Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/4355f81e-8b7d-4823-952f-1eb1cce10086.roa
File:                     4355f81e-8b7d-4823-952f-1eb1cce10086.roa (raw, json)
Hash identifier:          piUao7/LaWOYDp/xWNdXqUCjC/MCjv3Pxxi70if2Nhs=
Subject key identifier:   93:D8:14:CB:1E:7D:92:4E:FA:74:0D:A8:C7:39:F5:AE:BC:68:BF:C8
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       31D30EF2A9F64445F1909D0B3C52D9F63EA0A794
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/4355f81e-8b7d-4823-952f-1eb1cce10086.roa
Signing time:             Wed 16 Oct 2024 00:00:00 +0000
ROA not before:           Wed 16 Oct 2024 00:00:00 +0000
ROA not after:            Wed 20 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        23.249.210.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:d3:0e:f2:a9:f6:44:45:f1:90:9d:0b:3c:52:d9:f6:3e:a0:a7:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Oct 16 00:00:00 2024 GMT
            Not After : Nov 20 23:59:59 2024 GMT
        Subject: serialNumber=581868cc115bd4507fc3c4b4da1ddc694e3894ee0e110688167247bcc7a28bd7, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:30:92:6d:51:ea:39:02:bc:37:6e:5f:80:38:
                    df:42:46:26:08:ff:dc:70:e1:0a:0a:4b:62:63:ef:
                    7f:7f:c6:05:db:3a:00:8e:c4:68:9d:18:0a:0f:a3:
                    38:c3:ae:7d:81:73:bd:16:a8:fe:5b:2f:51:e3:b7:
                    15:2a:ff:b0:0e:b5:aa:55:4c:21:49:86:3d:18:f9:
                    00:e5:e4:f5:de:46:37:9a:42:19:34:60:20:4e:0e:
                    f8:79:ef:c4:b3:3d:17:b5:f6:ba:6f:2e:67:2d:60:
                    be:a7:4c:a7:59:5b:dd:db:fc:06:e1:48:63:d3:e1:
                    7b:58:06:5a:8c:78:2b:f7:1f:ec:f4:17:2c:5e:e4:
                    c1:f2:2e:df:56:6c:a9:4b:ae:2d:c5:e7:46:17:21:
                    30:cd:35:c1:e0:00:04:95:2d:ea:4c:5a:92:ed:54:
                    98:53:7a:a4:4d:62:f1:15:4b:2c:23:1f:a7:7e:07:
                    88:23:7c:f9:d6:18:12:79:bb:6f:9f:2e:65:5a:0d:
                    40:2c:b4:8e:c3:fc:0c:4c:82:41:ef:a9:ac:87:ee:
                    92:95:43:cf:aa:04:c0:f9:31:a6:d1:05:0f:09:82:
                    40:73:57:f4:75:09:1b:08:0e:0e:2a:4d:86:3b:2d:
                    a2:fb:17:ca:74:ba:58:f2:f3:49:16:e1:28:38:b2:
                    2a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:D8:14:CB:1E:7D:92:4E:FA:74:0D:A8:C7:39:F5:AE:BC:68:BF:C8
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/4355f81e-8b7d-4823-952f-1eb1cce10086.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:4a:2b:32:ec:d2:6a:62:f3:41:fd:2f:1d:c5:65:8e:67:e2:
         81:63:f0:9d:ce:35:8c:bf:40:5d:34:b3:e8:14:2b:9b:84:41:
         8b:07:84:8a:e2:4e:84:db:df:19:2f:37:cb:8a:c2:38:14:87:
         98:b1:94:72:5a:46:72:57:c6:fe:fb:e6:2f:22:b1:fb:0c:09:
         63:d0:7b:72:64:34:78:ba:61:74:bc:1f:dd:4c:98:f6:66:e1:
         87:f9:8c:62:b7:0f:93:22:63:48:d5:13:03:0b:5e:b4:5d:e7:
         6d:c5:54:29:c7:eb:91:6a:87:c8:29:c9:16:ee:bf:a6:22:6e:
         e1:80:c4:be:11:38:ef:01:fe:ea:d7:41:da:fb:91:d5:c1:5b:
         54:98:13:7e:9d:3e:d4:70:19:62:8a:37:20:7b:48:d9:96:2c:
         ae:2d:46:69:54:cf:d9:93:b0:fa:77:d3:15:9f:74:94:39:e1:
         e5:7c:be:6b:2d:3c:63:7a:a6:0e:0d:ec:92:dd:82:e6:4d:9b:
         86:8f:10:c9:22:3b:4e:be:0b:f6:17:33:21:d7:b5:d2:7e:91:
         f0:f4:8a:9e:57:85:73:59:81:2b:1e:39:cb:53:a9:d3:f2:70:
         96:a0:f7:2f:bf:e2:5a:ef:1c:da:c6:0b:a7:37:02:2b:47:40:
         32:60:46:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMdMO8qn2REXxkJ0LPFLZ9j6gp5QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMDE2MDAwMDAwWhcNMjQxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ODE4NjhjYzExNWJkNDUwN2ZjM2M0YjRkYTFkZGM2OTRl
Mzg5NGVlMGUxMTA2ODgxNjcyNDdiY2M3YTI4YmQ3MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOMJJtUeo5Arw3bl+AON9CRiYI/9xw4QoKS2Jj739/xgXb
OgCOxGidGAoPozjDrn2Bc70WqP5bL1HjtxUq/7AOtapVTCFJhj0Y+QDl5PXeRjea
Qhk0YCBODvh578SzPRe19rpvLmctYL6nTKdZW93b/AbhSGPT4XtYBlqMeCv3H+z0
Fyxe5MHyLt9WbKlLri3F50YXITDNNcHgAASVLepMWpLtVJhTeqRNYvEVSywjH6d+
B4gjfPnWGBJ5u2+fLmVaDUAstI7D/AxMgkHvqayH7pKVQ8+qBMD5MabRBQ8JgkBz
V/R1CRsIDg4qTYY7LaL7F8p0uljy80kW4Sg4sioNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk9gUyx59kk76dA2oxzn1rrxov8gwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzQzNTVmODFlLThiN2QtNDgyMy05NTJmLTFlYjFjY2UxMDA4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEX+dIwDQYJKoZIhvcNAQELBQADggEBAHpKKzLs0mpi80H9Lx3FZY5n4oFj
8J3ONYy/QF00s+gUK5uEQYsHhIriToTb3xkvN8uKwjgUh5ixlHJaRnJXxv775i8i
sfsMCWPQe3JkNHi6YXS8H91MmPZm4Yf5jGK3D5MiY0jVEwMLXrRd523FVCnH65Fq
h8gpyRbuv6YibuGAxL4ROO8B/urXQdr7kdXBW1SYE36dPtRwGWKKNyB7SNmWLK4t
RmlUz9mTsPp30xWfdJQ54eV8vmstPGN6pg4N7JLdguZNm4aPEMkiO06+C/YXMyHX
tdJ+kfD0ip5XhXNZgSseOctTqdPycJag9y+/4lrvHNrGC6c3AitHQDJgRg8=
-----END CERTIFICATE-----