Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/487064c0-3a60-4b89-a7ce-7489a02bb6dc.roa
File:                     487064c0-3a60-4b89-a7ce-7489a02bb6dc.roa (raw, json)
Hash identifier:          mDPQrWwgBQieoEIEe6W4wqWArM2e5oeJwX94lrNIcSw=
Subject key identifier:   27:E6:FD:10:6C:9A:D0:49:B3:7A:B1:F2:DD:8C:C2:A7:9A:13:63:5C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4C6EE08C509B3A82FDFB4A5893439BCD98C6A667
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/487064c0-3a60-4b89-a7ce-7489a02bb6dc.roa
Signing time:             Wed 11 Dec 2024 00:00:00 +0000
ROA not before:           Wed 11 Dec 2024 00:00:00 +0000
ROA not after:            Wed 15 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:553d::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:6e:e0:8c:50:9b:3a:82:fd:fb:4a:58:93:43:9b:cd:98:c6:a6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec 11 00:00:00 2024 GMT
            Not After : Jan 15 23:59:59 2025 GMT
        Subject: serialNumber=ce19c9c0596b5a9080c93516b11e44fb4c2ec5a62c94a2e7f0f5838f526a68e6, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:10:6a:50:2a:8b:89:c7:a3:fd:08:7c:36:90:
                    da:43:1a:26:ee:62:a9:e3:13:f0:72:74:21:b0:95:
                    e4:fe:f1:23:72:9d:9e:67:4e:e2:c2:5c:0f:44:d8:
                    cb:75:33:2d:71:06:40:a7:71:9b:d3:d3:e5:88:3c:
                    83:d3:f0:56:10:bb:0e:41:b5:9e:5d:97:08:ed:f5:
                    ab:7d:49:26:e0:dd:b9:e0:49:12:de:2d:6d:19:91:
                    74:89:ed:0b:db:2d:55:62:ee:5f:76:98:2b:eb:1d:
                    8f:2c:2f:f9:44:9d:03:f3:97:1e:db:22:2e:88:3d:
                    00:7b:b9:e1:50:e5:04:e1:fe:a4:4e:ae:fe:5c:c7:
                    b3:ff:70:94:22:98:85:15:65:d2:de:a3:1a:1c:bc:
                    22:9e:c1:09:c6:fa:00:28:55:37:92:f9:1d:e0:1d:
                    0b:a9:68:c5:a3:ec:bd:47:c6:e6:18:1e:90:23:68:
                    94:fa:df:56:5f:20:5b:a9:ac:ec:b8:ce:92:8b:ba:
                    74:3b:d3:45:ab:e1:ea:49:61:37:4a:5d:4d:cd:25:
                    f1:2e:d7:eb:ae:8f:97:76:ee:0b:a4:b6:53:72:a4:
                    c3:6b:57:5e:d3:30:98:54:89:d5:08:84:77:32:27:
                    0e:3f:af:b5:04:b7:57:89:5a:37:77:0a:5b:29:28:
                    53:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E6:FD:10:6C:9A:D0:49:B3:7A:B1:F2:DD:8C:C2:A7:9A:13:63:5C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/487064c0-3a60-4b89-a7ce-7489a02bb6dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:553d::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:12:9c:02:1c:ac:ca:cd:b3:95:58:10:ab:d0:9c:88:bc:e9:
         29:83:4c:3e:25:07:58:6c:94:2a:2f:ff:1c:12:d6:8a:be:44:
         4b:d8:a1:26:c5:4a:12:b4:c5:b8:ea:eb:41:29:25:6f:31:25:
         3d:af:f6:b9:a9:88:4b:5b:11:dd:01:c8:f1:54:b3:e2:89:24:
         cc:e3:40:1e:c3:30:6b:25:b6:81:d8:f4:16:58:07:34:0f:cc:
         bf:ab:b5:2a:0e:d7:12:29:95:8a:a8:83:32:f7:ab:15:67:1a:
         d5:70:db:56:26:be:53:f2:9d:aa:90:8a:2f:2c:72:73:e9:ca:
         d9:6d:b0:7f:16:ef:27:d0:fa:c9:8e:93:44:0c:fd:0d:5f:13:
         96:c8:26:6d:4c:03:57:1c:dc:65:26:1c:a7:cc:98:eb:8f:a6:
         32:42:db:03:2b:2f:9a:92:2a:07:ad:ea:94:04:4f:1f:8a:77:
         7b:ff:80:c3:68:de:94:0f:a5:86:c5:4d:a2:a3:00:71:3e:f5:
         8f:90:5b:37:d5:7c:c2:19:e7:58:f9:e4:9b:65:91:82:9a:01:
         1b:58:09:52:07:60:3d:c1:ce:e0:68:ea:32:6f:fe:4a:94:9b:
         c0:de:84:38:b9:1e:9e:d9:56:b0:d8:46:f8:af:9c:87:b1:f2:
         66:62:cb:55
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTG7gjFCbOoL9+0pYk0ObzZjGpmcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjExMDAwMDAwWhcNMjUwMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTE5YzljMDU5NmI1YTkwODBjOTM1MTZiMTFlNDRmYjRj
MmVjNWE2MmM5NGEyZTdmMGY1ODM4ZjUyNmE2OGU2MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNEGpQKouJx6P9CHw2kNpDGibuYqnjE/BydCGwleT+8SNy
nZ5nTuLCXA9E2Mt1My1xBkCncZvT0+WIPIPT8FYQuw5BtZ5dlwjt9at9SSbg3bng
SRLeLW0ZkXSJ7QvbLVVi7l92mCvrHY8sL/lEnQPzlx7bIi6IPQB7ueFQ5QTh/qRO
rv5cx7P/cJQimIUVZdLeoxocvCKewQnG+gAoVTeS+R3gHQupaMWj7L1HxuYYHpAj
aJT631ZfIFuprOy4zpKLunQ700Wr4epJYTdKXU3NJfEu1+uuj5d27guktlNypMNr
V17TMJhUidUIhHcyJw4/r7UEt1eJWjd3ClspKFNrAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJ+b9EGya0EmzerHy3YzCp5oTY1wwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzQ4NzA2NGMwLTNhNjAtNGI4OS1hN2NlLTc0ODlhMDJiYjZkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVT0wDQYJKoZIhvcNAQELBQADggEBAGkSnAIcrMrNs5VYEKvQnIi8
6SmDTD4lB1hslCov/xwS1oq+REvYoSbFShK0xbjq60EpJW8xJT2v9rmpiEtbEd0B
yPFUs+KJJMzjQB7DMGsltoHY9BZYBzQPzL+rtSoO1xIplYqogzL3qxVnGtVw21Ym
vlPynaqQii8scnPpytltsH8W7yfQ+smOk0QM/Q1fE5bIJm1MA1cc3GUmHKfMmOuP
pjJC2wMrL5qSKget6pQETx+Kd3v/gMNo3pQPpYbFTaKjAHE+9Y+QWzfVfMIZ51j5
5JtlkYKaARtYCVIHYD3BzuBo6jJv/kqUm8DehDi5Hp7ZVrDYRvivnIex8mZiy1U=
-----END CERTIFICATE-----