Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/84c038ae-7a5a-414a-bd00-1edb6fbe5ad7.roa
File:                     84c038ae-7a5a-414a-bd00-1edb6fbe5ad7.roa (raw, json)
Hash identifier:          l/5qaR8B7E//HovktZQXpQD6V/MJJxSuLGVkfIxDBAg=
Subject key identifier:   59:AA:96:5A:EF:B5:6D:21:F6:EE:F9:A7:EC:0C:DD:BE:E6:B2:33:31
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       04D39625B42B0F64AFA19BCA1D3846DE23EEBD71
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/84c038ae-7a5a-414a-bd00-1edb6fbe5ad7.roa
Signing time:             Fri 11 Apr 2025 00:00:26 +0000
ROA not before:           Fri 11 Apr 2025 00:00:26 +0000
ROA not after:            Fri 16 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.251.234.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:d3:96:25:b4:2b:0f:64:af:a1:9b:ca:1d:38:46:de:23:ee:bd:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Apr 11 00:00:26 2025 GMT
            Not After : May 16 23:59:59 2025 GMT
        Subject: serialNumber=99e751b4f8e9c1299b78b080ee73fe8549b7f9fb3289d2604d76c00510916904, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e6:ce:82:ef:ab:e9:30:e5:26:d6:b0:04:99:
                    99:43:1c:35:5b:bd:d8:8d:3a:17:9a:d5:5f:aa:8a:
                    8c:1d:68:4f:57:4a:3c:07:c4:20:9d:37:6e:1b:d6:
                    5f:50:64:36:e8:aa:e3:f3:b4:fa:df:76:41:53:0c:
                    ad:55:89:bd:4f:bb:d3:5f:ac:d3:ca:99:d4:80:0b:
                    09:d5:f5:85:eb:75:67:bf:62:2a:8f:06:92:15:59:
                    a6:04:12:9e:72:03:16:32:12:70:6a:2f:f3:5a:bf:
                    a4:63:38:5b:c0:c8:4f:c3:84:f8:d9:82:d9:1b:ac:
                    49:d5:33:4b:89:7b:e5:81:6c:94:c9:2f:07:76:3e:
                    7b:80:4d:2a:13:31:1d:1d:ae:7d:ed:ce:f9:c7:f0:
                    1c:6a:06:d7:b4:10:ce:f3:16:36:7a:df:ca:40:fb:
                    b4:16:c9:15:60:ec:59:c3:2e:31:21:ea:2d:17:f6:
                    17:fe:6a:63:38:75:07:13:31:85:97:87:f2:b0:6e:
                    55:12:a3:c1:e2:4e:8a:49:73:da:5a:5c:49:57:ae:
                    70:4b:ce:e4:52:74:25:10:7e:f7:88:78:41:cc:fe:
                    3d:b5:43:db:b6:95:4c:94:54:11:63:c1:d1:87:d0:
                    51:69:60:41:57:d1:f7:92:e6:b6:62:ed:cb:4b:49:
                    7e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:AA:96:5A:EF:B5:6D:21:F6:EE:F9:A7:EC:0C:DD:BE:E6:B2:33:31
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/84c038ae-7a5a-414a-bd00-1edb6fbe5ad7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:cb:2a:ce:bb:3a:de:88:f2:8b:68:c2:9b:79:9c:03:e0:5c:
         86:c6:f5:98:b6:fc:ca:80:b2:d0:fe:3a:78:22:22:1e:eb:80:
         fd:6c:c4:df:8d:b1:31:22:32:16:db:16:b8:76:a3:45:e6:32:
         a6:14:56:a9:b1:87:cd:04:85:d6:e9:00:7f:e7:f3:a8:a9:34:
         7c:e1:48:6d:85:7b:d0:7f:28:5f:5c:2f:90:d7:05:c3:e0:f5:
         fc:a4:e1:28:34:6a:f6:aa:de:d9:3d:0d:e3:97:83:0d:cb:e8:
         bb:3c:7a:0f:93:c2:ca:fa:e6:4a:71:59:a4:ab:cf:4d:20:8d:
         82:f1:08:eb:07:ad:73:30:25:03:3a:c8:3c:51:a8:f3:ed:70:
         c8:9d:61:14:dd:b6:eb:5c:63:44:f5:2a:50:2b:ef:f0:3c:e5:
         37:eb:09:66:71:01:fa:36:15:f5:a8:8e:04:01:b5:ff:92:86:
         e9:9d:e4:58:28:0f:8f:0b:48:93:ff:c4:7d:1f:34:14:90:3e:
         cd:b9:72:a2:d1:bf:29:48:70:aa:04:1c:cd:59:87:97:a2:ed:
         5d:80:47:74:e1:21:c9:f1:22:ec:a3:c5:ce:9a:45:d2:de:f2:
         ac:e7:28:8c:a4:d5:49:20:82:10:e2:8d:dc:2c:81:67:51:0e:
         df:30:76:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBNOWJbQrD2SvoZvKHThG3iPuvXEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNDExMDAwMDI2WhcNMjUwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OWU3NTFiNGY4ZTljMTI5OWI3OGIwODBlZTczZmU4NTQ5
YjdmOWZiMzI4OWQyNjA0ZDc2YzAwNTEwOTE2OTA0MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCo5s6C76vpMOUm1rAEmZlDHDVbvdiNOhea1V+qiowdaE9X
SjwHxCCdN24b1l9QZDboquPztPrfdkFTDK1Vib1Pu9NfrNPKmdSACwnV9YXrdWe/
YiqPBpIVWaYEEp5yAxYyEnBqL/Nav6RjOFvAyE/DhPjZgtkbrEnVM0uJe+WBbJTJ
Lwd2PnuATSoTMR0drn3tzvnH8BxqBte0EM7zFjZ638pA+7QWyRVg7FnDLjEh6i0X
9hf+amM4dQcTMYWXh/KwblUSo8HiTopJc9paXElXrnBLzuRSdCUQfveIeEHM/j21
Q9u2lUyUVBFjwdGH0FFpYEFX0feS5rZi7ctLSX59AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWaqWWu+1bSH27vmn7AzdvuayMzEwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzg0YzAzOGFlLTdhNWEtNDE0YS1iZDAwLTFlZGI2ZmJlNWFkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX++owDQYJKoZIhvcNAQELBQADggEBADjLKs67Ot6I8otowpt5nAPgXIbG
9Zi2/MqAstD+OngiIh7rgP1sxN+NsTEiMhbbFrh2o0XmMqYUVqmxh80EhdbpAH/n
86ipNHzhSG2Fe9B/KF9cL5DXBcPg9fyk4Sg0avaq3tk9DeOXgw3L6Ls8eg+Twsr6
5kpxWaSrz00gjYLxCOsHrXMwJQM6yDxRqPPtcMidYRTdtutcY0T1KlAr7/A85Tfr
CWZxAfo2FfWojgQBtf+Shumd5FgoD48LSJP/xH0fNBSQPs25cqLRvylIcKoEHM1Z
h5ei7V2AR3ThIcnxIuyjxc6aRdLe8qznKIyk1UkgghDijdwsgWdRDt8wdhk=
-----END CERTIFICATE-----