Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c70b55a-adce-41fe-9141-1b6ded59f93e.roa
File:                     4c70b55a-adce-41fe-9141-1b6ded59f93e.roa (raw, json)
Hash identifier:          vPOd0S26NJ8FIVFdgjbaCk9qNyILlL6sC9S7YSpfnZc=
Subject key identifier:   E5:B5:8F:CD:F7:2D:A2:C5:44:9A:DD:6C:C6:58:BD:DB:15:46:E2:91
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       613BFDA356DE7D2906B8358FD73E7F87311BFB06
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c70b55a-adce-41fe-9141-1b6ded59f93e.roa
Signing time:             Mon 09 Dec 2024 00:00:00 +0000
ROA not before:           Mon 09 Dec 2024 00:00:00 +0000
ROA not after:            Mon 13 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:ec00::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:3b:fd:a3:56:de:7d:29:06:b8:35:8f:d7:3e:7f:87:31:1b:fb:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec  9 00:00:00 2024 GMT
            Not After : Jan 13 23:59:59 2025 GMT
        Subject: serialNumber=86389164ba4049aed13217d233100a4ed779c7e52599c88799190e33f6b306e4, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e7:9b:ad:68:48:98:67:ea:35:3a:f0:0e:5e:
                    dc:63:a7:d9:34:64:f4:29:8e:39:59:91:f3:3f:89:
                    f5:75:65:97:32:54:a1:56:43:d0:aa:8f:b8:bb:9f:
                    dd:e6:03:35:ff:15:54:f8:4b:a2:a1:74:32:3a:7a:
                    65:2a:9c:25:02:68:55:6e:5b:1d:e3:f2:f3:ec:a2:
                    28:76:f1:a6:ef:f5:55:5b:89:99:1a:9c:bb:82:3d:
                    d6:4d:67:f2:ff:28:99:47:5a:3f:b0:75:df:c5:ea:
                    17:75:35:d8:79:41:38:a8:12:14:45:e6:6b:ab:09:
                    5e:ec:b3:d2:1d:e5:b2:d9:bd:06:a4:cf:f4:05:81:
                    55:d5:f7:b6:a1:18:ad:de:6b:96:0c:f4:1a:45:2d:
                    87:46:8a:99:22:dc:dc:2f:82:11:4b:4d:07:00:d3:
                    45:25:ec:a2:23:69:a1:04:8b:db:9d:4d:b4:2d:42:
                    91:55:5f:41:ed:29:92:95:cb:3f:6e:4e:4a:2e:af:
                    42:9c:de:fd:00:28:9e:d8:99:ff:f1:0d:46:cb:a2:
                    e3:aa:d1:6d:40:69:ae:fb:42:5f:f2:37:d6:09:8a:
                    3f:ab:28:52:25:d8:15:21:fa:23:d9:1c:23:ed:a4:
                    b8:fe:ad:45:6e:02:ea:47:2e:19:0f:d5:37:07:24:
                    50:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:B5:8F:CD:F7:2D:A2:C5:44:9A:DD:6C:C6:58:BD:DB:15:46:E2:91
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4c70b55a-adce-41fe-9141-1b6ded59f93e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ec00::/40

    Signature Algorithm: sha256WithRSAEncryption
         52:83:c6:3a:04:02:85:8e:49:9f:26:7c:c8:05:8b:12:2c:d7:
         16:ba:eb:6d:cd:b4:c9:5e:2d:fe:f2:15:9f:95:aa:c8:91:ee:
         62:64:9b:62:f6:c8:e7:0b:38:b8:75:94:c8:a4:68:56:7c:8c:
         77:b5:ba:3b:f6:96:c9:98:22:e8:a1:4f:3d:d6:3c:34:96:78:
         50:03:03:89:43:b1:47:85:d4:ca:df:8c:57:9a:0a:ae:0a:15:
         eb:6a:64:48:5a:0f:2f:c7:6c:c4:23:0a:7e:ef:8e:ed:f8:82:
         49:d5:ac:77:64:1b:b1:68:d8:1e:6c:df:6e:78:e8:49:0e:43:
         de:77:01:5e:40:75:dc:6b:87:c2:b8:c4:db:23:be:a6:1f:0a:
         1b:3c:66:06:4c:fa:11:3e:7b:07:bf:0b:de:bc:a4:50:a6:74:
         af:7c:31:93:b6:9a:50:4a:b2:09:c3:0a:59:db:81:0d:33:a9:
         14:54:a0:d7:0f:c3:12:43:02:a6:cf:91:9b:94:87:c6:d4:da:
         e7:f8:75:f4:1a:1e:1f:a2:e3:6e:2c:3f:16:c4:a0:bf:c8:07:
         bd:0f:4e:b1:66:b7:8c:dc:58:77:f5:7a:6e:a4:c8:05:56:3b:
         03:a6:ba:18:94:d4:58:3c:a9:cd:e1:82:58:99:87:90:79:0e:
         1b:c0:57:53
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUYTv9o1befSkGuDWP1z5/hzEb+wYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjA5MDAwMDAwWhcNMjUwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjM4OTE2NGJhNDA0OWFlZDEzMjE3ZDIzMzEwMGE0ZWQ3
NzljN2U1MjU5OWM4ODc5OTE5MGUzM2Y2YjMwNmU0MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDY55utaEiYZ+o1OvAOXtxjp9k0ZPQpjjlZkfM/ifV1ZZcy
VKFWQ9Cqj7i7n93mAzX/FVT4S6KhdDI6emUqnCUCaFVuWx3j8vPsoih28abv9VVb
iZkanLuCPdZNZ/L/KJlHWj+wdd/F6hd1Ndh5QTioEhRF5murCV7ss9Id5bLZvQak
z/QFgVXV97ahGK3ea5YM9BpFLYdGipki3NwvghFLTQcA00Ul7KIjaaEEi9udTbQt
QpFVX0HtKZKVyz9uTkour0Kc3v0AKJ7Ymf/xDUbLouOq0W1Aaa77Ql/yN9YJij+r
KFIl2BUh+iPZHCPtpLj+rUVuAupHLhkP1TcHJFDLAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU5bWPzfctosVEmt1sxli92xVG4pEwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRjNzBiNTVhLWFkY2UtNDFmZS05MTQxLTFiNmRlZDU5ZjkzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD77DANBgkqhkiG9w0BAQsFAAOCAQEAUoPGOgQChY5JnyZ8yAWLEizX
Frrrbc20yV4t/vIVn5WqyJHuYmSbYvbI5ws4uHWUyKRoVnyMd7W6O/aWyZgi6KFP
PdY8NJZ4UAMDiUOxR4XUyt+MV5oKrgoV62pkSFoPL8dsxCMKfu+O7fiCSdWsd2Qb
sWjYHmzfbnjoSQ5D3ncBXkB13GuHwrjE2yO+ph8KGzxmBkz6ET57B78L3rykUKZ0
r3wxk7aaUEqyCcMKWduBDTOpFFSg1w/DEkMCps+Rm5SHxtTa5/h19BoeH6Ljbiw/
FsSgv8gHvQ9OsWa3jNxYd/V6bqTIBVY7A6a6GJTUWDypzeGCWJmHkHkOG8BXUw==
-----END CERTIFICATE-----