Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/2ce0da13-0e88-4bf2-bd9d-35168bcefdc3.roa
File:                     2ce0da13-0e88-4bf2-bd9d-35168bcefdc3.roa (raw, json)
Hash identifier:          MKCWulJhnWk3j9248i120pN1sU9EmH/KX/zJKewy/oE=
Subject key identifier:   E3:BF:E4:93:19:FA:85:F3:42:06:AE:C2:FE:90:82:81:54:F1:39:BB
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       317907DD012E147F351DCD3F30FFF476E474AA0A
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/2ce0da13-0e88-4bf2-bd9d-35168bcefdc3.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.169.229.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:79:07:dd:01:2e:14:7f:35:1d:cd:3f:30:ff:f4:76:e4:74:aa:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: serialNumber=f87cee119b43f70729477ec5778e154c096de396764cc731d77ca0f4e0fe95cd, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1c:65:78:02:4a:ab:8f:cd:6d:11:57:8a:c4:
                    de:ea:79:2e:1b:ea:1e:30:8e:b6:6b:ec:03:fb:73:
                    71:cd:da:91:e3:ca:ff:e4:e2:60:97:c6:f1:9f:e6:
                    db:0c:b7:87:a1:f0:66:ab:9d:f6:a0:19:ba:1d:2c:
                    e3:6f:5c:3e:7b:e9:42:66:70:ba:dc:75:7f:89:50:
                    d6:30:ae:4f:6a:10:21:a8:ca:76:a4:c3:d7:db:c5:
                    f3:6b:7d:35:59:1f:13:5d:da:cb:e9:c7:fe:e0:2e:
                    ee:ac:b4:a8:17:19:60:51:00:48:c0:03:ec:ea:4d:
                    2a:00:95:37:30:a3:39:5d:a2:ed:b1:a0:37:5a:bd:
                    88:00:2a:44:a0:61:9d:02:53:ee:37:3a:67:ca:a6:
                    cc:fd:0c:1c:d5:df:5c:f5:7a:bc:fe:19:4a:bf:75:
                    56:58:5f:6a:a1:8d:79:d6:10:fb:b7:54:d0:80:43:
                    f0:57:24:53:e2:c3:86:15:c8:11:aa:21:43:a5:75:
                    97:88:60:75:3e:fb:af:6f:e2:03:08:26:ab:96:2b:
                    26:74:01:af:15:7d:89:2e:57:5d:b3:76:02:f1:0a:
                    ae:be:a9:7f:00:50:12:47:4a:82:c0:3e:e0:9b:6b:
                    ff:3d:6e:ba:38:c7:3c:93:94:59:d6:11:50:80:50:
                    42:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:BF:E4:93:19:FA:85:F3:42:06:AE:C2:FE:90:82:81:54:F1:39:BB
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/2ce0da13-0e88-4bf2-bd9d-35168bcefdc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.169.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:1d:be:45:bd:67:67:95:3f:e6:d8:bb:46:9e:7c:96:29:0d:
         c9:10:cc:4a:94:29:ff:3f:67:80:42:95:0f:4e:52:e4:87:df:
         39:34:41:b5:0f:d5:e5:ec:d0:56:b5:79:38:ef:74:03:89:88:
         9b:f3:b6:42:60:ea:86:0d:71:b5:42:8e:b2:ca:84:78:3c:c2:
         07:99:d9:1a:8b:40:49:93:c1:fe:89:35:b1:b4:cb:f6:dd:d6:
         b4:73:eb:cc:27:bc:e6:dd:24:90:ee:2c:10:47:f8:78:54:d9:
         9b:4a:5f:c4:22:2e:73:e2:67:ef:1c:73:7f:cd:62:7b:35:ba:
         da:0c:03:09:96:24:21:2a:85:0e:85:a9:49:c0:eb:6c:62:50:
         0d:d3:55:6c:c1:0c:a0:26:9b:a1:e3:97:fe:67:36:76:a1:42:
         e7:97:63:aa:d2:9e:17:5d:05:2b:93:13:31:c7:8f:7f:18:f6:
         51:d8:10:0b:60:39:0a:e1:31:ee:7b:16:d1:ec:4c:81:04:af:
         58:dc:c3:5a:32:dd:b3:42:8c:9d:4c:85:7f:cc:d4:f4:3b:4f:
         47:31:d6:fe:22:21:17:ec:27:a8:21:e8:e9:20:c2:0c:43:e4:
         c1:bd:c5:e8:82:cd:22:3b:d9:0c:bb:e7:68:97:ea:54:45:8e:
         9c:b5:42:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMXkH3QEuFH81Hc0/MP/0duR0qgowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMTI1MDAwMDAwWhcNMjUwMzAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmODdjZWUxMTliNDNmNzA3Mjk0NzdlYzU3NzhlMTU0YzA5
NmRlMzk2NzY0Y2M3MzFkNzdjYTBmNGUwZmU5NWNkMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPHGV4Akqrj81tEVeKxN7qeS4b6h4wjrZr7AP7c3HN2pHj
yv/k4mCXxvGf5tsMt4eh8GarnfagGbodLONvXD576UJmcLrcdX+JUNYwrk9qECGo
ynakw9fbxfNrfTVZHxNd2svpx/7gLu6stKgXGWBRAEjAA+zqTSoAlTcwozldou2x
oDdavYgAKkSgYZ0CU+43OmfKpsz9DBzV31z1erz+GUq/dVZYX2qhjXnWEPu3VNCA
Q/BXJFPiw4YVyBGqIUOldZeIYHU++69v4gMIJquWKyZ0Aa8VfYkuV12zdgLxCq6+
qX8AUBJHSoLAPuCba/89bro4xzyTlFnWEVCAUEI9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU47/kkxn6hfNCBq7C/pCCgVTxObswHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzJjZTBkYTEzLTBlODgtNGJmMi1iZDlkLTM1MTY4YmNlZmRjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABFqeUwDQYJKoZIhvcNAQELBQADggEBACUdvkW9Z2eVP+bYu0aefJYpDckQ
zEqUKf8/Z4BClQ9OUuSH3zk0QbUP1eXs0Fa1eTjvdAOJiJvztkJg6oYNcbVCjrLK
hHg8wgeZ2RqLQEmTwf6JNbG0y/bd1rRz68wnvObdJJDuLBBH+HhU2ZtKX8QiLnPi
Z+8cc3/NYns1utoMAwmWJCEqhQ6FqUnA62xiUA3TVWzBDKAmm6Hjl/5nNnahQueX
Y6rSnhddBSuTEzHHj38Y9lHYEAtgOQrhMe57FtHsTIEEr1jcw1oy3bNCjJ1MhX/M
1PQ7T0cx1v4iIRfsJ6gh6OkgwgxD5MG9xeiCzSI72Qy752iX6lRFjpy1QiQ=
-----END CERTIFICATE-----