Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa
File:                     8621c38c-da14-4436-8fad-6252da797f1a.roa (raw, json)
Hash identifier:          DjyVz0xkq0oOfpMK3cHxY+Oxyj4qi/BYTWaVJmYYphE=
Subject key identifier:   8B:9E:8A:EC:83:95:EB:1E:7A:2F:68:0F:60:49:68:3F:92:8C:C0:7C
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       4514083F28C3343594324741323866CD7494A95A
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa
Signing time:             Fri 11 Apr 2025 00:00:21 +0000
ROA not before:           Fri 11 Apr 2025 00:00:21 +0000
ROA not after:            Fri 16 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.249.222.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:14:08:3f:28:c3:34:35:94:32:47:41:32:38:66:cd:74:94:a9:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Apr 11 00:00:21 2025 GMT
            Not After : May 16 23:59:59 2025 GMT
        Subject: serialNumber=53fc506d5f4aff9b9f74483b9962c78ebdd561b36f6b448f2c2e04e66dd18851, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b2:65:2b:8d:05:3c:07:22:9c:5b:ab:71:fd:
                    eb:aa:f9:43:a8:8f:fb:95:4e:5b:5b:27:7e:29:a2:
                    ae:fb:a1:06:a7:35:a2:59:e2:8a:75:e3:70:a7:85:
                    13:6d:86:ad:58:76:0d:68:5c:10:9a:49:c2:52:bf:
                    b0:95:0c:17:97:e4:fc:0c:8b:8c:ed:93:fd:a1:84:
                    5c:40:68:22:97:4e:68:ee:c5:4f:86:b9:be:3b:35:
                    8b:54:04:70:e8:13:dc:ca:ed:9a:b1:6e:b4:03:b1:
                    84:dd:44:9f:30:55:27:bf:b1:ba:2e:48:0b:0e:3e:
                    50:99:ef:11:9c:e3:42:13:a6:2e:b0:ce:da:53:a3:
                    d5:35:fa:10:ec:8a:50:ae:4a:32:ea:f4:33:b4:ec:
                    61:3e:c7:7e:ba:77:8b:82:64:bb:b1:f4:d7:54:a4:
                    80:57:02:f6:f2:08:52:cf:f7:82:e0:cd:a5:7c:c3:
                    bd:36:ef:8d:8b:82:55:48:31:65:62:e2:cd:57:25:
                    d4:a9:3d:d4:0e:f1:0a:e0:ff:41:3d:05:75:95:d3:
                    2a:a5:d1:f9:4a:70:d8:b3:1d:59:26:20:5b:46:c8:
                    94:04:ca:30:24:35:36:bd:c5:b2:95:f3:63:36:2c:
                    37:aa:1d:6e:b6:d3:b0:b8:84:1e:ff:df:49:ef:58:
                    fa:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:9E:8A:EC:83:95:EB:1E:7A:2F:68:0F:60:49:68:3F:92:8C:C0:7C
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8621c38c-da14-4436-8fad-6252da797f1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:d2:60:03:af:81:ea:23:f7:f2:dc:e1:dd:fa:8c:36:91:32:
         5c:86:db:88:bb:87:ff:46:19:81:44:5c:9e:fd:c1:d5:42:5d:
         35:7c:77:89:20:08:2f:12:0a:2a:65:bd:4e:fe:88:7c:7e:91:
         34:c1:6e:b9:7a:e9:21:c5:4d:0c:8d:88:ac:85:9d:d6:0d:09:
         0f:8c:8e:d3:9a:f6:39:4b:66:7b:29:fd:ce:e1:c7:95:2f:eb:
         94:68:ee:71:9c:d1:a3:ce:d0:40:1b:7e:bc:cd:0e:a6:ca:33:
         37:30:07:1e:7f:d3:d1:41:3f:a3:ac:28:72:44:c8:84:fb:5f:
         2e:53:22:26:52:74:a0:26:44:d8:0a:d9:c1:26:f6:05:9f:0e:
         79:d7:52:8d:70:ef:1e:e8:70:fb:43:95:a1:82:b6:e6:6d:9d:
         21:bd:aa:f3:84:21:d7:ce:97:ab:b9:0f:96:42:68:4a:f0:95:
         0b:c7:64:2e:67:20:71:f6:dc:7d:bc:55:77:85:b1:07:b3:9c:
         c0:7e:4a:2a:9c:13:45:64:71:43:70:6c:28:3d:bc:e3:e1:58:
         d8:d1:d8:3b:46:d1:2f:00:d7:70:fd:92:a3:57:6a:a3:a2:0f:
         7e:f8:de:a9:47:50:3b:d6:9c:d2:10:9e:80:26:fa:6d:53:f2:
         b7:bb:86:75
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURRQIPyjDNDWUMkdBMjhmzXSUqVowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNDExMDAwMDIxWhcNMjUwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1M2ZjNTA2ZDVmNGFmZjliOWY3NDQ4M2I5OTYyYzc4ZWJk
ZDU2MWIzNmY2YjQ0OGYyYzJlMDRlNjZkZDE4ODUxMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXsmUrjQU8ByKcW6tx/euq+UOoj/uVTltbJ34poq77oQan
NaJZ4op143CnhRNthq1Ydg1oXBCaScJSv7CVDBeX5PwMi4ztk/2hhFxAaCKXTmju
xU+Gub47NYtUBHDoE9zK7ZqxbrQDsYTdRJ8wVSe/sbouSAsOPlCZ7xGc40ITpi6w
ztpTo9U1+hDsilCuSjLq9DO07GE+x366d4uCZLux9NdUpIBXAvbyCFLP94LgzaV8
w702742LglVIMWVi4s1XJdSpPdQO8Qrg/0E9BXWV0yql0flKcNizHVkmIFtGyJQE
yjAkNTa9xbKV82M2LDeqHW6207C4hB7/30nvWPr5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUi56K7IOV6x56L2gPYEloP5KMwHwwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzg2MjFjMzhjLWRhMTQtNDQzNi04ZmFkLTYyNTJkYTc5N2YxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX+d4wDQYJKoZIhvcNAQELBQADggEBAI7SYAOvgeoj9/Lc4d36jDaRMlyG
24i7h/9GGYFEXJ79wdVCXTV8d4kgCC8SCiplvU7+iHx+kTTBbrl66SHFTQyNiKyF
ndYNCQ+MjtOa9jlLZnsp/c7hx5Uv65Ro7nGc0aPO0EAbfrzNDqbKMzcwBx5/09FB
P6OsKHJEyIT7Xy5TIiZSdKAmRNgK2cEm9gWfDnnXUo1w7x7ocPtDlaGCtuZtnSG9
qvOEIdfOl6u5D5ZCaErwlQvHZC5nIHH23H28VXeFsQeznMB+SiqcE0VkcUNwbCg9
vOPhWNjR2DtG0S8A13D9kqNXaqOiD3743qlHUDvWnNIQnoAm+m1T8re7hnU=
-----END CERTIFICATE-----