Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5e3c0e08-edb8-4079-81e3-f4c857efb338.roa
File:                     5e3c0e08-edb8-4079-81e3-f4c857efb338.roa (raw, json)
Hash identifier:          pOTMwXM+6E364ycLv3ec02fq2vvMEA80M80G7Y+GOZU=
Subject key identifier:   A6:1E:B6:69:D1:19:9D:D3:20:FC:01:BD:72:28:F1:C7:9D:AF:41:B8
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       30D64615A4A820F4CCE4D62E638A2A146C5A0179
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5e3c0e08-edb8-4079-81e3-f4c857efb338.roa
Signing time:             Fri 11 Apr 2025 00:00:11 +0000
ROA not before:           Fri 11 Apr 2025 00:00:11 +0000
ROA not after:            Fri 16 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.249.221.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:d6:46:15:a4:a8:20:f4:cc:e4:d6:2e:63:8a:2a:14:6c:5a:01:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Apr 11 00:00:11 2025 GMT
            Not After : May 16 23:59:59 2025 GMT
        Subject: serialNumber=05704db4e276843af7bbc2f9652ee22fcfe4cba2e2b11c5f903fbf91d57e2fea, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a1:f6:80:fa:8b:d7:6e:51:d2:24:a3:68:04:
                    c0:2f:22:13:4f:d2:34:31:2a:6e:fb:5e:65:f4:0f:
                    2c:36:7a:a0:8d:c2:6d:96:c6:1e:16:14:8b:7e:b5:
                    70:69:62:ae:c9:f5:c5:de:21:0b:31:47:ab:83:d1:
                    7e:fb:f3:1a:39:49:9f:2b:c8:87:df:0d:43:01:8b:
                    6f:6e:f9:af:69:35:13:e8:c6:df:3b:5a:a8:26:56:
                    17:ec:7d:0e:9b:a0:b0:2d:54:65:4c:b5:da:a0:b7:
                    39:f9:8a:5d:fb:17:7b:e2:c4:e1:db:85:e4:22:8d:
                    db:0e:4a:4d:69:58:1d:4a:fd:4d:2d:45:8c:96:53:
                    c3:47:76:5e:a8:1d:b0:94:aa:13:ad:13:44:fd:a4:
                    d3:32:5c:7b:ca:e7:53:7c:ff:c5:43:f3:95:e9:0c:
                    8e:10:2f:82:e3:04:ca:9b:5a:01:a4:e1:25:bd:45:
                    6a:27:53:47:82:76:bd:52:fb:a8:eb:f8:30:c0:3c:
                    50:3b:da:d1:dd:ed:f5:09:18:28:e2:d0:84:c9:8d:
                    1d:63:56:8b:57:50:c8:11:c3:07:b6:2d:9e:6f:ea:
                    5b:f1:66:7a:36:a7:a1:25:65:21:11:51:06:bf:20:
                    2c:67:10:73:52:54:de:89:c1:27:7f:38:eb:06:01:
                    97:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:1E:B6:69:D1:19:9D:D3:20:FC:01:BD:72:28:F1:C7:9D:AF:41:B8
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/5e3c0e08-edb8-4079-81e3-f4c857efb338.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:09:6a:43:1e:03:8a:f6:d4:26:23:ec:1d:e0:04:d7:85:a0:
         e1:df:96:46:f4:f8:46:3c:21:0c:b3:4a:43:66:d1:18:be:04:
         6c:b3:4e:55:a3:70:69:d2:aa:c4:af:7e:1e:64:2a:03:38:dd:
         e4:81:56:38:e1:d3:d6:40:71:76:d6:c5:24:92:46:d8:e3:5f:
         97:68:83:e6:fe:37:2d:3a:02:c6:41:16:05:73:dd:33:ca:0b:
         b0:8e:d7:6a:40:b4:9b:86:5f:65:af:fd:6a:e8:b1:be:b2:9d:
         92:98:83:c0:9c:f5:81:e4:74:94:b8:cd:ed:60:33:4a:62:7f:
         21:3c:8f:1c:26:a5:ae:27:bf:00:0a:5b:f9:dd:1c:54:a1:c2:
         fc:e4:86:31:9d:be:92:c7:7b:c5:98:e9:b1:e8:b2:b6:6e:b9:
         2b:74:f5:b2:4c:71:a1:a6:9c:f6:11:5e:6b:9b:47:74:cd:c5:
         de:36:24:93:e5:a1:63:54:41:0e:83:97:9a:a6:8d:97:93:a0:
         3a:d0:2d:06:46:17:44:17:9e:1b:82:f2:51:80:d7:c8:33:62:
         e2:70:7c:bd:d7:f3:d7:36:5e:ad:be:45:69:b2:47:a4:60:73:
         79:4d:06:0c:cd:a0:26:ef:c5:a8:60:9c:90:23:8b:a5:79:71:
         be:d2:37:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMNZGFaSoIPTM5NYuY4oqFGxaAXkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNDExMDAwMDExWhcNMjUwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTcwNGRiNGUyNzY4NDNhZjdiYmMyZjk2NTJlZTIyZmNm
ZTRjYmEyZTJiMTFjNWY5MDNmYmY5MWQ1N2UyZmVhMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2ofaA+ovXblHSJKNoBMAvIhNP0jQxKm77XmX0Dyw2eqCN
wm2Wxh4WFIt+tXBpYq7J9cXeIQsxR6uD0X778xo5SZ8ryIffDUMBi29u+a9pNRPo
xt87WqgmVhfsfQ6boLAtVGVMtdqgtzn5il37F3vixOHbheQijdsOSk1pWB1K/U0t
RYyWU8NHdl6oHbCUqhOtE0T9pNMyXHvK51N8/8VD85XpDI4QL4LjBMqbWgGk4SW9
RWonU0eCdr1S+6jr+DDAPFA72tHd7fUJGCji0ITJjR1jVotXUMgRwwe2LZ5v6lvx
Zno2p6ElZSERUQa/ICxnEHNSVN6JwSd/OOsGAZfRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUph62adEZndMg/AG9cijxx52vQbgwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzVlM2MwZTA4LWVkYjgtNDA3OS04MWUzLWY0Yzg1N2VmYjMzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+d0wDQYJKoZIhvcNAQELBQADggEBAFAJakMeA4r21CYj7B3gBNeFoOHf
lkb0+EY8IQyzSkNm0Ri+BGyzTlWjcGnSqsSvfh5kKgM43eSBVjjh09ZAcXbWxSSS
RtjjX5dog+b+Ny06AsZBFgVz3TPKC7CO12pAtJuGX2Wv/Wrosb6ynZKYg8Cc9YHk
dJS4ze1gM0pifyE8jxwmpa4nvwAKW/ndHFShwvzkhjGdvpLHe8WY6bHosrZuuSt0
9bJMcaGmnPYRXmubR3TNxd42JJPloWNUQQ6Dl5qmjZeToDrQLQZGF0QXnhuC8lGA
18gzYuJwfL3X89c2Xq2+RWmyR6Rgc3lNBgzNoCbvxahgnJAji6V5cb7SN8M=
-----END CERTIFICATE-----