Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/489cdb18-6016-483e-b62b-3308ae359f13.roa
File:                     489cdb18-6016-483e-b62b-3308ae359f13.roa (raw, json)
Hash identifier:          lxX2zt6/gqqOBC+n13dnv8vXe3Vo5U1RcR2ZLxAcmgc=
Subject key identifier:   25:40:EA:74:D5:F4:9A:35:C8:95:C1:0B:DE:BE:A7:C2:8B:4C:53:5E
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       15039E4503DF203BC0A9B6C2F5F6843F99AD0478
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/489cdb18-6016-483e-b62b-3308ae359f13.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        205.172.176.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:03:9e:45:03:df:20:3b:c0:a9:b6:c2:f5:f6:84:3f:99:ad:04:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c0:5a:c8:36:fb:40:9b:81:dc:74:27:8a:1d:
                    f1:db:b5:1d:8f:78:86:ab:03:8e:4c:75:22:66:6e:
                    99:7c:1d:51:e4:9b:b3:9b:99:36:a9:7c:49:98:d9:
                    20:2e:b6:42:61:d6:45:db:d3:d1:24:b5:73:bc:7a:
                    4a:d6:b4:d9:dd:66:d3:1b:a1:2d:b8:cd:fc:6a:9d:
                    05:33:0f:24:d9:97:6a:3a:15:2c:dc:ab:42:9b:9c:
                    06:66:69:e9:df:75:d8:09:f6:b5:42:0f:8d:f7:ae:
                    81:b9:6f:bc:ce:3a:51:eb:f2:71:46:a1:04:ab:7c:
                    7f:e5:c9:73:1d:6b:c5:72:66:1d:14:48:21:03:97:
                    e9:35:e8:6b:36:ca:b0:d8:a5:80:5e:15:8c:59:a1:
                    eb:63:5d:ce:16:f1:f6:d0:5b:8e:54:4c:95:29:95:
                    d2:a5:75:47:ad:89:95:e7:40:2f:cc:4d:d8:4c:42:
                    37:f7:ae:c5:d6:52:01:7a:cf:9f:db:49:e7:ec:84:
                    d2:7b:51:86:24:5e:ff:04:77:07:4e:9e:04:ae:6b:
                    a6:ec:20:6a:e4:dc:5e:a0:3c:d0:55:24:80:62:30:
                    3f:0b:18:67:05:90:68:6c:e8:14:18:d2:e4:30:1f:
                    65:2d:33:0e:de:14:82:bc:92:a4:61:75:c7:79:f6:
                    da:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:40:EA:74:D5:F4:9A:35:C8:95:C1:0B:DE:BE:A7:C2:8B:4C:53:5E
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/489cdb18-6016-483e-b62b-3308ae359f13.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.172.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:ec:41:7a:60:5b:05:53:9a:eb:d8:00:c1:88:70:5c:6c:0f:
         7e:98:70:6b:d7:2e:7d:57:99:74:33:a6:29:62:08:73:0b:d9:
         04:36:65:a6:4d:80:43:01:49:87:af:3d:70:26:e1:3f:c5:87:
         84:a3:6f:ad:f0:30:a6:eb:27:d2:92:c5:27:c1:db:c3:db:59:
         1b:fb:fa:6a:e9:4d:99:53:b8:a8:59:c5:35:da:98:fd:57:4d:
         35:c9:d9:05:0b:5a:06:bb:b8:f8:59:42:a5:bf:03:89:09:14:
         81:16:69:e3:41:64:84:da:35:d1:dc:10:2d:99:af:28:c8:da:
         aa:a5:b2:4c:c2:48:15:ed:3e:2e:c0:95:c2:d6:c9:3c:fe:0f:
         38:c9:e8:15:c4:af:c1:3b:a6:cf:91:a6:e6:bb:ef:b3:fc:bd:
         7d:fd:63:d9:5c:31:94:2a:7d:b4:d3:0e:bf:be:44:e3:d8:6c:
         83:b6:d6:96:18:d0:24:88:33:6c:8e:b2:94:14:f9:54:b7:a9:
         1e:0a:80:5f:e9:e9:72:46:79:77:e6:b7:d1:62:f3:83:31:43:
         96:e1:fa:ca:34:7f:4d:8a:74:0d:64:39:92:35:d8:98:15:9d:
         80:d5:60:0c:c8:1d:ce:ab:aa:fa:bb:f9:b0:1f:d9:1c:6a:07:
         eb:45:89:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFQOeRQPfIDvAqbbC9faEP5mtBHgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0N2FlNGQwZDZmNmRlYTJjMjA1ZDUxZDI1NmJjNDUzZmUx
MjY3NWE2MjllZDIyY2EzMjY0OTlhNjExYzM1MGMwMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbwFrINvtAm4HcdCeKHfHbtR2PeIarA45MdSJmbpl8HVHk
m7ObmTapfEmY2SAutkJh1kXb09EktXO8ekrWtNndZtMboS24zfxqnQUzDyTZl2o6
FSzcq0KbnAZmaenfddgJ9rVCD433roG5b7zOOlHr8nFGoQSrfH/lyXMda8VyZh0U
SCEDl+k16Gs2yrDYpYBeFYxZoetjXc4W8fbQW45UTJUpldKldUetiZXnQC/MTdhM
Qjf3rsXWUgF6z5/bSefshNJ7UYYkXv8EdwdOngSua6bsIGrk3F6gPNBVJIBiMD8L
GGcFkGhs6BQY0uQwH2UtMw7eFIK8kqRhdcd59tohAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJUDqdNX0mjXIlcEL3r6nwotMU14wHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzQ4OWNkYjE4LTYwMTYtNDgzZS1iNjJiLTMzMDhhZTM1OWYxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALNrLAwDQYJKoZIhvcNAQELBQADggEBAETsQXpgWwVTmuvYAMGIcFxsD36Y
cGvXLn1XmXQzpiliCHML2QQ2ZaZNgEMBSYevPXAm4T/Fh4Sjb63wMKbrJ9KSxSfB
28PbWRv7+mrpTZlTuKhZxTXamP1XTTXJ2QULWga7uPhZQqW/A4kJFIEWaeNBZITa
NdHcEC2ZryjI2qqlskzCSBXtPi7AlcLWyTz+DzjJ6BXEr8E7ps+Rpua777P8vX39
Y9lcMZQqfbTTDr++ROPYbIO21pYY0CSIM2yOspQU+VS3qR4KgF/p6XJGeXfmt9Fi
84MxQ5bh+so0f02KdA1kOZI12JgVnYDVYAzIHc6rqvq7+bAf2RxqB+tFiaA=
-----END CERTIFICATE-----