:3C:AD
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a554833-7334-4e02-8426-138572f3d41a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:8b:4a:66:ed:05:d5:8e:c1:78:68:5a:ec:fd:4a:9a:77:c2:
         ee:61:e8:33:b5:40:93:39:ee:4c:d6:29:b1:bc:30:3e:ee:54:
         de:30:fc:2f:57:2b:f4:89:31:88:91:c2:d7:32:c2:a2:f1:f5:
         42:d9:99:32:5f:ce:3c:c0:81:27:b4:ea:70:6b:11:d0:7b:25:
         1e:cd:9b:24:43:a8:da:ba:e9:52:10:5a:52:42:6e:25:51:af:
         e4:e1:97:21:8d:62:45:0c:6b:71:77:d8:40:4a:b5:46:83:d1:
         a3:59:b3:db:cb:6c:c9:02:00:e6:01:74:5d:63:3b:94:c2:af:
         5c:6d:59:d4:c0:66:3f:9e:4c:06:4b:2f:0f:12:d4:c0:ab:05:
         8b:40:e4:57:e4:0e:08:d6:37:e8:42:a6:9f:fc:7f:4c:2e:7d:
         f4:6b:04:ee:2c:6f:90:ff:2b:28:95:81:f4:0b:e7:5d:57:51:
         ef:56:06:82:9c:f0:cf:2b:d1:10:bc:c8:46:b8:c9:2d:9a:8e:
         4f:a7:b7:5e:8d:ff:f2:34:a3:01:42:9d:2c:54:65:75:10:99:
         9d:56:90:c5:d4:06:30:e7:98:8f:4d:07:41:50:f8:2c:84:57:
         97:df:cf:1b:3a:1d:2f:88:42:ea:09:e3:6a:89:f2:6d:f3:d5:
         a1:25:c5:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKzbmPY0xB2lwV7uLFQlIeSXmR9AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMzE3MTUwMDEzWhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWFhNjcxZGNiYzZhN2FmN2FkMDljOWJkOTQ4MTBhZmIx
OGIzMWI2NTU0M2RlZjM0N2EwMDIzMjQ1YjEwNTE5MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQayJNtAEYlZFRXV/90WgvaiXvlQ4WWLyda4RKoqTACC2O
Oq8cLExeLP/hGIriKeDTFQ3bK3iPIu62JuJ1cRuAhRKBfbPPK7+VaMIaACjFMmzw
j6NOepxAMgYgTzeBZLqXUQAgvBFYLZ9dSQVPwXWrDmB6XCZdhlqzqUOvYQEh+qVd
EuIfl6BW6HuOW1rjYN6SYJwBo8H+sWbawc3vpgFuweEXK6r/zqkWzIfQCp+n6wUS
rIA68AEOWWVxUF0XzbMtf7y6Eel6+i58u2lk+QMjXZnBx380uEPTz11z3de6dO2G
5R9udLLEH9w+LFJiiwk3PgjYW+lXhFiH4NwxYpuFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaE8KyuzFPTeIfDRbdNhbDzUGPK0wHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzhhNTU0ODMzLTczMzQtNGUwMi04NDI2LTEzODU3MmYzZDQxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+dkwDQYJKoZIhvcNAQELBQADggEBAFqLSmbtBdWOwXhoWuz9Spp3wu5h
6DO1QJM57kzWKbG8MD7uVN4w/C9XK/SJMYiRwtcywqLx9ULZmTJfzjzAgSe06nBr
EdB7JR7NmyRDqNq66VIQWlJCbiVRr+ThlyGNYkUMa3F32EBKtUaD0aNZs9vLbMkC
AOYBdF1jO5TCr1xtWdTAZj+eTAZLLw8S1MCrBYtA5FfkDgjWN+hCpp/8f0wuffRr
BO4sb5D/KyiVgfQL511XUe9WBoKc8M8r0RC8yEa4yS2ajk+nt16N//I0owFCnSxU
ZXUQmZ1WkMXUBjDnmI9NB0FQ+CyEV5ffzxs6HS+IQuoJ42qJ8m3z1aElxRk=
-----END CERTIFICATE-----