Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/32455956-13c0-46bb-a8e9-260aa92255fe.roa
File:                     32455956-13c0-46bb-a8e9-260aa92255fe.roa (raw, json)
Hash identifier:          t0/7LpvX4NbJXC+9PY+jZqrGt+389+mOaCZjKc1UGL8=
Subject key identifier:   A1:7B:DD:48:06:A6:F0:D7:B7:7E:4D:E4:C3:F5:DF:E0:4D:52:37:1D
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       69C2C229760811807FAB66F777E9A79EF983BA05
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/32455956-13c0-46bb-a8e9-260aa92255fe.roa
Signing time:             Wed 16 Oct 2024 00:00:00 +0000
ROA not before:           Wed 16 Oct 2024 00:00:00 +0000
ROA not after:            Wed 20 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        23.251.240.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:c2:c2:29:76:08:11:80:7f:ab:66:f7:77:e9:a7:9e:f9:83:ba:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Oct 16 00:00:00 2024 GMT
            Not After : Nov 20 23:59:59 2024 GMT
        Subject: serialNumber=9f4368dd13cdf221ddebf102e1d5868efd678569ace4e10d48d5e4309df38ff7, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:43:0a:7a:09:d1:52:0d:09:4b:a1:7b:14:39:
                    65:72:ce:58:14:1d:91:c4:54:1f:c5:91:c9:5b:20:
                    f0:4a:f6:09:a2:09:6c:ec:b7:3e:46:fe:e3:c5:23:
                    f6:7f:aa:8a:3a:81:93:3c:20:34:3e:bf:75:d7:35:
                    3e:5f:c1:cf:b7:8a:b4:a4:a9:9d:bd:42:41:7c:b8:
                    d2:de:69:e8:60:14:60:00:83:f1:7a:4a:e0:8d:41:
                    c1:cb:e6:58:0b:c1:8d:94:1c:d9:e9:a0:3c:82:50:
                    0a:65:8a:c0:4b:cc:b8:62:62:4e:d7:23:39:65:19:
                    7a:c9:76:dd:a9:a9:5f:58:2d:aa:3d:4e:47:2f:21:
                    07:19:d7:1e:31:6b:1c:eb:e2:a7:33:98:5c:69:e9:
                    c3:f5:ba:70:07:26:56:3c:4c:17:1b:dc:29:4b:2e:
                    c6:96:26:98:2d:9d:0e:06:82:9f:62:83:33:ca:e9:
                    43:bb:01:ad:da:d0:54:36:f1:c1:b4:7c:09:13:d7:
                    01:d5:ad:64:96:c4:1d:12:84:ea:f3:ed:27:35:b6:
                    b2:22:7d:75:35:9e:e0:40:70:b4:f9:d8:8f:ef:e8:
                    ef:e2:ce:2d:20:8c:6f:53:20:13:14:75:d7:0f:39:
                    f3:14:63:d1:c4:99:bd:af:6f:1e:88:c4:b2:96:55:
                    b1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:7B:DD:48:06:A6:F0:D7:B7:7E:4D:E4:C3:F5:DF:E0:4D:52:37:1D
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/32455956-13c0-46bb-a8e9-260aa92255fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:b4:c3:b7:17:01:02:27:08:30:50:16:c4:51:cb:8a:f4:76:
         14:45:9f:5d:82:5b:75:b1:97:7e:f5:ef:61:28:a4:63:db:bc:
         c4:92:86:87:6e:0c:96:5e:61:63:6a:e2:e6:df:fc:f2:c0:46:
         34:96:57:11:34:0c:9e:21:49:c4:2b:d5:7b:3b:b5:cb:c1:1b:
         5f:76:36:bf:d7:80:1a:cc:88:35:86:c2:74:85:f9:90:15:4f:
         dd:c4:c6:7f:72:f8:76:29:35:b9:b3:fa:2d:7b:0c:d5:c9:17:
         cd:29:d1:c6:ce:4f:da:91:cc:35:96:40:d9:af:ba:b6:9b:ed:
         ae:15:79:db:42:2e:90:54:ce:9e:ee:4f:d9:de:4a:07:7c:91:
         2f:8f:6e:a3:d8:dd:b3:30:78:21:c6:f8:a2:c4:18:ce:1f:0c:
         31:2d:ca:7e:5f:be:22:96:3e:8d:29:fb:e5:8c:54:b8:d1:2f:
         e1:c8:5a:92:0b:e9:47:20:32:f9:f0:90:68:05:e2:3f:fd:9a:
         c8:a2:97:ca:76:ff:8f:4e:14:a4:85:79:2f:23:a1:7d:62:bb:
         e4:b9:42:f0:6d:71:44:bd:6f:73:5c:55:a8:59:9e:1f:26:57:
         27:2b:24:b4:6e:91:1a:16:62:90:94:88:23:b5:22:8d:3a:00:
         f1:ea:d4:d0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUacLCKXYIEYB/q2b3d+mnnvmDugUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMDE2MDAwMDAwWhcNMjQxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjQzNjhkZDEzY2RmMjIxZGRlYmYxMDJlMWQ1ODY4ZWZk
Njc4NTY5YWNlNGUxMGQ0OGQ1ZTQzMDlkZjM4ZmY3MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKQwp6CdFSDQlLoXsUOWVyzlgUHZHEVB/FkclbIPBK9gmi
CWzstz5G/uPFI/Z/qoo6gZM8IDQ+v3XXNT5fwc+3irSkqZ29QkF8uNLeaehgFGAA
g/F6SuCNQcHL5lgLwY2UHNnpoDyCUAplisBLzLhiYk7XIzllGXrJdt2pqV9YLao9
TkcvIQcZ1x4xaxzr4qczmFxp6cP1unAHJlY8TBcb3ClLLsaWJpgtnQ4Ggp9igzPK
6UO7Aa3a0FQ28cG0fAkT1wHVrWSWxB0ShOrz7Sc1trIifXU1nuBAcLT52I/v6O/i
zi0gjG9TIBMUddcPOfMUY9HEmb2vbx6IxLKWVbH/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoXvdSAam8Ne3fk3kw/Xf4E1SNx0wHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzMyNDU1OTU2LTEzYzAtNDZiYi1hOGU5LTI2MGFhOTIyNTVmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEX+/AwDQYJKoZIhvcNAQELBQADggEBAGO0w7cXAQInCDBQFsRRy4r0dhRF
n12CW3Wxl37172EopGPbvMSShoduDJZeYWNq4ubf/PLARjSWVxE0DJ4hScQr1Xs7
tcvBG192Nr/XgBrMiDWGwnSF+ZAVT93Exn9y+HYpNbmz+i17DNXJF80p0cbOT9qR
zDWWQNmvurab7a4VedtCLpBUzp7uT9neSgd8kS+PbqPY3bMweCHG+KLEGM4fDDEt
yn5fviKWPo0p++WMVLjRL+HIWpIL6UcgMvnwkGgF4j/9msiil8p2/49OFKSFeS8j
oX1iu+S5QvBtcUS9b3NcVahZnh8mVycrJLRukRoWYpCUiCO1Io06APHq1NA=
-----END CERTIFICATE-----