Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c062590-8f7f-4f01-9123-64634a17a4cd.roa
File:                     4c062590-8f7f-4f01-9123-64634a17a4cd.roa (raw, json)
Hash identifier:          ZODJEm7Afo1gfzVIrs7yIVDn7bPd3OwbbdaFGnsikW0=
Subject key identifier:   D6:31:33:74:F7:38:D9:23:9C:B9:C2:7E:30:64:9E:C0:BF:09:8A:6C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       09D5280670E651A3FB426EAC7857C27E24F6C680
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c062590-8f7f-4f01-9123-64634a17a4cd.roa
Signing time:             Mon 31 Mar 2025 18:51:34 +0000
ROA not before:           Mon 31 Mar 2025 18:51:34 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e900::/40 maxlen: 40

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:d5:28:06:70:e6:51:a3:fb:42:6e:ac:78:57:c2:7e:24:f6:c6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 18:51:34 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=a319d7304d876f91959713b9919c1cf4d82a2bf266823e9ddfafa6efbfe8e1af, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8b:a7:00:d7:58:8e:12:e9:09:a2:01:fa:55:
                    98:bb:b2:a0:ce:0f:73:9b:a2:2a:52:1b:af:2a:d7:
                    bc:7d:ef:a0:01:5b:b5:6d:bd:19:69:d4:f7:eb:c1:
                    73:c1:6e:0d:67:1f:90:8c:e5:fe:6d:b7:3b:6e:e0:
                    a3:47:be:31:73:c3:ec:a4:28:f3:83:55:3f:0e:be:
                    05:75:7b:67:90:72:42:b1:8b:87:03:0f:a0:19:34:
                    e7:37:1b:ee:c8:00:9b:3c:81:e1:ee:45:d9:de:a4:
                    bd:cb:56:79:2b:72:21:2b:0a:a1:2b:fa:c5:d1:c5:
                    04:d2:26:a2:fe:5e:b9:af:29:7f:22:92:bd:8e:5c:
                    b5:5f:97:a7:80:96:0e:0e:c8:5e:03:c8:bf:9c:c3:
                    3f:bb:f1:a5:7f:95:30:d1:4f:85:27:3d:6e:d2:ea:
                    b4:58:08:93:0c:71:35:a8:82:8f:be:50:22:3e:39:
                    52:6f:62:1f:d6:52:b4:bc:31:ed:14:85:f0:f6:ef:
                    42:68:0a:cc:78:cc:21:90:15:dc:58:4b:57:d4:25:
                    36:93:24:42:91:41:ae:80:7e:36:77:52:91:31:1a:
                    80:21:9f:8d:e7:da:7f:d3:d5:49:f8:7c:7f:96:49:
                    a5:fc:a5:8e:ab:69:68:8d:2b:08:4c:c1:e0:d3:af:
                    dc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:31:33:74:F7:38:D9:23:9C:B9:C2:7E:30:64:9E:C0:BF:09:8A:6C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c062590-8f7f-4f01-9123-64634a17a4cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e900::/40

    Signature Algorithm: sha256WithRSAEncryption
         61:0f:5e:85:a9:ad:f8:32:b4:fc:90:05:c5:ff:ef:57:66:7f:
         03:74:4b:46:c4:00:bc:df:e6:3c:ca:25:56:cc:18:08:53:70:
         c6:6c:2b:31:e3:fa:76:7b:84:6f:cb:f1:a9:80:60:80:bf:bb:
         d4:f4:62:ab:dd:b4:64:54:15:3c:09:42:2d:7a:f8:ab:43:a9:
         c6:d5:e7:43:29:0c:55:47:48:f6:3f:f3:4a:a3:66:9f:61:12:
         a2:46:0f:d9:0f:fc:4e:c7:78:f3:cd:4e:21:2e:3c:c2:56:8d:
         ae:1a:5a:f1:16:20:99:86:95:5e:09:b8:75:22:df:de:b4:9f:
         5a:77:b7:87:a7:12:0d:85:3f:af:71:9d:6f:7e:74:7f:fa:9a:
         55:a7:f8:e4:ec:18:76:1e:87:7a:24:cf:68:44:0e:24:c6:9c:
         17:be:fc:92:ce:e6:11:3c:dd:fe:ce:20:ff:89:f7:49:b7:63:
         0f:bb:44:e6:75:08:c9:8f:3a:6f:e8:41:e0:ba:2b:77:fe:b8:
         2d:07:41:1b:d7:11:45:3f:82:de:3b:8b:38:0b:29:5a:dd:20:
         f1:5f:fd:00:15:04:4e:10:90:ab:d7:d7:d1:af:36:ca:bf:40:
         15:11:15:26:92:de:82:07:a4:9d:41:61:0e:23:c8:b1:10:0e:
         4b:f2:a7:da
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUCdUoBnDmUaP7Qm6seFfCfiT2xoAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTg1MTM0WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzE5ZDczMDRkODc2ZjkxOTU5NzEzYjk5MTljMWNmNGQ4
MmEyYmYyNjY4MjNlOWRkZmFmYTZlZmJmZThlMWFmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmi6cA11iOEukJogH6VZi7sqDOD3OboipSG68q17x976AB
W7VtvRlp1PfrwXPBbg1nH5CM5f5ttztu4KNHvjFzw+ykKPODVT8OvgV1e2eQckKx
i4cDD6AZNOc3G+7IAJs8geHuRdnepL3LVnkrciErCqEr+sXRxQTSJqL+XrmvKX8i
kr2OXLVfl6eAlg4OyF4DyL+cwz+78aV/lTDRT4UnPW7S6rRYCJMMcTWogo++UCI+
OVJvYh/WUrS8Me0UhfD270JoCsx4zCGQFdxYS1fUJTaTJEKRQa6AfjZ3UpExGoAh
n43n2n/T1Un4fH+WSaX8pY6raWiNKwhMweDTr9yJAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU1jEzdPc42SOcucJ+MGSewL8JimwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRjMDYyNTkwLThmN2YtNGYwMS05MTIzLTY0NjM0YTE3YTRjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76TANBgkqhkiG9w0BAQsFAAOCAQEAYQ9ehamt+DK0/JAFxf/vV2Z/
A3RLRsQAvN/mPMolVswYCFNwxmwrMeP6dnuEb8vxqYBggL+71PRiq920ZFQVPAlC
LXr4q0OpxtXnQykMVUdI9j/zSqNmn2ESokYP2Q/8Tsd4881OIS48wlaNrhpa8RYg
mYaVXgm4dSLf3rSfWne3h6cSDYU/r3Gdb350f/qaVaf45OwYdh6HeiTPaEQOJMac
F778ks7mETzd/s4g/4n3SbdjD7tE5nUIyY86b+hB4Lord/64LQdBG9cRRT+C3juL
OAspWt0g8V/9ABUEThCQq9fX0a82yr9AFREVJpLeggeknUFhDiPIsRAOS/Kn2g==
-----END CERTIFICATE-----