Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/60789a29-f516-47ec-9154-b2b610f7282e.roa
File:                     60789a29-f516-47ec-9154-b2b610f7282e.roa (raw, json)
Hash identifier:          g7X38wlsd0R4jgRdzHQq4Sagzfe/K0IGkcl4hxV75wE=
Subject key identifier:   7F:50:E0:48:EC:FA:39:68:FC:DB:89:C8:70:E0:D7:AD:1B:29:F6:3B
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       6704DC47B197FEF6BA6B4E0B421FD282159C5540
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/60789a29-f516-47ec-9154-b2b610f7282e.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.221.168.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:04:dc:47:b1:97:fe:f6:ba:6b:4e:0b:42:1f:d2:82:15:9c:55:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=a70c44a52230823cfdb9bfda47732d39b1c1903a7363022485d04ea204198be9, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:69:92:8a:fd:48:28:79:4e:a9:3c:d7:93:3e:
                    0b:f9:83:82:41:52:22:74:3a:5a:08:45:49:70:e1:
                    33:1a:9a:86:0e:42:30:f5:a9:37:d8:25:f0:6e:41:
                    1b:4e:2d:23:71:f9:bf:cc:ce:62:63:4b:8c:50:fb:
                    34:4d:a9:af:d8:bc:a0:d0:f6:41:55:14:a7:76:cc:
                    10:1e:4c:1c:46:57:d4:20:7f:ff:3e:c0:98:8e:aa:
                    ed:11:97:6a:f8:f8:13:3b:9b:f9:1f:03:57:f9:c7:
                    49:6f:03:c8:d1:c1:97:63:17:0d:a0:1c:6a:a9:fe:
                    cb:b4:76:92:53:2f:1a:5a:bc:19:84:0d:3a:35:3d:
                    35:b5:15:76:e2:66:17:1f:32:77:fd:39:e6:93:99:
                    23:12:6e:9b:6c:db:9a:d6:38:4a:6c:81:46:cc:93:
                    c9:75:d2:4f:45:54:9c:c6:53:76:9d:6c:b5:1e:9b:
                    df:cc:fb:ce:2a:aa:92:ed:5b:00:a1:6b:72:e7:36:
                    e9:59:6e:57:75:7e:f6:f3:29:13:2a:37:75:72:d3:
                    95:5f:f1:2c:30:59:14:bf:0c:86:7c:19:f5:d2:52:
                    46:1e:98:2b:8a:f4:9e:be:06:59:8d:da:0e:72:54:
                    47:85:3e:6c:15:77:7a:bb:ef:65:a0:23:24:8a:6d:
                    76:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:50:E0:48:EC:FA:39:68:FC:DB:89:C8:70:E0:D7:AD:1B:29:F6:3B
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/60789a29-f516-47ec-9154-b2b610f7282e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.221.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         80:70:0a:9d:f6:32:28:7b:3c:a8:4c:b0:f3:d3:b6:e9:59:58:
         47:a3:94:67:e0:c1:d9:40:0e:06:03:3f:ee:2d:41:21:47:07:
         7d:85:e7:74:c8:77:8d:a3:64:6a:94:b2:b1:f5:20:be:65:53:
         1b:83:97:78:4a:90:e7:f4:60:b2:5c:51:b3:38:36:cd:a5:9b:
         7c:36:a3:37:58:b4:75:38:e2:0b:42:27:87:77:66:0f:2e:ba:
         a6:25:ab:16:b6:78:b5:7d:11:8f:04:46:1b:f3:9c:73:45:b6:
         59:8a:31:24:60:a8:0c:82:5e:48:15:e3:9a:8f:88:05:9c:5f:
         88:6f:89:01:cb:01:d0:ee:58:dc:51:02:5f:6a:f0:fa:c0:01:
         c4:59:6c:72:e6:e0:c8:57:51:bb:4c:d6:71:82:a1:a2:93:33:
         e8:2d:59:3b:a4:3f:86:c4:c7:3d:85:09:eb:00:2e:4c:2a:ba:
         91:cc:e0:5c:33:fa:58:53:ac:9d:be:3c:97:70:7a:4f:0a:a7:
         ba:b1:e0:43:52:79:e4:98:4e:50:97:44:69:ae:21:69:29:6f:
         db:87:9c:d5:32:07:ca:48:25:cc:ac:65:46:34:82:2b:9e:3e:
         01:a6:7e:e7:0d:bc:cb:b9:45:b1:44:73:3a:a5:0a:87:7b:db:
         0e:88:0d:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZwTcR7GX/va6a04LQh/SghWcVUAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzBjNDRhNTIyMzA4MjNjZmRiOWJmZGE0NzczMmQzOWIx
YzE5MDNhNzM2MzAyMjQ4NWQwNGVhMjA0MTk4YmU5MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyaZKK/UgoeU6pPNeTPgv5g4JBUiJ0OloIRUlw4TMamoYO
QjD1qTfYJfBuQRtOLSNx+b/MzmJjS4xQ+zRNqa/YvKDQ9kFVFKd2zBAeTBxGV9Qg
f/8+wJiOqu0Rl2r4+BM7m/kfA1f5x0lvA8jRwZdjFw2gHGqp/su0dpJTLxpavBmE
DTo1PTW1FXbiZhcfMnf9OeaTmSMSbpts25rWOEpsgUbMk8l10k9FVJzGU3adbLUe
m9/M+84qqpLtWwCha3LnNulZbld1fvbzKRMqN3Vy05Vf8SwwWRS/DIZ8GfXSUkYe
mCuK9J6+BlmN2g5yVEeFPmwVd3q772WgIySKbXb9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf1DgSOz6OWj824nIcODXrRsp9jswHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzYwNzg5YTI5LWY1MTYtNDdlYy05MTU0LWIyYjYxMGY3MjgyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPY3agwDQYJKoZIhvcNAQELBQADggEBAIBwCp32Mih7PKhMsPPTtulZWEej
lGfgwdlADgYDP+4tQSFHB32F53TId42jZGqUsrH1IL5lUxuDl3hKkOf0YLJcUbM4
Ns2lm3w2ozdYtHU44gtCJ4d3Zg8uuqYlqxa2eLV9EY8ERhvznHNFtlmKMSRgqAyC
XkgV45qPiAWcX4hviQHLAdDuWNxRAl9q8PrAAcRZbHLm4MhXUbtM1nGCoaKTM+gt
WTukP4bExz2FCesALkwqupHM4Fwz+lhTrJ2+PJdwek8Kp7qx4ENSeeSYTlCXRGmu
IWkpb9uHnNUyB8pIJcysZUY0giuePgGmfucNvMu5RbFEczqlCod72w6IDd0=
-----END CERTIFICATE-----