Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b6ee93d8-d7a7-41ad-8de1-90a055bc197c.roa
File:                     b6ee93d8-d7a7-41ad-8de1-90a055bc197c.roa (raw, json)
Hash identifier:          s3RSDOQF962SQR6sIlcNu5fUlG/ayZkZlCv+Sb7qXdA=
Subject key identifier:   66:76:77:1A:CE:DE:CF:62:B7:42:6A:79:E0:43:D7:2A:62:31:45:0D
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       4908686E27E31E84BCB427F68AD347F68224FD99
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b6ee93d8-d7a7-41ad-8de1-90a055bc197c.roa
Signing time:             Fri 11 Apr 2025 00:00:57 +0000
ROA not before:           Fri 11 Apr 2025 00:00:57 +0000
ROA not after:            Fri 16 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        23.251.228.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:08:68:6e:27:e3:1e:84:bc:b4:27:f6:8a:d3:47:f6:82:24:fd:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Apr 11 00:00:57 2025 GMT
            Not After : May 16 23:59:59 2025 GMT
        Subject: serialNumber=b95e1e996be23bef7a652007dbf03dbe1e3861ff7918fd33927be27ba8c085e0, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:25:4c:32:5e:82:d6:aa:d4:be:6c:eb:7b:1a:
                    be:95:93:48:d0:a0:8f:3e:bf:5a:31:9d:01:73:c8:
                    60:d6:0e:5f:08:e5:ea:1a:b3:cb:5f:00:71:07:cf:
                    c6:c2:d7:1a:ab:0f:b4:a9:a0:83:1c:27:4d:8d:24:
                    01:66:9a:4f:58:70:a6:22:81:be:aa:92:0b:3a:90:
                    18:e3:2e:e5:82:ff:68:3a:3d:6e:2c:98:3c:56:57:
                    e8:9e:e6:60:55:0d:8b:c4:db:c7:cb:ec:7b:95:90:
                    82:4a:b4:4c:9b:c8:2e:00:9c:5b:25:b2:18:10:32:
                    09:c9:69:2f:dc:09:26:1a:b3:7e:8e:e6:cd:82:0a:
                    83:9c:8c:85:7d:82:72:53:95:f1:82:34:30:9a:a6:
                    8a:b7:57:15:e4:c7:91:37:73:a5:59:d7:29:f3:e0:
                    3e:9f:b6:ca:c1:44:dc:16:43:ae:95:c5:f9:6f:6a:
                    35:3f:4a:dc:98:73:bd:77:13:db:e5:39:fc:b9:a9:
                    48:df:c6:63:c5:e5:e5:0b:ce:c9:c8:1b:ee:44:2b:
                    76:be:2f:2a:26:25:1b:32:cd:f3:09:fd:06:f8:4f:
                    07:e7:15:db:a0:74:42:fb:fe:6f:3b:f1:d5:f5:c4:
                    ed:22:5f:64:48:98:a4:2c:d5:53:16:e8:c1:7d:44:
                    3e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:76:77:1A:CE:DE:CF:62:B7:42:6A:79:E0:43:D7:2A:62:31:45:0D
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b6ee93d8-d7a7-41ad-8de1-90a055bc197c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:df:07:a6:bb:28:a0:50:08:e6:ed:ec:97:5c:7f:3d:3b:6d:
         95:c4:84:b6:48:fd:4c:e4:d3:0a:ca:b0:77:08:54:77:6a:63:
         65:7f:21:ec:b1:d5:c4:1a:5c:f7:39:27:51:ba:ba:36:c6:0e:
         d5:a4:39:b8:ad:06:2d:36:63:2d:4b:63:76:b8:fd:a2:86:d3:
         51:fb:ae:c1:fa:f7:e9:2c:f5:27:4d:7c:8b:ec:37:62:e0:11:
         47:db:41:8d:8d:e1:aa:1e:fc:91:cc:7a:47:2b:ff:f8:0f:84:
         92:c5:91:5e:51:f3:6c:0c:9c:95:dc:05:09:55:9f:8b:30:fe:
         d9:c1:34:31:2d:42:75:84:9a:3f:ae:cd:df:28:08:e0:93:65:
         37:0b:18:c3:fe:6b:18:da:fe:e8:c7:b0:0f:e3:d1:76:6c:d2:
         3f:10:b3:41:97:dd:d4:ac:5a:8d:bc:06:e6:ad:e3:d2:90:ea:
         2e:88:fe:00:36:cd:eb:65:c6:ba:e7:2a:00:47:ad:4e:20:74:
         63:7c:81:29:e1:09:76:3e:bb:bd:3e:39:c3:9e:d1:93:af:5a:
         46:1f:f6:9f:4d:b1:3e:5f:67:29:65:30:09:69:13:74:22:5c:
         a1:a4:5e:18:43:aa:fb:13:fd:58:cb:86:53:89:69:fb:51:52:
         61:b8:72:8c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSQhobifjHoS8tCf2itNH9oIk/ZkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwNDExMDAwMDU3WhcNMjUwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTVlMWU5OTZiZTIzYmVmN2E2NTIwMDdkYmYwM2RiZTFl
Mzg2MWZmNzkxOGZkMzM5MjdiZTI3YmE4YzA4NWUwMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSJUwyXoLWqtS+bOt7Gr6Vk0jQoI8+v1oxnQFzyGDWDl8I
5eoas8tfAHEHz8bC1xqrD7SpoIMcJ02NJAFmmk9YcKYigb6qkgs6kBjjLuWC/2g6
PW4smDxWV+ie5mBVDYvE28fL7HuVkIJKtEybyC4AnFslshgQMgnJaS/cCSYas36O
5s2CCoOcjIV9gnJTlfGCNDCapoq3VxXkx5E3c6VZ1ynz4D6ftsrBRNwWQ66Vxflv
ajU/StyYc713E9vlOfy5qUjfxmPF5eULzsnIG+5EK3a+LyomJRsyzfMJ/Qb4Twfn
FdugdEL7/m878dX1xO0iX2RImKQs1VMW6MF9RD6PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZnZ3Gs7ez2K3Qmp54EPXKmIxRQ0wHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2I2ZWU5M2Q4LWQ3YTctNDFhZC04ZGUxLTkwYTA1NWJjMTk3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIX++QwDQYJKoZIhvcNAQELBQADggEBADHfB6a7KKBQCObt7Jdcfz07bZXE
hLZI/Uzk0wrKsHcIVHdqY2V/Ieyx1cQaXPc5J1G6ujbGDtWkObitBi02Yy1LY3a4
/aKG01H7rsH69+ks9SdNfIvsN2LgEUfbQY2N4aoe/JHMekcr//gPhJLFkV5R82wM
nJXcBQlVn4sw/tnBNDEtQnWEmj+uzd8oCOCTZTcLGMP+axja/ujHsA/j0XZs0j8Q
s0GX3dSsWo28Buat49KQ6i6I/gA2zetlxrrnKgBHrU4gdGN8gSnhCXY+u70+OcOe
0ZOvWkYf9p9NsT5fZyllMAlpE3QiXKGkXhhDqvsT/VjLhlOJaftRUmG4cow=
-----END CERTIFICATE-----