Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a11252a-2e01-45b8-9435-cfe1354f76d6.roa
File:                     8a11252a-2e01-45b8-9435-cfe1354f76d6.roa (raw, json)
Hash identifier:          ePCIx2eu1VsQ7PeqLs2DYoMGzSx8bcg4uMZu9G0jrA8=
Subject key identifier:   32:08:AF:68:18:87:BC:2E:D6:08:02:D3:4B:AE:02:BD:C0:80:F0:A1
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       29AF133F239DB00A0BBF3BDEE859FA14E098AD6C
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a11252a-2e01-45b8-9435-cfe1354f76d6.roa
Signing time:             Wed 16 Oct 2024 00:00:00 +0000
ROA not before:           Wed 16 Oct 2024 00:00:00 +0000
ROA not after:            Wed 20 Nov 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        23.249.210.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:af:13:3f:23:9d:b0:0a:0b:bf:3b:de:e8:59:fa:14:e0:98:ad:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Oct 16 00:00:00 2024 GMT
            Not After : Nov 20 23:59:59 2024 GMT
        Subject: serialNumber=601616fd5d951d1a0b2ed6bda9ea25334f0fb5b3d078ad3d7d3c00630df18c51, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:af:85:0b:e5:16:ad:e8:d3:00:cd:f0:38:e8:
                    74:6f:00:28:cb:70:b9:9a:2f:b8:ff:61:fb:42:e1:
                    ec:b6:71:06:a9:c2:54:43:63:c2:a5:ff:14:1b:0d:
                    c4:28:fb:95:0d:34:3a:10:e0:0f:33:6f:2e:c2:1b:
                    e7:f9:9d:5f:a1:7b:d5:f4:e2:7d:dd:99:8e:d8:0f:
                    78:8d:e5:b1:52:c4:c6:1a:09:e9:c7:56:7c:57:20:
                    1f:8c:82:fa:91:6e:bf:72:43:e2:7f:dc:c8:d1:d4:
                    f1:63:67:0d:07:69:90:65:2d:bd:35:a0:3d:a3:f1:
                    3a:17:de:47:14:69:61:62:49:0e:ad:ef:c6:cc:be:
                    73:d5:89:41:66:41:0c:8d:0f:f0:1a:fe:5d:33:26:
                    b6:40:2c:02:e3:f1:00:df:b6:03:e7:65:a1:71:89:
                    f0:90:79:3f:66:29:4a:d7:b9:8f:03:21:63:eb:01:
                    3d:cc:f9:23:32:00:98:42:30:c9:68:bf:1b:ae:79:
                    3c:36:fd:c6:d5:36:00:80:2e:6c:da:4d:67:b2:b3:
                    6e:05:98:9d:6d:47:27:c7:db:cc:f7:87:73:61:48:
                    14:42:79:11:3f:fe:49:95:80:a1:64:94:44:f1:9f:
                    26:f1:97:aa:16:42:37:e3:dc:26:60:e8:d7:cd:cc:
                    b2:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:08:AF:68:18:87:BC:2E:D6:08:02:D3:4B:AE:02:BD:C0:80:F0:A1
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/8a11252a-2e01-45b8-9435-cfe1354f76d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:c5:b7:7b:c3:c8:00:24:74:a3:28:79:11:a7:2e:04:c5:f8:
         4e:b5:7f:43:b4:9e:06:65:1b:ce:ca:26:4a:b1:7c:2a:a0:41:
         c8:a7:15:b5:6f:c5:f7:72:86:1d:dd:8c:9b:1b:87:14:f6:85:
         32:bc:9e:63:9f:ac:8c:e6:d2:8f:1e:9a:e6:70:53:93:96:07:
         a5:1a:6d:da:35:5d:d8:f9:ed:93:69:b1:51:26:ce:ee:eb:8a:
         c9:35:a2:e9:e6:35:6c:13:09:c3:9c:5a:6a:d3:ef:ac:c3:62:
         5a:22:67:99:42:4d:25:c3:6b:45:f7:4a:72:0d:d2:d4:de:14:
         69:df:be:c9:d4:e4:37:39:b3:26:8f:88:85:75:4c:63:9e:00:
         24:0e:99:f9:41:43:1f:76:f6:bb:81:2f:fa:02:66:ed:1b:cd:
         d0:7b:5f:5e:b4:d9:0b:71:41:95:00:8e:99:c6:f4:8d:7e:d2:
         8a:e1:32:52:5b:ee:66:72:1a:61:aa:22:23:8b:14:58:bd:24:
         04:15:2d:44:c7:1f:44:51:42:11:df:c8:9c:e0:e7:6b:ee:f5:
         4d:a2:c4:f9:cb:69:6e:6a:fb:c8:6d:d1:1d:f3:b6:76:0a:9d:
         05:01:42:05:e2:82:f8:eb:69:49:f2:9b:ff:18:18:f7:3a:cd:
         a7:40:08:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKa8TPyOdsAoLvzve6Fn6FOCYrWwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMDE2MDAwMDAwWhcNMjQxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDE2MTZmZDVkOTUxZDFhMGIyZWQ2YmRhOWVhMjUzMzRm
MGZiNWIzZDA3OGFkM2Q3ZDNjMDA2MzBkZjE4YzUxMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNr4UL5Rat6NMAzfA46HRvACjLcLmaL7j/YftC4ey2cQap
wlRDY8Kl/xQbDcQo+5UNNDoQ4A8zby7CG+f5nV+he9X04n3dmY7YD3iN5bFSxMYa
CenHVnxXIB+MgvqRbr9yQ+J/3MjR1PFjZw0HaZBlLb01oD2j8ToX3kcUaWFiSQ6t
78bMvnPViUFmQQyND/Aa/l0zJrZALALj8QDftgPnZaFxifCQeT9mKUrXuY8DIWPr
AT3M+SMyAJhCMMlovxuueTw2/cbVNgCALmzaTWeys24FmJ1tRyfH28z3h3NhSBRC
eRE//kmVgKFklETxnybxl6oWQjfj3CZg6NfNzLINAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMgivaBiHvC7WCALTS64CvcCA8KEwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzhhMTEyNTJhLTJlMDEtNDViOC05NDM1LWNmZTEzNTRmNzZkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEX+dIwDQYJKoZIhvcNAQELBQADggEBACLFt3vDyAAkdKMoeRGnLgTF+E61
f0O0ngZlG87KJkqxfCqgQcinFbVvxfdyhh3djJsbhxT2hTK8nmOfrIzm0o8emuZw
U5OWB6Uabdo1Xdj57ZNpsVEmzu7risk1ounmNWwTCcOcWmrT76zDYloiZ5lCTSXD
a0X3SnIN0tTeFGnfvsnU5Dc5syaPiIV1TGOeACQOmflBQx929ruBL/oCZu0bzdB7
X1602QtxQZUAjpnG9I1+0orhMlJb7mZyGmGqIiOLFFi9JAQVLUTHH0RRQhHfyJzg
52vu9U2ixPnLaW5q+8ht0R3ztnYKnQUBQgXigvjraUnym/8YGPc6zadACMQ=
-----END CERTIFICATE-----