Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/1494cd34-0bab-4b0b-bbcb-a51681ce1458.roa
File:                     1494cd34-0bab-4b0b-bbcb-a51681ce1458.roa (raw, json)
Hash identifier:          gUg7ccmcaTZxMMjSn5hfOqSvCJMIM/1IutgYQWdh5vc=
Subject key identifier:   59:8F:0E:77:AD:87:B3:15:3D:7F:20:0E:DC:A7:96:FA:5B:C9:36:6D
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       02F6B8E111A131A2CE7B838C0BC4559E56DC6EA4
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/1494cd34-0bab-4b0b-bbcb-a51681ce1458.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     395681
IP address blocks:        23.234.195.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:f6:b8:e1:11:a1:31:a2:ce:7b:83:8c:0b:c4:55:9e:56:dc:6e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d7:34:a5:6e:f3:72:b7:5e:ef:f0:cc:cc:7b:
                    7c:c7:a3:f7:02:6b:a0:44:22:d5:c6:78:2b:d0:e7:
                    a4:e9:4b:9a:37:d3:6a:8f:0a:14:dd:ac:8f:04:02:
                    ab:93:de:8f:57:38:b6:c8:27:7c:6a:b3:2c:c6:b7:
                    85:06:cf:41:60:d7:8d:3a:a1:0a:a6:60:41:9b:51:
                    7a:fa:8f:a8:c1:35:39:16:24:33:93:2b:e8:aa:67:
                    2c:68:ea:d4:d3:35:24:cc:f5:9d:2e:28:05:e8:85:
                    ed:b6:da:b6:5e:87:17:90:f8:6a:5a:0a:0e:5c:7d:
                    23:d4:0a:10:ce:5b:1f:c5:0e:72:e2:e9:7d:25:a9:
                    39:a8:c5:0f:6e:8d:20:a8:03:5d:28:55:9d:52:4a:
                    b6:0b:2d:ee:e0:62:29:92:20:a7:85:fc:b4:89:af:
                    42:54:02:df:9a:d2:c0:98:d0:3f:62:8d:32:a0:a7:
                    04:c5:c4:af:96:80:d0:2c:08:5f:91:8b:8e:b7:0c:
                    04:c3:d8:fd:a5:3d:be:ac:4c:00:4a:44:4e:53:81:
                    87:b8:f6:2c:59:55:c7:12:9f:a1:f7:8f:09:37:51:
                    45:6c:0a:da:e7:d5:ae:74:e5:cd:ef:49:28:66:11:
                    86:39:f6:a2:e1:dc:76:0a:36:98:34:92:e7:cb:7d:
                    e7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:8F:0E:77:AD:87:B3:15:3D:7F:20:0E:DC:A7:96:FA:5B:C9:36:6D
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/1494cd34-0bab-4b0b-bbcb-a51681ce1458.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.234.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:90:a1:b5:ce:76:a6:c2:10:2b:ec:c5:40:99:ef:8e:c6:bd:
         da:3e:24:a2:f6:02:96:8b:88:a9:06:a7:76:1f:5f:e5:45:59:
         06:8b:bf:c3:32:e5:7e:21:81:59:0c:eb:be:9c:f3:ed:b5:ca:
         dc:00:07:c7:64:3b:47:38:7c:e8:b1:1b:fc:7a:b4:ad:1f:62:
         87:36:5d:db:bc:9e:46:1d:19:0b:3b:a3:cf:e2:4a:69:d7:5b:
         71:a8:55:a7:8a:d4:bb:cd:4b:30:eb:59:a9:30:d6:98:c9:0e:
         f1:c4:7a:14:de:16:de:14:ee:93:49:57:82:d5:e8:9f:f7:4d:
         9f:3e:ac:4b:f2:3b:72:aa:f8:e5:95:13:3a:07:39:ee:45:e6:
         dc:98:f0:47:97:38:23:a8:4a:52:ce:11:0b:93:44:c6:27:14:
         5b:43:a1:c1:cd:03:70:05:17:38:3e:56:bf:b8:39:f0:cd:58:
         b8:fe:59:84:76:fe:53:52:f3:14:7b:75:83:88:4b:13:f1:aa:
         75:4f:1a:59:e0:22:7a:b2:6e:8d:ce:59:12:38:c2:cd:80:39:
         56:f2:40:9d:8c:27:51:39:f8:42:6c:56:04:e2:62:2c:0a:7f:
         a9:a1:2f:11:ee:c6:02:7d:96:38:46:7b:d2:3d:65:e7:ae:21:
         3c:da:71:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAva44RGhMaLOe4OMC8RVnlbcbqQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjRmN2U5MjA4MjFkMTg3YzM2YWRjMTFjOGJkNjc2Nzkz
MzFjYmM3MTc0NDZmYmJmZDhmN2JmM2FlMDdiZDhhMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCY1zSlbvNyt17v8MzMe3zHo/cCa6BEItXGeCvQ56TpS5o3
02qPChTdrI8EAquT3o9XOLbIJ3xqsyzGt4UGz0Fg1406oQqmYEGbUXr6j6jBNTkW
JDOTK+iqZyxo6tTTNSTM9Z0uKAXohe222rZehxeQ+GpaCg5cfSPUChDOWx/FDnLi
6X0lqTmoxQ9ujSCoA10oVZ1SSrYLLe7gYimSIKeF/LSJr0JUAt+a0sCY0D9ijTKg
pwTFxK+WgNAsCF+Ri463DATD2P2lPb6sTABKRE5TgYe49ixZVccSn6H3jwk3UUVs
Ctrn1a505c3vSShmEYY59qLh3HYKNpg0kufLfeejAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWY8Od62HsxU9fyAO3KeW+lvJNm0wHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzE0OTRjZDM0LTBiYWItNGIwYi1iYmNiLWE1MTY4MWNlMTQ1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX6sMwDQYJKoZIhvcNAQELBQADggEBAHqQobXOdqbCECvsxUCZ747Gvdo+
JKL2ApaLiKkGp3YfX+VFWQaLv8My5X4hgVkM676c8+21ytwAB8dkO0c4fOixG/x6
tK0fYoc2Xdu8nkYdGQs7o8/iSmnXW3GoVaeK1LvNSzDrWakw1pjJDvHEehTeFt4U
7pNJV4LV6J/3TZ8+rEvyO3Kq+OWVEzoHOe5F5tyY8EeXOCOoSlLOEQuTRMYnFFtD
ocHNA3AFFzg+Vr+4OfDNWLj+WYR2/lNS8xR7dYOISxPxqnVPGlngInqybo3OWRI4
ws2AOVbyQJ2MJ1E5+EJsVgTiYiwKf6mhLxHuxgJ9ljhGe9I9ZeeuITzacVA=
-----END CERTIFICATE-----