Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02447562-bdb2-4ece-a131-122a3348550c.roa
File:                     02447562-bdb2-4ece-a131-122a3348550c.roa (raw, json)
Hash identifier:          jvZWDM7qZz/c5/an7Dguw0SIkgMNmTZi7iy5/rvG2cs=
Subject key identifier:   A5:96:6E:43:D9:D1:DA:1B:21:3C:25:B9:31:45:B5:6C:E0:DF:25:23
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       2F448DDA446D0C24E367F887885F09F207B0C7F4
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02447562-bdb2-4ece-a131-122a3348550c.roa
Signing time:             Mon 09 Dec 2024 00:00:00 +0000
ROA not before:           Mon 09 Dec 2024 00:00:00 +0000
ROA not after:            Mon 13 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f3:ce00::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:44:8d:da:44:6d:0c:24:e3:67:f8:87:88:5f:09:f2:07:b0:c7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec  9 00:00:00 2024 GMT
            Not After : Jan 13 23:59:59 2025 GMT
        Subject: serialNumber=a8107fcfc6222a55fb3674246f9458986673f1a02a6702dbad6db3b7f162d846, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ad:4c:ee:0f:ea:b0:2d:97:29:41:82:5c:0c:
                    c2:91:31:55:35:6a:dd:01:98:11:9c:1c:32:28:4d:
                    3f:14:c5:64:ff:c1:9b:70:ee:5c:9a:2d:ab:f1:5b:
                    b4:19:51:11:78:16:ee:1e:f5:74:44:3d:d8:d7:4c:
                    de:11:8c:96:cb:d7:d1:c9:73:3f:f3:a2:ed:aa:f4:
                    89:28:58:c7:8c:f1:91:cd:de:65:51:e3:ac:84:1b:
                    af:aa:e2:ff:6c:f1:15:b0:95:bc:82:60:35:27:10:
                    98:7b:9c:ab:ef:6a:08:54:9a:e1:98:1d:ef:e0:dd:
                    91:70:47:f5:19:ce:b1:38:67:fc:fe:f0:fe:e3:31:
                    05:96:8d:50:07:38:36:e4:6e:b2:09:34:f0:61:ce:
                    06:37:0c:04:18:cd:f8:ad:1b:dc:83:7a:7e:cf:ec:
                    1a:89:25:f5:ab:5b:c1:53:26:40:03:3f:73:2d:6c:
                    20:f2:e5:b1:68:fb:68:17:34:b0:d2:50:83:73:6a:
                    1a:aa:7d:6b:88:3d:09:2a:fc:ac:4c:28:15:eb:c3:
                    b1:dd:d5:fd:95:63:58:2e:47:ea:a2:08:d3:a9:a5:
                    bd:d7:7d:b7:c1:91:f3:4a:5e:87:bc:38:14:e7:a6:
                    9b:07:7c:08:3a:48:22:3b:a4:aa:5a:95:70:d6:62:
                    10:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:96:6E:43:D9:D1:DA:1B:21:3C:25:B9:31:45:B5:6C:E0:DF:25:23
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/02447562-bdb2-4ece-a131-122a3348550c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f3:ce00::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:7d:9e:d5:a5:8b:06:7a:af:10:31:aa:4f:8d:02:c8:15:04:
         59:e9:6d:ad:ca:54:f6:98:85:24:b6:27:b0:38:8d:6a:d9:9e:
         72:fe:d4:5d:4e:6b:bd:e8:4c:93:3a:4f:22:ad:3c:00:ba:a2:
         e9:e2:95:bb:90:f9:ce:b7:c5:0b:ed:10:72:c7:10:a5:45:27:
         42:23:17:6b:0e:4a:12:41:6a:a0:55:3a:ac:ed:69:ca:83:3d:
         67:1c:61:68:cc:23:43:55:8f:0a:0d:9e:74:18:c1:4f:9b:d4:
         67:78:1d:43:03:95:f5:e7:ec:54:93:a9:5e:8f:35:4d:77:3d:
         8b:cc:33:41:22:22:46:8c:f5:35:ea:fc:46:a4:2b:8e:2e:85:
         59:56:8d:2d:4f:30:f5:14:a0:9d:70:a5:96:76:9d:9c:70:c9:
         b8:45:f3:d1:cd:24:6d:03:92:23:60:e7:f5:d9:51:a2:a8:6f:
         3a:8f:dc:f0:70:5e:c9:58:bd:63:87:a0:ff:cb:0d:70:82:a3:
         48:d2:e9:7f:56:bf:29:ba:4c:9f:8e:91:d1:d3:a9:4d:8c:26:
         ae:7b:88:ca:f0:fd:35:b0:d4:9e:53:23:e1:1f:eb:02:1d:c0:
         f6:ff:06:53:fc:bc:d1:ce:8c:6b:73:bf:7c:bd:14:d8:e4:62:
         49:f5:60:00
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUL0SN2kRtDCTjZ/iHiF8J8gewx/QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjA5MDAwMDAwWhcNMjUwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhODEwN2ZjZmM2MjIyYTU1ZmIzNjc0MjQ2Zjk0NTg5ODY2
NzNmMWEwMmE2NzAyZGJhZDZkYjNiN2YxNjJkODQ2MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrrUzuD+qwLZcpQYJcDMKRMVU1at0BmBGcHDIoTT8UxWT/
wZtw7lyaLavxW7QZURF4Fu4e9XREPdjXTN4RjJbL19HJcz/zou2q9IkoWMeM8ZHN
3mVR46yEG6+q4v9s8RWwlbyCYDUnEJh7nKvvaghUmuGYHe/g3ZFwR/UZzrE4Z/z+
8P7jMQWWjVAHODbkbrIJNPBhzgY3DAQYzfitG9yDen7P7BqJJfWrW8FTJkADP3Mt
bCDy5bFo+2gXNLDSUINzahqqfWuIPQkq/KxMKBXrw7Hd1f2VY1guR+qiCNOppb3X
fbfBkfNKXoe8OBTnppsHfAg6SCI7pKpalXDWYhDjAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUpZZuQ9nR2hshPCW5MUW1bODfJSMwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzAyNDQ3NTYyLWJkYjItNGVjZS1hMTMxLTEyMmEzMzQ4NTUwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDzzgAwDQYJKoZIhvcNAQELBQADggEBAA59ntWliwZ6rxAxqk+NAsgV
BFnpba3KVPaYhSS2J7A4jWrZnnL+1F1Oa73oTJM6TyKtPAC6ounilbuQ+c63xQvt
EHLHEKVFJ0IjF2sOShJBaqBVOqztacqDPWccYWjMI0NVjwoNnnQYwU+b1Gd4HUMD
lfXn7FSTqV6PNU13PYvMM0EiIkaM9TXq/EakK44uhVlWjS1PMPUUoJ1wpZZ2nZxw
ybhF89HNJG0DkiNg5/XZUaKobzqP3PBwXslYvWOHoP/LDXCCo0jS6X9Wvym6TJ+O
kdHTqU2MJq57iMrw/TWw1J5TI+Ef6wIdwPb/BlP8vNHOjGtzv3y9FNjkYkn1YAA=
-----END CERTIFICATE-----