Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b5cc85b6-fdc1-4a8f-b266-611d77cebf5a.roa
File:                     b5cc85b6-fdc1-4a8f-b266-611d77cebf5a.roa (raw, json)
Hash identifier:          +srMnQjK+Wf9TJJWWbBJNAOi5co0Btom+41I1Jl+4tc=
Subject key identifier:   57:F8:7C:DC:1F:A2:68:81:31:CD:3D:C7:89:95:15:07:95:AF:73:93
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       43DEF3383FA865D75C3DDF77C908C26F71B36334
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b5cc85b6-fdc1-4a8f-b266-611d77cebf5a.roa
Signing time:             Fri 11 Apr 2025 00:00:59 +0000
ROA not before:           Fri 11 Apr 2025 00:00:59 +0000
ROA not after:            Fri 16 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        23.251.252.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:de:f3:38:3f:a8:65:d7:5c:3d:df:77:c9:08:c2:6f:71:b3:63:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Apr 11 00:00:59 2025 GMT
            Not After : May 16 23:59:59 2025 GMT
        Subject: serialNumber=263fb1cafff0f426c7eb55d50b64e7c4ba3b18a1318735bad517a7232695a908, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a6:3a:18:d8:44:4a:04:c2:f8:e1:35:65:3e:
                    1e:1a:ea:5f:85:e0:6d:fd:b2:ba:a9:4b:c5:42:fa:
                    72:19:4f:d5:0a:12:d9:eb:eb:ff:66:11:cf:34:e1:
                    f8:cf:3c:c9:7d:33:ec:aa:a3:f5:9a:a7:df:66:cb:
                    9b:f4:98:d9:ae:da:93:9e:e2:ad:ca:d2:c5:56:28:
                    46:91:87:b3:e0:c7:ee:a9:c4:a1:13:a3:45:da:3f:
                    80:0e:58:a2:05:35:cb:2a:3c:35:6e:06:7d:c4:ca:
                    c4:39:44:97:2d:53:69:1e:f5:da:55:26:8a:94:28:
                    93:1a:a7:12:3e:91:fb:03:4c:1b:03:a0:4b:06:a3:
                    d8:67:60:f7:a8:20:5a:c7:98:55:d4:fb:ff:26:2a:
                    48:aa:87:bf:ba:99:43:59:b6:4d:1c:3f:9b:2d:60:
                    87:87:b0:bd:9d:cf:60:18:5e:d7:ed:2c:c0:ea:48:
                    e0:71:62:22:7c:6a:fe:7b:00:24:ef:57:d0:7f:27:
                    f5:f3:94:30:c6:07:3a:a9:d5:e1:c9:a7:70:ae:d6:
                    87:68:22:d5:43:0b:36:b9:58:11:a0:e0:6b:20:38:
                    9d:00:00:b1:9e:ff:01:6d:8c:8a:64:96:f7:e7:32:
                    21:19:c9:f8:46:25:43:de:c3:ff:2a:ed:a4:08:b9:
                    0d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:F8:7C:DC:1F:A2:68:81:31:CD:3D:C7:89:95:15:07:95:AF:73:93
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b5cc85b6-fdc1-4a8f-b266-611d77cebf5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:de:84:51:c6:49:f3:f3:8b:57:32:d0:25:d9:c5:0f:42:14:
         84:f3:e4:d4:41:96:0e:66:7b:39:eb:c2:ba:b7:23:a2:2d:ca:
         38:51:41:81:62:b7:e6:6f:68:66:9f:43:95:b9:48:ef:a2:d1:
         40:30:87:af:f2:34:11:e3:47:d6:37:bd:e6:04:4e:45:c2:8a:
         fd:47:8e:3b:35:23:87:fc:72:29:64:fe:5d:d3:32:52:fe:78:
         c3:e3:7d:f7:a9:57:90:bb:9a:37:f4:97:bc:c4:86:fe:5f:cc:
         68:ef:31:5f:9a:36:af:42:ab:f6:19:b7:9b:08:8f:68:4f:ee:
         08:49:c8:de:c6:93:91:91:57:dc:1c:29:4f:21:3e:bd:0e:4a:
         a2:66:4d:7f:bf:5c:06:0d:2f:88:9a:3a:e4:24:9f:c0:7b:d2:
         69:ec:39:dd:25:02:26:a4:71:86:b9:53:a3:bf:9c:57:84:95:
         6a:c0:53:23:41:92:96:89:14:1f:54:b6:5d:a1:89:7c:1b:bd:
         e9:86:f5:9f:1e:a7:55:d6:19:fc:27:ef:75:6c:58:fc:58:ee:
         00:2d:e8:4c:35:dd:b9:e9:b7:73:bc:4b:5f:9a:8c:13:ed:a6:
         d1:02:50:34:00:bb:c3:bc:0f:f8:fc:ed:37:8f:5d:38:35:94:
         b3:6f:63:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ97zOD+oZddcPd93yQjCb3GzYzQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNDExMDAwMDU5WhcNMjUwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNjNmYjFjYWZmZjBmNDI2YzdlYjU1ZDUwYjY0ZTdjNGJh
M2IxOGExMzE4NzM1YmFkNTE3YTcyMzI2OTVhOTA4MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDpjoY2ERKBML44TVlPh4a6l+F4G39srqpS8VC+nIZT9UK
Etnr6/9mEc804fjPPMl9M+yqo/Wap99my5v0mNmu2pOe4q3K0sVWKEaRh7Pgx+6p
xKETo0XaP4AOWKIFNcsqPDVuBn3EysQ5RJctU2ke9dpVJoqUKJMapxI+kfsDTBsD
oEsGo9hnYPeoIFrHmFXU+/8mKkiqh7+6mUNZtk0cP5stYIeHsL2dz2AYXtftLMDq
SOBxYiJ8av57ACTvV9B/J/XzlDDGBzqp1eHJp3Cu1odoItVDCza5WBGg4GsgOJ0A
ALGe/wFtjIpklvfnMiEZyfhGJUPew/8q7aQIuQ3TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV/h83B+iaIExzT3HiZUVB5Wvc5MwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2I1Y2M4NWI2LWZkYzEtNGE4Zi1iMjY2LTYxMWQ3N2NlYmY1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIX+/wwDQYJKoZIhvcNAQELBQADggEBAD/ehFHGSfPzi1cy0CXZxQ9CFITz
5NRBlg5meznrwrq3I6ItyjhRQYFit+ZvaGafQ5W5SO+i0UAwh6/yNBHjR9Y3veYE
TkXCiv1Hjjs1I4f8cilk/l3TMlL+eMPjffepV5C7mjf0l7zEhv5fzGjvMV+aNq9C
q/YZt5sIj2hP7ghJyN7Gk5GRV9wcKU8hPr0OSqJmTX+/XAYNL4iaOuQkn8B70mns
Od0lAiakcYa5U6O/nFeElWrAUyNBkpaJFB9Utl2hiXwbvemG9Z8ep1XWGfwn73Vs
WPxY7gAt6Ew13bnpt3O8S1+ajBPtptECUDQAu8O8D/j87TePXTg1lLNvY0Y=
-----END CERTIFICATE-----