Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/621433c8-e66d-4094-9368-914d94240f14.roa
File:                     621433c8-e66d-4094-9368-914d94240f14.roa (raw, json)
Hash identifier:          INaDdyllsvo5tnIDn/P+X0IZthfTdoZJoCoNc+iuP2U=
Subject key identifier:   28:B2:AB:E1:24:95:63:FE:47:2A:B6:2E:A3:5E:81:9A:3B:F1:32:1D
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       5059E5F90E4FC4EC4D11A1032EBDC12E9D23AEAD
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/621433c8-e66d-4094-9368-914d94240f14.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5516::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:59:e5:f9:0e:4f:c4:ec:4d:11:a1:03:2e:bd:c1:2e:9d:23:ae:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: serialNumber=151ebadf8ae25724cdc6b6a22baea36a5ce068b494d90d6a27fc3a2376bcc97d, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c8:a2:14:fc:95:a0:0c:01:14:ea:dc:b5:e6:
                    be:93:41:7b:e2:57:d7:0b:39:2a:24:e0:03:ef:96:
                    67:10:6b:e5:c8:17:29:ce:1c:dc:f3:02:ce:1c:61:
                    2c:a1:d6:aa:ce:81:ba:1b:02:e2:73:5b:80:6d:62:
                    e3:6c:03:b5:e2:11:14:23:ae:cd:f4:b1:64:7b:12:
                    55:30:cd:fc:1f:fe:9a:9a:5a:04:65:59:e7:db:70:
                    a2:02:2c:35:8f:44:3f:bf:59:16:74:8e:e5:a3:a1:
                    13:32:32:b0:70:59:97:b2:d7:88:16:63:b9:0f:71:
                    28:4e:e0:5d:ec:b4:99:20:1f:b3:9c:d6:1c:05:ca:
                    d5:ae:ec:da:e0:a0:f4:6b:9f:b3:4a:78:2d:57:a7:
                    71:29:ec:ed:77:d7:b8:d8:de:e8:20:1d:65:bb:e7:
                    0d:6a:26:dd:bd:fb:e1:1e:38:cf:4f:92:98:1a:af:
                    5d:d7:33:39:70:e7:02:35:e3:81:31:78:c2:a0:e0:
                    ba:49:ea:51:87:95:6e:74:e4:a6:62:2e:25:eb:e5:
                    17:35:da:ae:9a:da:79:c8:62:d0:3d:0d:4c:ac:46:
                    f1:65:73:af:bd:d6:b9:d3:ba:f4:a6:fd:34:0a:90:
                    1f:f0:bd:c4:b5:4e:4a:14:9f:07:8c:0c:d1:81:d1:
                    c5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B2:AB:E1:24:95:63:FE:47:2A:B6:2E:A3:5E:81:9A:3B:F1:32:1D
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/621433c8-e66d-4094-9368-914d94240f14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5516::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:dc:08:32:a9:6f:14:d7:7e:37:54:f7:e3:13:33:cf:ea:a5:
         16:96:e0:88:a6:56:57:06:45:74:e6:5c:aa:52:ba:b2:61:ba:
         64:a5:ab:d5:9d:0b:b1:e2:01:d6:08:c6:63:0b:30:8d:c5:f1:
         0c:e3:a9:cb:8d:9d:23:78:1d:9b:43:26:ef:0e:b7:ed:82:47:
         e1:30:dc:cf:26:6d:9c:1f:02:59:ac:79:49:08:10:b2:27:69:
         61:22:38:27:5d:90:91:c0:b7:1a:b2:91:9b:06:ee:7f:57:7b:
         a3:d0:f8:4a:1e:df:23:08:e7:23:c3:75:26:2f:ef:23:d2:58:
         a7:73:a3:7c:10:76:8d:1a:f8:22:f1:cc:7d:c0:03:74:ba:60:
         b9:8b:4c:4f:3d:32:ed:f0:eb:6f:d8:bd:2e:11:8a:e7:41:47:
         4c:53:b4:4b:62:6e:13:ee:ca:6f:7f:58:30:f2:01:1f:98:d8:
         a0:4f:fe:1d:b0:42:4d:32:5a:ad:02:dd:cf:23:ec:6d:50:a3:
         65:11:ce:39:5b:5b:6b:a6:12:09:4b:af:d6:c0:fc:f2:21:21:
         78:3c:af:f8:10:d9:4c:5a:7f:ba:d5:89:0f:65:c1:b4:e9:65:
         9e:18:31:3c:86:9b:ad:67:27:35:e9:94:ef:c4:38:d3:70:c2:
         c7:44:11:66
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUUFnl+Q5PxOxNEaEDLr3BLp0jrq0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTFlYmFkZjhhZTI1NzI0Y2RjNmI2YTIyYmFlYTM2YTVj
ZTA2OGI0OTRkOTBkNmEyN2ZjM2EyMzc2YmNjOTdkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjyKIU/JWgDAEU6ty15r6TQXviV9cLOSok4APvlmcQa+XI
FynOHNzzAs4cYSyh1qrOgbobAuJzW4BtYuNsA7XiERQjrs30sWR7ElUwzfwf/pqa
WgRlWefbcKICLDWPRD+/WRZ0juWjoRMyMrBwWZey14gWY7kPcShO4F3stJkgH7Oc
1hwFytWu7NrgoPRrn7NKeC1Xp3Ep7O1317jY3uggHWW75w1qJt29++EeOM9Pkpga
r13XMzlw5wI144ExeMKg4LpJ6lGHlW505KZiLiXr5Rc12q6a2nnIYtA9DUysRvFl
c6+91rnTuvSm/TQKkB/wvcS1TkoUnweMDNGB0cWpAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUKLKr4SSVY/5HKrYuo16BmjvxMh0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzYyMTQzM2M4LWU2NmQtNDA5NC05MzY4LTkxNGQ5NDI0MGYxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRYwDQYJKoZIhvcNAQELBQADggEBAKPcCDKpbxTXfjdU9+MTM8/q
pRaW4IimVlcGRXTmXKpSurJhumSlq9WdC7HiAdYIxmMLMI3F8QzjqcuNnSN4HZtD
Ju8Ot+2CR+Ew3M8mbZwfAlmseUkIELInaWEiOCddkJHAtxqykZsG7n9Xe6PQ+Eoe
3yMI5yPDdSYv7yPSWKdzo3wQdo0a+CLxzH3AA3S6YLmLTE89Mu3w62/YvS4RiudB
R0xTtEtibhPuym9/WDDyAR+Y2KBP/h2wQk0yWq0C3c8j7G1Qo2URzjlbW2umEglL
r9bA/PIhIXg8r/gQ2Uxaf7rViQ9lwbTpZZ4YMTyGm61nJzXplO/EONNwwsdEEWY=
-----END CERTIFICATE-----