Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/cc9456b4-9220-4344-96a0-04b9d83c30f6.roa
File:                     cc9456b4-9220-4344-96a0-04b9d83c30f6.roa (raw, json)
Hash identifier:          zPETWBrg/d07v+gAxqkrjRPmWGlv29fWBjV7ImBwPUc=
Subject key identifier:   D3:0A:35:93:A6:5B:39:DE:3B:A8:AB:F7:55:8B:44:8B:F9:21:19:EA
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       57FEC36B704AB4FE6D82A14C56A3EAD5B5B73C1B
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/cc9456b4-9220-4344-96a0-04b9d83c30f6.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.251.248.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:fe:c3:6b:70:4a:b4:fe:6d:82:a1:4c:56:a3:ea:d5:b5:b7:3c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=c9a5682392564db5a0c6629686bb1651625d3c91ee1e3340cad259076aad6a20, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:93:a8:bf:49:b4:39:00:05:d7:9c:25:ce:
                    4f:25:bc:a4:b1:0f:46:c5:b2:26:4c:74:8d:d4:0b:
                    09:fc:a7:7e:3d:1a:f5:3d:92:f7:a7:f5:35:fe:de:
                    75:47:8e:5c:82:fe:38:f4:8c:7f:92:95:2a:06:f3:
                    3e:4f:90:fe:bc:2e:ca:e8:af:de:5e:0b:d7:13:60:
                    cc:46:92:ca:3e:9e:d9:1c:2c:b2:9c:4a:e1:32:64:
                    f8:18:f9:06:ad:f5:48:a7:4c:c7:e5:72:d3:e9:af:
                    90:97:20:5e:3d:7f:7f:55:42:d2:d2:37:ca:92:7a:
                    80:3a:25:0b:6b:bd:e1:49:21:f6:e7:88:9d:eb:e0:
                    bf:6a:07:09:a0:15:33:db:5c:33:dc:82:f0:60:d4:
                    03:0f:b8:77:b9:09:d0:e0:87:c1:5d:d5:52:aa:22:
                    f4:d5:11:93:15:56:37:a8:3d:a3:b9:b5:70:ff:0d:
                    32:79:98:e6:11:7c:58:bf:1e:a7:8a:84:3a:53:4a:
                    c2:f7:34:5d:22:a6:fe:c0:09:a6:23:00:bf:99:40:
                    d6:e8:d8:ad:95:62:26:ab:34:03:a0:62:39:6e:55:
                    d3:15:9f:f3:1b:22:52:f9:96:eb:6d:44:bd:9b:7f:
                    bf:a3:a1:d2:6c:49:11:5e:7e:38:95:5f:c6:b8:4e:
                    2e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:0A:35:93:A6:5B:39:DE:3B:A8:AB:F7:55:8B:44:8B:F9:21:19:EA
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/cc9456b4-9220-4344-96a0-04b9d83c30f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:ea:e8:b4:67:d0:9d:48:79:73:59:c6:c0:17:0e:25:fd:0c:
         fa:76:cf:a4:83:e8:a2:11:8d:aa:7b:ff:fb:70:70:12:54:20:
         55:52:1b:c0:e0:4b:3d:cc:4f:03:11:c3:b9:50:a3:8f:d1:a0:
         52:4b:73:8f:68:90:13:f1:32:f6:53:08:e5:a1:ad:da:54:cf:
         aa:08:3e:08:c6:8f:c9:ad:5d:47:88:52:55:36:d7:b5:d8:a6:
         c9:cf:d2:13:e9:84:c7:3e:7a:8e:f0:48:72:92:9f:4d:17:d5:
         62:2e:39:ff:95:4a:87:0f:4a:8e:42:ef:31:66:5c:f1:2d:5b:
         29:58:ec:a1:d7:dd:b3:75:38:6f:b6:24:97:cb:fe:4c:6d:23:
         4d:d4:0a:72:ca:a3:4d:bd:20:33:a5:9e:1a:79:3a:bd:32:c0:
         0d:31:a1:ec:5a:16:4d:23:db:49:aa:51:61:a2:25:a3:9c:2a:
         b0:09:42:20:16:cf:5f:4d:06:79:d6:26:ad:f8:db:6f:72:22:
         46:e7:f6:4b:36:8d:af:a5:f0:54:4b:5b:fe:fb:4f:ac:a7:36:
         db:71:4e:45:90:27:09:ec:fc:58:73:56:ee:ac:c4:64:5d:0d:
         3e:8a:c3:fa:ea:88:14:2b:8e:31:81:25:e1:f4:02:9a:3e:ae:
         98:b9:a6:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV/7Da3BKtP5tgqFMVqPq1bW3PBswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOWE1NjgyMzkyNTY0ZGI1YTBjNjYyOTY4NmJiMTY1MTYy
NWQzYzkxZWUxZTMzNDBjYWQyNTkwNzZhYWQ2YTIwMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4CJOov0m0OQAF15wlzk8lvKSxD0bFsiZMdI3UCwn8p349
GvU9kven9TX+3nVHjlyC/jj0jH+SlSoG8z5PkP68Lsror95eC9cTYMxGkso+ntkc
LLKcSuEyZPgY+Qat9UinTMflctPpr5CXIF49f39VQtLSN8qSeoA6JQtrveFJIfbn
iJ3r4L9qBwmgFTPbXDPcgvBg1AMPuHe5CdDgh8Fd1VKqIvTVEZMVVjeoPaO5tXD/
DTJ5mOYRfFi/HqeKhDpTSsL3NF0ipv7ACaYjAL+ZQNbo2K2VYiarNAOgYjluVdMV
n/MbIlL5luttRL2bf7+jodJsSRFefjiVX8a4Ti6xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0wo1k6ZbOd47qKv3VYtEi/khGeowHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2NjOTQ1NmI0LTkyMjAtNDM0NC05NmEwLTA0YjlkODNjMzBmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEX+/gwDQYJKoZIhvcNAQELBQADggEBAGzq6LRn0J1IeXNZxsAXDiX9DPp2
z6SD6KIRjap7//twcBJUIFVSG8DgSz3MTwMRw7lQo4/RoFJLc49okBPxMvZTCOWh
rdpUz6oIPgjGj8mtXUeIUlU217XYpsnP0hPphMc+eo7wSHKSn00X1WIuOf+VSocP
So5C7zFmXPEtWylY7KHX3bN1OG+2JJfL/kxtI03UCnLKo029IDOlnhp5Or0ywA0x
oexaFk0j20mqUWGiJaOcKrAJQiAWz19NBnnWJq34229yIkbn9ks2ja+l8FRLW/77
T6ynNttxTkWQJwns/FhzVu6sxGRdDT6Kw/rqiBQrjjGBJeH0Apo+rpi5pqE=
-----END CERTIFICATE-----