Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/dce2db93-8fb7-42b9-be56-23f46b5bf4e0.roa
File:                     dce2db93-8fb7-42b9-be56-23f46b5bf4e0.roa (raw, json)
Hash identifier:          BAeZrQZdLzVN9O/MFrbgIA27jeex3LgH8/W3vUGdpbs=
Subject key identifier:   89:A9:31:E0:48:FC:AB:5C:E5:3F:F3:6B:6A:D7:6D:5A:3E:4A:D9:0E
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       17584B84903AB198BCFA564F266CFB43908F2EC9
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/dce2db93-8fb7-42b9-be56-23f46b5bf4e0.roa
Signing time:             Sat 25 Jan 2025 00:00:00 +0000
ROA not before:           Sat 25 Jan 2025 00:00:00 +0000
ROA not after:            Sat 01 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.189.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:58:4b:84:90:3a:b1:98:bc:fa:56:4f:26:6c:fb:43:90:8f:2e:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Jan 25 00:00:00 2025 GMT
            Not After : Mar  1 23:59:59 2025 GMT
        Subject: serialNumber=9b3cf988e1bc90ac8d5d746fe801f3809b1dc2c49962260e927cf68c276ac6b6, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ad:c8:de:77:9e:92:84:a8:3e:4b:dd:37:5e:
                    f8:76:11:90:29:9f:1c:0e:b6:c7:70:a6:6a:fa:18:
                    24:0a:ec:3c:15:e1:34:dd:ea:27:54:2b:f4:d8:ad:
                    b0:0e:9d:3d:05:0a:8b:59:0b:7b:ef:16:e8:8a:4b:
                    25:ef:4f:65:4e:ef:65:a4:21:aa:0c:77:f2:ac:5e:
                    fa:8c:87:ce:77:c3:3b:89:43:41:0c:88:ea:fa:8b:
                    85:f9:5e:de:51:ec:4b:2e:d4:45:0e:f2:76:41:07:
                    5d:bd:f7:6d:76:5f:83:3e:b0:51:76:7a:cd:42:13:
                    aa:f9:fc:c0:e8:ed:6f:1e:23:3e:7a:46:55:49:32:
                    5e:04:72:50:0f:b3:81:1b:62:7f:2d:29:10:e6:ce:
                    d2:c8:0d:dc:cc:0e:9f:63:68:9f:b4:5e:4e:d7:9f:
                    39:d2:bb:a2:8b:ed:31:15:8d:0f:74:41:71:5b:fd:
                    01:20:95:01:27:27:f6:d4:a6:ca:52:88:57:4b:a3:
                    82:d6:07:9c:12:96:71:93:a6:43:a3:fe:99:a0:5c:
                    0e:fb:83:f4:37:25:7e:2e:41:3e:e7:08:5b:40:15:
                    f6:00:21:af:34:1f:43:3e:3e:f6:de:17:06:5e:c9:
                    7f:3a:dd:8f:28:6a:b0:fd:0a:7b:ea:bd:83:59:67:
                    a9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A9:31:E0:48:FC:AB:5C:E5:3F:F3:6B:6A:D7:6D:5A:3E:4A:D9:0E
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/dce2db93-8fb7-42b9-be56-23f46b5bf4e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:02:53:13:38:6f:94:22:39:04:b7:14:3b:47:55:63:1c:04:
         a9:f1:7f:ac:d3:02:4f:8e:ad:19:3f:ca:24:6f:3e:44:1e:4d:
         e7:5f:94:9a:5b:45:7f:9a:7b:47:b0:0b:59:30:f2:2e:05:20:
         d0:39:5b:8c:4c:95:d7:d4:ba:54:cc:40:20:f3:2a:d6:92:f9:
         8a:94:c3:13:70:b7:81:81:17:49:ed:88:a5:25:fa:67:b7:71:
         61:cf:f2:4b:a5:84:0d:4e:09:24:13:33:df:75:d1:73:0c:83:
         72:a3:e5:c8:89:06:31:db:54:e8:4e:16:aa:f9:bf:46:d8:bb:
         8d:94:b0:50:a0:28:78:0c:db:e2:bd:e0:44:62:11:3d:e6:57:
         4f:b3:bf:49:e2:df:2a:7e:f4:29:0e:f3:33:16:a8:2e:69:42:
         66:9e:87:15:e1:04:23:e4:00:39:fc:ea:8b:a2:31:db:4a:d3:
         73:94:42:24:24:40:86:d8:0a:d8:e5:dd:0f:56:12:46:53:60:
         20:ed:d6:7a:53:fd:a5:6e:7a:9d:f6:93:20:1f:84:de:d0:ab:
         7e:43:02:09:96:3e:9a:cb:42:ac:03:c9:8d:61:a8:54:af:04:
         c3:18:79:87:0e:a5:a2:58:6c:21:c7:d0:a5:e6:34:ff:82:bb:
         cf:17:b9:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF1hLhJA6sZi8+lZPJmz7Q5CPLskwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMTI1MDAwMDAwWhcNMjUwMzAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjNjZjk4OGUxYmM5MGFjOGQ1ZDc0NmZlODAxZjM4MDli
MWRjMmM0OTk2MjI2MGU5MjdjZjY4YzI3NmFjNmI2MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWrcjed56ShKg+S903Xvh2EZApnxwOtsdwpmr6GCQK7DwV
4TTd6idUK/TYrbAOnT0FCotZC3vvFuiKSyXvT2VO72WkIaoMd/KsXvqMh853wzuJ
Q0EMiOr6i4X5Xt5R7Esu1EUO8nZBB1299212X4M+sFF2es1CE6r5/MDo7W8eIz56
RlVJMl4EclAPs4EbYn8tKRDmztLIDdzMDp9jaJ+0Xk7XnznSu6KL7TEVjQ90QXFb
/QEglQEnJ/bUpspSiFdLo4LWB5wSlnGTpkOj/pmgXA77g/Q3JX4uQT7nCFtAFfYA
Ia80H0M+PvbeFwZeyX863Y8oarD9CnvqvYNZZ6mNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiakx4Ej8q1zlP/NratdtWj5K2Q4wHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2RjZTJkYjkzLThmYjctNDJiOS1iZTU2LTIzZjQ2YjViZjRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM370wDQYJKoZIhvcNAQELBQADggEBAHYCUxM4b5QiOQS3FDtHVWMcBKnx
f6zTAk+OrRk/yiRvPkQeTedflJpbRX+ae0ewC1kw8i4FINA5W4xMldfUulTMQCDz
KtaS+YqUwxNwt4GBF0ntiKUl+me3cWHP8kulhA1OCSQTM9910XMMg3Kj5ciJBjHb
VOhOFqr5v0bYu42UsFCgKHgM2+K94ERiET3mV0+zv0ni3yp+9CkO8zMWqC5pQmae
hxXhBCPkADn86ouiMdtK03OUQiQkQIbYCtjl3Q9WEkZTYCDt1npT/aVuep32kyAf
hN7Qq35DAgmWPprLQqwDyY1hqFSvBMMYeYcOpaJYbCHH0KXmNP+Cu88Xufs=
-----END CERTIFICATE-----