Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/38b1d6a5-8a6e-4ed3-a057-939fd4f17f57.roa
File:                     38b1d6a5-8a6e-4ed3-a057-939fd4f17f57.roa (raw, json)
Hash identifier:          b0XQO7KRMbwxbuZyfWPwss6ZuRw01o+j65d0oH6BXj8=
Subject key identifier:   62:6E:5E:6E:24:B4:24:D9:94:4E:38:E7:3B:3B:2A:94:11:35:1A:79
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       6C3E2CE7A5312DA266BB1A47B01F4938D53E42FE
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/38b1d6a5-8a6e-4ed3-a057-939fd4f17f57.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.251.240.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:3e:2c:e7:a5:31:2d:a2:66:bb:1a:47:b0:1f:49:38:d5:3e:42:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=6251076f8f7d998d673dd5eef0f8bfff2c86248ac3b820f3780339af04f66389, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4d:bf:71:69:c2:de:5a:bd:12:6a:8a:a7:b6:
                    a6:51:e1:f2:3e:fa:4a:f0:c0:aa:52:99:38:2c:ba:
                    c2:8e:07:5d:38:b4:8e:5a:d4:29:74:71:24:b6:af:
                    de:ec:b8:38:d1:cb:1c:c9:29:17:20:4b:b6:44:d2:
                    f7:56:d0:bb:b4:54:47:0a:0c:55:4a:8d:14:51:0a:
                    a2:08:fc:eb:5c:46:91:d2:f2:8f:da:75:23:da:81:
                    70:46:8b:a2:02:9e:59:a3:49:b7:25:9d:d9:69:cd:
                    af:a8:4f:16:95:a2:db:56:3b:0d:41:03:d9:38:8a:
                    96:47:aa:7c:e5:1f:f6:41:3a:ce:d6:6e:ac:f2:79:
                    45:58:09:55:05:63:5b:c2:2d:88:42:32:ee:97:b3:
                    06:9c:5b:dc:8c:70:b2:20:51:8a:b4:f1:9c:f8:aa:
                    2f:d2:63:7e:3a:de:c2:bb:ac:02:04:fe:41:b2:1c:
                    23:76:ce:e1:6b:3d:06:74:b9:5a:37:ef:b6:1f:5c:
                    fb:c2:ac:89:4b:7e:4d:73:2a:0b:e7:03:ce:88:9a:
                    f6:d3:9e:de:38:7a:aa:16:a4:61:82:77:7e:d2:56:
                    8f:7d:1f:90:1f:dd:0a:0e:cd:0a:85:2b:11:59:c2:
                    08:3b:7e:10:e7:b7:a9:d1:5e:2d:47:0d:56:3e:68:
                    2d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:6E:5E:6E:24:B4:24:D9:94:4E:38:E7:3B:3B:2A:94:11:35:1A:79
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/38b1d6a5-8a6e-4ed3-a057-939fd4f17f57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:e2:88:da:67:29:dc:c4:e4:65:19:90:5a:14:ae:80:b5:ea:
         fd:ef:3f:3b:56:4e:a6:48:80:57:86:99:34:e3:21:ee:c0:14:
         6f:87:24:3b:96:45:0f:65:5d:78:9d:f2:05:df:f7:41:ec:d9:
         2d:17:34:42:d2:5b:fb:5e:14:80:9b:f6:a7:d0:b1:00:3a:05:
         3f:f8:fe:04:5e:93:d3:a6:fc:23:99:d2:72:0b:95:2b:5d:ef:
         35:22:7d:47:16:fc:eb:a4:65:d6:db:ae:d0:17:e9:98:dc:b4:
         cd:1c:16:75:9c:77:b1:4e:a0:f7:82:9d:64:98:aa:5d:cc:03:
         94:f8:b8:da:11:f3:9a:8a:45:e8:69:df:ef:e7:b2:56:2c:ea:
         13:c0:73:32:61:a3:ea:9e:44:9e:d5:7d:88:54:6b:88:bd:8d:
         0c:30:9c:90:54:3d:a4:27:9d:4c:97:f3:5e:dd:12:82:b1:06:
         90:41:bd:48:de:32:bf:e4:d1:b8:13:95:b7:36:bc:b3:15:f6:
         aa:0b:a8:6d:e9:ea:26:bf:b8:5f:fe:37:e8:f1:ba:74:3f:f8:
         a4:b9:d7:06:fe:48:81:21:f6:68:6f:b1:86:76:e5:e1:9c:00:
         cf:14:d1:23:7e:67:76:59:88:71:bf:b1:35:d0:d0:73:c8:32:
         4a:eb:0a:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbD4s56UxLaJmuxpHsB9JONU+Qv4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjUxMDc2ZjhmN2Q5OThkNjczZGQ1ZWVmMGY4YmZmZjJj
ODYyNDhhYzNiODIwZjM3ODAzMzlhZjA0ZjY2Mzg5MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCITb9xacLeWr0SaoqntqZR4fI++krwwKpSmTgsusKOB104
tI5a1Cl0cSS2r97suDjRyxzJKRcgS7ZE0vdW0Lu0VEcKDFVKjRRRCqII/OtcRpHS
8o/adSPagXBGi6ICnlmjSbclndlpza+oTxaVottWOw1BA9k4ipZHqnzlH/ZBOs7W
bqzyeUVYCVUFY1vCLYhCMu6XswacW9yMcLIgUYq08Zz4qi/SY3463sK7rAIE/kGy
HCN2zuFrPQZ0uVo377YfXPvCrIlLfk1zKgvnA86ImvbTnt44eqoWpGGCd37SVo99
H5Af3QoOzQqFKxFZwgg7fhDnt6nRXi1HDVY+aC1VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYm5ebiS0JNmUTjjnOzsqlBE1GnkwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzM4YjFkNmE1LThhNmUtNGVkMy1hMDU3LTkzOWZkNGYxN2Y1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEX+/AwDQYJKoZIhvcNAQELBQADggEBAFjiiNpnKdzE5GUZkFoUroC16v3v
PztWTqZIgFeGmTTjIe7AFG+HJDuWRQ9lXXid8gXf90Hs2S0XNELSW/teFICb9qfQ
sQA6BT/4/gRek9Om/COZ0nILlStd7zUifUcW/OukZdbbrtAX6ZjctM0cFnWcd7FO
oPeCnWSYql3MA5T4uNoR85qKRehp3+/nslYs6hPAczJho+qeRJ7VfYhUa4i9jQww
nJBUPaQnnUyX817dEoKxBpBBvUjeMr/k0bgTlbc2vLMV9qoLqG3p6ia/uF/+N+jx
unQ/+KS51wb+SIEh9mhvsYZ25eGcAM8U0SN+Z3ZZiHG/sTXQ0HPIMkrrCh0=
-----END CERTIFICATE-----