Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1ad26571-c674-4a73-b205-77cb32fe83bd.roa
File:                     1ad26571-c674-4a73-b205-77cb32fe83bd.roa (raw, json)
Hash identifier:          OctmqjYOF/cOZGUwdellNdAK7N0VVmO0HIPBPK5tSqo=
Subject key identifier:   23:8B:C0:B4:D5:72:57:10:BB:3B:5C:D1:E4:4E:8E:99:0E:89:DF:A8
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       070E0C460DBC703B8B760B41B5FB69D6196D0924
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1ad26571-c674-4a73-b205-77cb32fe83bd.roa
Signing time:             Mon 31 Mar 2025 18:40:15 +0000
ROA not before:           Mon 31 Mar 2025 18:40:15 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:10::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:0e:0c:46:0d:bc:70:3b:8b:76:0b:41:b5:fb:69:d6:19:6d:09:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 18:40:15 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=b81b35a2f8cd2c67d23f07ef119c766c69992762715fb8b3932a4daf9ebff2a5, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:17:88:9b:36:69:35:19:b9:49:7a:67:98:fb:
                    a2:10:c4:73:4a:9a:5b:8a:33:50:be:2a:9f:6b:2c:
                    94:20:8e:56:b0:12:ea:74:e4:83:6c:03:28:06:17:
                    a6:8a:14:5c:2e:7b:d1:7f:fb:e9:47:cf:5b:12:43:
                    67:64:97:4f:21:e9:34:f8:ac:2a:d9:03:78:82:a4:
                    f4:08:5e:67:79:65:ac:34:5d:f2:9b:28:8e:3e:eb:
                    ce:2f:65:8f:fe:c4:f0:d4:5f:bb:dd:4f:e3:ef:57:
                    b6:dd:d0:c0:95:9a:20:c2:ae:dd:f6:54:f5:e4:b2:
                    a3:9a:69:86:6c:3f:87:be:0f:7d:9d:8a:30:8a:a9:
                    08:cd:5b:24:67:cc:96:ca:d0:9d:b7:a6:0c:00:b9:
                    e1:dc:f8:da:d6:d3:28:a1:5c:5c:b7:f6:87:48:79:
                    88:ae:5f:46:ed:e6:1d:93:32:b9:8b:62:9f:7d:5e:
                    41:d2:59:c3:3d:4c:6f:5f:ba:58:bc:9f:42:c5:1a:
                    8e:ca:8e:8a:9b:06:12:dd:37:de:94:ef:46:a3:db:
                    1a:49:db:bd:4d:bf:d9:6b:6b:6f:d2:0f:f9:ed:31:
                    a6:3b:a9:52:f2:6e:32:b1:78:3e:78:4f:9b:a7:31:
                    2b:e7:dd:45:89:70:8c:3c:93:08:5a:21:82:71:7d:
                    8d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:8B:C0:B4:D5:72:57:10:BB:3B:5C:D1:E4:4E:8E:99:0E:89:DF:A8
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/1ad26571-c674-4a73-b205-77cb32fe83bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:73:fa:50:af:da:ac:b9:a9:ae:1e:c9:c8:04:33:47:f1:7a:
         0f:8e:77:37:15:e2:4f:46:6d:c9:4d:91:a9:0c:93:d0:d7:2b:
         d3:bf:bc:cf:26:41:cb:1d:fa:53:56:82:36:92:42:c9:1f:46:
         3f:91:de:5f:ad:e1:e5:42:8b:66:72:33:4a:0a:88:2a:96:98:
         26:54:c5:83:bf:3e:d0:65:ba:c3:e0:bf:11:de:36:d8:2a:83:
         75:48:f2:26:cb:39:ed:a2:68:46:6e:ec:27:2c:99:95:8a:7d:
         f1:f3:c8:45:da:65:cb:68:cb:96:4e:e4:6d:03:1d:fb:46:b5:
         6f:ba:5a:e5:2d:56:f2:88:e7:a5:e1:a9:05:f9:ce:fa:2a:98:
         54:c8:f3:b0:49:b8:69:52:56:4d:ff:2e:1a:63:11:21:e4:bc:
         b3:59:6a:75:24:92:e0:4d:0e:93:87:19:1d:02:b7:84:a3:cd:
         58:fe:d8:68:cf:16:8e:c1:12:2c:6b:52:63:84:b5:bb:85:80:
         db:ff:82:b0:5f:d3:f6:62:47:1b:be:9d:1b:ae:60:0b:79:ad:
         b5:fb:25:54:6e:40:8a:2f:0c:68:ac:b8:43:6a:1c:8c:db:6c:
         f9:10:bd:7c:dd:6a:65:c5:3f:1c:8d:e2:75:dd:42:71:7f:a1:
         b6:5f:c2:c4
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUBw4MRg28cDuLdgtBtftp1hltCSQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTg0MDE1WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODFiMzVhMmY4Y2QyYzY3ZDIzZjA3ZWYxMTljNzY2YzY5
OTkyNzYyNzE1ZmI4YjM5MzJhNGRhZjllYmZmMmE1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSF4ibNmk1GblJemeY+6IQxHNKmluKM1C+Kp9rLJQgjlaw
Eup05INsAygGF6aKFFwue9F/++lHz1sSQ2dkl08h6TT4rCrZA3iCpPQIXmd5Zaw0
XfKbKI4+684vZY/+xPDUX7vdT+PvV7bd0MCVmiDCrt32VPXksqOaaYZsP4e+D32d
ijCKqQjNWyRnzJbK0J23pgwAueHc+NrW0yihXFy39odIeYiuX0bt5h2TMrmLYp99
XkHSWcM9TG9fuli8n0LFGo7KjoqbBhLdN96U70aj2xpJ271Nv9lra2/SD/ntMaY7
qVLybjKxeD54T5unMSvn3UWJcIw8kwhaIYJxfY21AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUI4vAtNVyVxC7O1zR5E6OmQ6J36gwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzFhZDI2NTcxLWM2NzQtNGE3My1iMjA1LTc3Y2IzMmZlODNiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwABAwDQYJKoZIhvcNAQELBQADggEBAGVz+lCv2qy5qa4eycgEM0fx
eg+OdzcV4k9GbclNkakMk9DXK9O/vM8mQcsd+lNWgjaSQskfRj+R3l+t4eVCi2Zy
M0oKiCqWmCZUxYO/PtBlusPgvxHeNtgqg3VI8ibLOe2iaEZu7CcsmZWKffHzyEXa
Zctoy5ZO5G0DHftGtW+6WuUtVvKI56XhqQX5zvoqmFTI87BJuGlSVk3/LhpjESHk
vLNZanUkkuBNDpOHGR0Ct4SjzVj+2GjPFo7BEixrUmOEtbuFgNv/grBf0/ZiRxu+
nRuuYAt5rbX7JVRuQIovDGisuENqHIzbbPkQvXzdamXFPxyN4nXdQnF/obZfwsQ=
-----END CERTIFICATE-----