Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/ed18571a-4a75-4e37-8b5e-0d14afc7eaac.roa
File:                     ed18571a-4a75-4e37-8b5e-0d14afc7eaac.roa (raw, json)
Hash identifier:          Wa3tLWwUBe5kc2I7YWT73yggesGfBi1gN/QNRJolu9o=
Subject key identifier:   9F:5B:48:1A:A8:E5:6C:67:98:38:C6:6C:25:08:FF:CE:12:06:47:44
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       380FB6641D88145651D1E65483CF9A812CB1E842
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/ed18571a-4a75-4e37-8b5e-0d14afc7eaac.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     35916
IP address blocks:        43.226.24.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:0f:b6:64:1d:88:14:56:51:d1:e6:54:83:cf:9a:81:2c:b1:e8:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c2:a7:7f:09:71:35:6e:74:e6:fa:63:54:c9:
                    d8:df:f4:cb:67:b1:a2:f6:c2:ea:3a:de:c7:51:20:
                    94:10:22:f9:ae:d9:27:fb:84:87:5b:5f:85:a8:27:
                    12:96:0d:97:9c:7f:96:d1:7a:6d:40:11:6d:70:42:
                    c9:a9:ac:ee:ba:e1:22:51:c1:a3:fa:c2:eb:5b:ff:
                    52:8d:0e:3f:5c:be:32:f8:1e:5f:3d:75:72:d9:13:
                    ee:ee:ec:db:f9:09:35:a1:1c:e1:a1:5a:5c:e3:7d:
                    83:36:f5:b2:8a:d5:93:7a:5b:27:c1:77:e4:f2:92:
                    e7:fc:3e:97:26:0f:c7:be:60:70:cf:ce:de:8f:ec:
                    ee:25:73:13:35:64:9c:12:4f:c5:88:60:4d:ca:76:
                    3c:8d:6a:c6:c5:ac:74:e0:4b:5f:b4:f9:28:b7:c1:
                    e0:57:ce:2f:cd:99:74:69:a8:fd:dd:48:65:a0:bd:
                    87:20:10:64:2b:e1:32:83:96:b8:06:62:a4:db:d0:
                    48:24:a2:cd:59:c0:b9:ec:bc:14:b5:62:75:4c:c6:
                    38:09:5a:a7:7c:ed:13:92:2b:eb:48:78:b1:6d:26:
                    7b:db:00:5a:39:c9:cc:ee:cd:9c:b8:f4:d3:61:b5:
                    15:cd:07:2b:16:27:6e:74:37:27:76:18:a6:2f:63:
                    db:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:5B:48:1A:A8:E5:6C:67:98:38:C6:6C:25:08:FF:CE:12:06:47:44
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/ed18571a-4a75-4e37-8b5e-0d14afc7eaac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:45:e8:29:89:4b:5b:28:08:ed:f4:c2:d1:43:fe:7b:26:0a:
         fe:7d:f1:9c:2e:4a:a3:8e:22:59:52:39:7d:70:6c:0d:47:26:
         cb:da:5f:4e:c5:e1:4e:58:a8:f8:a5:a8:0e:9c:87:c4:38:d2:
         d8:3a:32:7c:86:5a:19:4d:48:c1:37:1b:f9:99:c0:65:c4:11:
         8b:a5:09:35:e9:fa:9d:f8:02:c1:ba:d4:7e:2c:a6:02:58:a5:
         38:18:7d:66:6b:c2:98:8b:db:1d:53:b1:c7:9b:2d:52:31:c2:
         7b:b7:b5:ba:54:4e:23:0b:c4:ca:3a:95:61:f1:c1:d6:ef:88:
         a2:96:cd:ae:4c:98:f4:e0:d0:88:a4:9f:d9:e2:bc:c3:c2:33:
         1f:77:04:45:2a:37:a6:ae:04:f3:5d:74:45:ea:c2:d6:ca:e3:
         9e:be:c7:c4:8c:9d:c0:4a:69:dc:c9:da:12:3a:3b:8e:b4:86:
         32:22:20:97:34:41:82:02:71:f6:80:6f:db:ad:ea:dd:cb:aa:
         bb:03:b7:86:86:3f:ea:34:5e:07:cc:ec:fe:f0:2c:c3:f3:c9:
         3a:95:c2:59:b2:91:b8:da:2a:90:13:f7:dc:17:ab:40:60:fe:
         17:c5:24:e8:03:2e:13:a7:52:85:42:ce:b3:37:55:b2:ca:4f:
         fd:da:26:80
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOA+2ZB2IFFZR0eZUg8+agSyx6EIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTQ1YmE2NzU0Y2E1OTgyZTg4OTcwMjVmMDJlZmUwYjYx
Zjg4ZjVjZTM5MWRjZWIwY2VkMjUwZWQ1NWFmOGNmMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChwqd/CXE1bnTm+mNUydjf9MtnsaL2wuo63sdRIJQQIvmu
2Sf7hIdbX4WoJxKWDZecf5bRem1AEW1wQsmprO664SJRwaP6wutb/1KNDj9cvjL4
Hl89dXLZE+7u7Nv5CTWhHOGhWlzjfYM29bKK1ZN6WyfBd+Tykuf8PpcmD8e+YHDP
zt6P7O4lcxM1ZJwST8WIYE3KdjyNasbFrHTgS1+0+Si3weBXzi/NmXRpqP3dSGWg
vYcgEGQr4TKDlrgGYqTb0Egkos1ZwLnsvBS1YnVMxjgJWqd87ROSK+tIeLFtJnvb
AFo5yczuzZy49NNhtRXNBysWJ250Nyd2GKYvY9u9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn1tIGqjlbGeYOMZsJQj/zhIGR0QwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzL2VkMTg1NzFhLTRhNzUtNGUzNy04YjVlLTBkMTRhZmM3ZWFhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIr4hgwDQYJKoZIhvcNAQELBQADggEBADFF6CmJS1soCO30wtFD/nsmCv59
8ZwuSqOOIllSOX1wbA1HJsvaX07F4U5YqPilqA6ch8Q40tg6MnyGWhlNSME3G/mZ
wGXEEYulCTXp+p34AsG61H4spgJYpTgYfWZrwpiL2x1TscebLVIxwnu3tbpUTiML
xMo6lWHxwdbviKKWza5MmPTg0Iikn9nivMPCMx93BEUqN6auBPNddEXqwtbK456+
x8SMncBKadzJ2hI6O460hjIiIJc0QYICcfaAb9ut6t3LqrsDt4aGP+o0XgfM7P7w
LMPzyTqVwlmykbjaKpAT99wXq0Bg/hfFJOgDLhOnUoVCzrM3VbLKT/3aJoA=
-----END CERTIFICATE-----