Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/f99236be-03a7-4f91-be31-5366989c9d7b.roa
File:                     f99236be-03a7-4f91-be31-5366989c9d7b.roa (raw, json)
Hash identifier:          imyjfmtvf9cTzxMUoA32robBND7FcUC4nM8+tegBGPw=
Subject key identifier:   BA:26:6F:84:68:BD:B9:5E:FB:D9:74:31:15:A0:CA:3D:42:82:E2:D4
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       386B25857B6FEBB7BBC9D01497CA3C53640794EF
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/f99236be-03a7-4f91-be31-5366989c9d7b.roa
Signing time:             Mon 31 Mar 2025 15:10:06 +0000
ROA not before:           Mon 31 Mar 2025 15:10:06 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        199.255.192.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:6b:25:85:7b:6f:eb:b7:bb:c9:d0:14:97:ca:3c:53:64:07:94:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Mar 31 15:10:06 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=aa98ce13e9fd1de331d9d9018ee3d1f4cfcd78a8d8f7a5f729d2437b0f6d0090, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3b:47:40:79:9c:f2:3e:0e:5b:08:68:ba:94:
                    20:f3:d8:2b:4b:25:d4:6a:06:41:fe:90:ff:ec:c6:
                    60:27:26:a6:01:22:18:8c:4a:ca:0c:0c:ad:46:fe:
                    93:a4:ea:08:0c:6b:69:2d:e7:b4:b3:a7:db:cc:df:
                    f7:3d:26:38:87:ea:91:6f:3b:0b:16:e5:49:37:65:
                    91:3c:df:0c:20:fd:8f:eb:33:6c:21:fb:cd:b9:df:
                    67:ba:8a:b5:d7:68:19:6b:53:de:59:17:0a:5a:b6:
                    86:fb:92:ca:ef:b4:e7:18:b7:ca:97:32:55:47:79:
                    44:c3:88:7a:58:2b:35:82:38:b4:2b:36:cd:5c:e8:
                    6e:e4:b3:29:2e:92:00:0c:e7:54:82:f8:df:c6:c6:
                    9e:e1:a4:5a:9b:7b:a8:32:a4:99:14:7c:06:3f:6b:
                    ea:83:3c:f3:d7:11:33:b7:e1:8d:ac:86:41:67:6a:
                    84:61:7f:f1:9e:63:7d:8b:3b:fe:96:bf:27:35:29:
                    86:5a:50:13:f6:8e:f9:52:ca:72:7e:f8:d8:c3:78:
                    f5:a3:51:89:3d:9c:45:df:2c:9b:d1:64:5d:3f:f5:
                    6d:6e:b4:49:24:2c:e8:12:04:5d:1b:91:6e:76:0a:
                    03:1e:d5:fd:4e:49:14:95:5d:90:18:e9:09:0e:ab:
                    e1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:26:6F:84:68:BD:B9:5E:FB:D9:74:31:15:A0:CA:3D:42:82:E2:D4
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/f99236be-03a7-4f91-be31-5366989c9d7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.255.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:21:0d:81:17:1a:c2:c6:a2:b7:dd:e3:30:10:aa:57:77:41:
         a1:c0:19:be:ab:0c:24:8a:92:0d:f6:a1:e3:89:24:c7:de:a7:
         bd:9f:1d:a0:77:29:f8:80:b2:3a:24:8b:29:28:25:de:a8:5b:
         e6:c0:45:4c:20:2e:6a:8c:9e:cf:64:83:d6:59:44:07:60:0e:
         a1:24:18:95:3d:89:2a:bb:0c:13:c1:21:10:22:02:47:63:bc:
         53:c5:ff:a5:d9:06:f8:5c:1b:bb:98:19:76:28:24:5c:8e:c5:
         9f:8b:6b:50:07:56:68:81:08:49:30:d6:08:f4:05:08:fc:52:
         03:20:7a:31:b9:46:94:72:59:aa:71:d8:a7:38:8e:24:50:82:
         59:d9:9a:44:15:3d:89:bd:05:44:c6:ed:2f:4b:08:9d:12:47:
         cb:e3:e0:f0:48:61:4d:f4:cf:f3:6e:c0:0c:8f:95:e3:11:9d:
         ba:8a:36:35:3e:62:06:79:9d:12:c1:08:37:92:56:01:87:b6:
         9b:6a:05:64:f4:a8:b7:c0:d5:b3:ea:32:1b:69:2f:22:be:f1:
         94:20:de:48:a6:f1:59:ae:7d:67:74:bc:40:d9:88:9c:90:a2:
         89:ef:2a:b3:03:99:6e:e6:be:1d:a0:54:57:38:8f:97:ce:bc:
         45:83:b9:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOGslhXtv67e7ydAUl8o8U2QHlO8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMzMxMTUxMDA2WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTk4Y2UxM2U5ZmQxZGUzMzFkOWQ5MDE4ZWUzZDFmNGNm
Y2Q3OGE4ZDhmN2E1ZjcyOWQyNDM3YjBmNmQwMDkwMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwO0dAeZzyPg5bCGi6lCDz2CtLJdRqBkH+kP/sxmAnJqYB
IhiMSsoMDK1G/pOk6ggMa2kt57Szp9vM3/c9JjiH6pFvOwsW5Uk3ZZE83wwg/Y/r
M2wh+82532e6irXXaBlrU95ZFwpatob7ksrvtOcYt8qXMlVHeUTDiHpYKzWCOLQr
Ns1c6G7ksykukgAM51SC+N/Gxp7hpFqbe6gypJkUfAY/a+qDPPPXETO34Y2shkFn
aoRhf/GeY32LO/6Wvyc1KYZaUBP2jvlSynJ++NjDePWjUYk9nEXfLJvRZF0/9W1u
tEkkLOgSBF0bkW52CgMe1f1OSRSVXZAY6QkOq+EBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuiZvhGi9uV772XQxFaDKPUKC4tQwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2Y5OTIzNmJlLTAzYTctNGY5MS1iZTMxLTUzNjY5ODljOWQ3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALH/8AwDQYJKoZIhvcNAQELBQADggEBAC8hDYEXGsLGorfd4zAQqld3QaHA
Gb6rDCSKkg32oeOJJMfep72fHaB3KfiAsjokiykoJd6oW+bARUwgLmqMns9kg9ZZ
RAdgDqEkGJU9iSq7DBPBIRAiAkdjvFPF/6XZBvhcG7uYGXYoJFyOxZ+La1AHVmiB
CEkw1gj0BQj8UgMgejG5RpRyWapx2Kc4jiRQglnZmkQVPYm9BUTG7S9LCJ0SR8vj
4PBIYU30z/NuwAyPleMRnbqKNjU+YgZ5nRLBCDeSVgGHtptqBWT0qLfA1bPqMhtp
LyK+8ZQg3kim8VmufWd0vEDZiJyQoonvKrMDmW7mvh2gVFc4j5fOvEWDues=
-----END CERTIFICATE-----