Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4aa98e13-9b17-4acd-a867-3b3dfc9dd8c2.roa
File:                     4aa98e13-9b17-4acd-a867-3b3dfc9dd8c2.roa (raw, json)
Hash identifier:          3c8NTdM5UWKPI/CG5dBSB/KIXgzCzyN48eiVukDz2GI=
Subject key identifier:   C1:F2:E3:F2:9B:92:75:A8:F4:82:51:0B:D2:3B:9C:7E:23:49:C2:D8
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       2B0B593EA9D1E3A343026C6BD68762E120751136
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4aa98e13-9b17-4acd-a867-3b3dfc9dd8c2.roa
Signing time:             Wed 04 Dec 2024 00:00:00 +0000
ROA not before:           Wed 04 Dec 2024 00:00:00 +0000
ROA not after:            Wed 08 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f003:a200::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:0b:59:3e:a9:d1:e3:a3:43:02:6c:6b:d6:87:62:e1:20:75:11:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec  4 00:00:00 2024 GMT
            Not After : Jan  8 23:59:59 2025 GMT
        Subject: serialNumber=5fc14c2e56339b3763986773d7b21b9bcec82e95e7244f3e1963e9efdb7a5f5c, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0c:0b:3a:11:c6:58:7e:9e:c4:3c:22:db:b2:
                    30:9b:90:87:8a:03:31:14:20:73:17:8b:88:a2:2b:
                    0d:30:f7:3f:b4:6d:1f:96:d4:b2:a1:9c:62:63:38:
                    5a:8c:23:b0:6a:31:4a:18:a5:9e:71:ba:73:02:9b:
                    ed:78:e8:37:65:fc:62:a1:c6:b1:b3:9e:16:44:f0:
                    6b:37:d3:2a:03:a4:77:0e:dd:6f:ef:52:73:15:d2:
                    ee:7e:0d:6a:85:81:f8:71:e8:43:6d:ed:5c:01:12:
                    e3:7c:ee:c9:5d:18:9b:36:17:ee:4a:52:0e:3f:ed:
                    8d:3c:c2:06:63:48:e8:03:7d:8c:ea:8d:bb:b9:65:
                    c9:14:35:ca:26:df:e6:0d:86:42:6b:38:fc:db:68:
                    3a:f9:64:6d:50:e8:ab:c0:3e:42:2d:7c:b9:6d:c1:
                    06:5f:a3:01:a4:59:1e:f5:c0:e6:f5:a7:15:9e:09:
                    20:cc:df:5e:43:04:52:9b:f8:48:d4:b8:19:5d:4c:
                    d2:10:7d:4d:3e:e9:71:54:71:17:35:cb:f5:9b:fd:
                    25:e5:e0:a4:4f:7e:45:25:03:b1:b0:88:7a:e0:e8:
                    f6:57:5e:21:ce:fc:07:9b:58:e0:9a:8c:87:a4:d2:
                    ca:b3:2a:e4:c6:10:33:64:f3:db:aa:5a:81:55:42:
                    87:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F2:E3:F2:9B:92:75:A8:F4:82:51:0B:D2:3B:9C:7E:23:49:C2:D8
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4aa98e13-9b17-4acd-a867-3b3dfc9dd8c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f003:a200::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:5e:4b:01:34:43:63:47:9f:a2:4d:7b:60:3a:59:20:c3:c7:
         7b:5b:fd:b1:77:22:f1:d9:ea:68:71:17:dc:dc:9d:e8:56:2b:
         a5:4a:be:0c:2f:9a:cc:28:ee:e2:55:00:08:1d:9d:60:29:48:
         76:34:25:f1:56:23:3d:1c:16:87:57:8f:83:82:23:6d:dd:d2:
         fe:4a:b0:61:ae:67:79:75:fa:5b:27:e3:09:c2:3d:fe:ce:ec:
         26:1b:9b:c7:46:e5:34:96:d2:0e:4c:c4:4b:d0:d0:d7:bc:2b:
         c7:e6:d4:12:54:be:9a:ff:f9:e5:ff:ed:6b:31:f6:c7:cb:90:
         f7:b7:5b:4b:29:53:72:1f:6b:c5:10:a5:02:25:9c:be:30:90:
         1d:7a:4f:06:87:8e:30:f2:71:54:6e:99:3f:b5:14:a2:01:ec:
         0d:b4:8f:d4:31:46:85:ea:d7:43:39:c8:57:1f:f6:e9:0d:cf:
         94:89:7a:74:d3:19:aa:fe:f6:52:cb:03:19:96:1b:bf:4f:39:
         69:fc:42:b2:1f:ae:c3:f3:6c:ed:95:5a:1e:2d:3e:7f:74:cd:
         8f:4d:9a:d3:49:c6:87:ae:b9:4b:fc:7e:a2:2d:78:b8:22:87:
         aa:15:ca:34:d1:05:4b:93:fb:4e:71:d1:01:d9:09:ff:c8:0e:
         8d:90:c1:de
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKwtZPqnR46NDAmxr1odi4SB1ETYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjA0MDAwMDAwWhcNMjUwMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZmMxNGMyZTU2MzM5YjM3NjM5ODY3NzNkN2IyMWI5YmNl
YzgyZTk1ZTcyNDRmM2UxOTYzZTllZmRiN2E1ZjVjMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7DAs6EcZYfp7EPCLbsjCbkIeKAzEUIHMXi4iiKw0w9z+0
bR+W1LKhnGJjOFqMI7BqMUoYpZ5xunMCm+146Ddl/GKhxrGznhZE8Gs30yoDpHcO
3W/vUnMV0u5+DWqFgfhx6ENt7VwBEuN87sldGJs2F+5KUg4/7Y08wgZjSOgDfYzq
jbu5ZckUNcom3+YNhkJrOPzbaDr5ZG1Q6KvAPkItfLltwQZfowGkWR71wOb1pxWe
CSDM315DBFKb+EjUuBldTNIQfU0+6XFUcRc1y/Wb/SXl4KRPfkUlA7GwiHrg6PZX
XiHO/AebWOCajIek0sqzKuTGEDNk89uqWoFVQodvAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUwfLj8puSdaj0glEL0jucfiNJwtgwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRhYTk4ZTEzLTliMTctNGFjZC1hODY3LTNiM2RmYzlkZDhjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPADojANBgkqhkiG9w0BAQsFAAOCAQEAOV5LATRDY0efok17YDpZIMPH
e1v9sXci8dnqaHEX3Nyd6FYrpUq+DC+azCju4lUACB2dYClIdjQl8VYjPRwWh1eP
g4Ijbd3S/kqwYa5neXX6WyfjCcI9/s7sJhubx0blNJbSDkzES9DQ17wrx+bUElS+
mv/55f/tazH2x8uQ97dbSylTch9rxRClAiWcvjCQHXpPBoeOMPJxVG6ZP7UUogHs
DbSP1DFGherXQznIVx/26Q3PlIl6dNMZqv72UssDGZYbv085afxCsh+uw/Ns7ZVa
Hi0+f3TNj02a00nGh665S/x+oi14uCKHqhXKNNEFS5P7TnHRAdkJ/8gOjZDB3g==
-----END CERTIFICATE-----