Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/684e6ec6-cad1-4498-b3af-0bcd8b168932.roa
File:                     684e6ec6-cad1-4498-b3af-0bcd8b168932.roa (raw, json)
Hash identifier:          oqPiYoAXh8GWFLEfHk/bYYfRUKQiwd2As01+T2z+IjM=
Subject key identifier:   77:91:3E:EE:B7:3C:2A:DE:61:D2:1A:D6:11:54:41:E2:31:17:E2:51
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       080FAC9EE43B87839B7579FE4E12B3CA4352123B
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/684e6ec6-cad1-4498-b3af-0bcd8b168932.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5525::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:0f:ac:9e:e4:3b:87:83:9b:75:79:fe:4e:12:b3:ca:43:52:12:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: serialNumber=c742a116d7096b8e407f8b6526fa94ab31ccf7aa07b100854c5642ef2602f9d9, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d6:56:ec:e5:8b:94:1f:b9:ca:40:f5:14:5f:
                    3b:28:67:6a:ec:e3:1d:74:b3:dc:45:e7:fb:23:30:
                    a6:a5:47:c4:c6:7f:f4:ed:a8:65:95:ed:32:01:fd:
                    25:9d:ba:e7:54:e7:2e:0c:cb:d9:de:fd:10:b1:1b:
                    9a:7d:78:48:c6:0a:6e:d1:77:5d:14:0e:fa:63:a6:
                    52:10:bf:79:f5:08:43:0f:6f:e1:02:7a:b1:1c:9d:
                    89:f4:6d:b0:64:d6:17:d4:f0:ef:3b:c0:8b:77:ba:
                    93:0a:d5:d5:f9:bd:0e:7d:58:c3:26:13:67:91:1b:
                    40:ca:5b:3a:3a:c1:a9:89:13:29:81:ef:fd:81:3c:
                    db:fd:70:8a:9e:42:c1:9d:c9:5b:1f:b7:65:5c:8b:
                    c3:14:45:48:32:4c:9e:0b:fd:08:6f:6f:a4:64:62:
                    f2:05:9e:a6:9e:1a:1f:b6:ad:66:6b:02:e6:63:ab:
                    7f:16:74:01:7e:3d:84:00:7b:00:9d:16:e1:75:e8:
                    d3:39:35:d4:d3:09:47:96:40:ad:f0:56:71:c4:33:
                    de:3a:e3:05:03:d4:f1:e6:0b:cc:f9:95:2c:26:4f:
                    bd:1a:fb:1e:e0:4d:e2:7f:6e:13:8d:00:f7:fe:70:
                    15:26:e9:93:a2:19:6d:bb:bf:2e:68:fc:85:f3:53:
                    51:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:91:3E:EE:B7:3C:2A:DE:61:D2:1A:D6:11:54:41:E2:31:17:E2:51
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/684e6ec6-cad1-4498-b3af-0bcd8b168932.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5525::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:a2:35:80:c5:47:da:30:09:a5:aa:af:01:ae:72:75:37:8a:
         7d:07:2d:c4:28:98:80:b6:47:29:fb:77:47:54:03:c5:77:08:
         f8:e7:40:d9:cc:35:4e:c9:0a:64:64:95:2f:22:ad:d1:d7:18:
         c7:4c:03:28:38:f9:1a:55:61:e4:cc:38:b0:93:44:c6:6d:28:
         fc:e3:77:fc:cc:94:a4:0e:9a:6d:f0:f6:70:ac:d3:82:e3:c0:
         92:20:f9:fe:11:c1:e9:32:bb:3e:ee:72:88:8c:f1:b9:52:15:
         bb:d2:84:cc:64:d7:56:ca:88:90:9d:09:13:68:a6:81:8e:bb:
         d6:20:39:c3:6d:ed:fd:ea:f4:aa:76:ba:aa:60:e5:df:7f:3c:
         e0:a5:b0:3c:33:1a:ed:a5:c0:6e:ca:ff:60:f0:23:64:c4:39:
         f7:2f:93:7d:97:73:30:b8:9e:63:85:69:81:b6:66:ae:be:28:
         09:c2:fb:bc:4b:d0:81:8e:ac:5d:79:47:7b:4b:62:1c:cd:78:
         f1:68:6f:a7:04:cf:fe:33:49:1c:3b:f9:c7:1b:eb:cf:58:86:
         2c:5a:4b:c4:c4:27:a4:2e:12:eb:7f:66:3c:00:06:a3:6f:18:
         62:e9:63:01:5f:73:b7:84:c8:78:83:13:ab:09:32:1f:e9:5a:
         c5:12:90:fd
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCA+snuQ7h4ObdXn+ThKzykNSEjswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzQyYTExNmQ3MDk2YjhlNDA3ZjhiNjUyNmZhOTRhYjMx
Y2NmN2FhMDdiMTAwODU0YzU2NDJlZjI2MDJmOWQ5MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCN1lbs5YuUH7nKQPUUXzsoZ2rs4x10s9xF5/sjMKalR8TG
f/TtqGWV7TIB/SWduudU5y4My9ne/RCxG5p9eEjGCm7Rd10UDvpjplIQv3n1CEMP
b+ECerEcnYn0bbBk1hfU8O87wIt3upMK1dX5vQ59WMMmE2eRG0DKWzo6wamJEymB
7/2BPNv9cIqeQsGdyVsft2Vci8MURUgyTJ4L/Qhvb6RkYvIFnqaeGh+2rWZrAuZj
q38WdAF+PYQAewCdFuF16NM5NdTTCUeWQK3wVnHEM9464wUD1PHmC8z5lSwmT70a
+x7gTeJ/bhONAPf+cBUm6ZOiGW27vy5o/IXzU1HDAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUd5E+7rc8Kt5h0hrWEVRB4jEX4lEwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzY4NGU2ZWM2LWNhZDEtNDQ5OC1iM2FmLTBiY2Q4YjE2ODkzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVSUwDQYJKoZIhvcNAQELBQADggEBAFGiNYDFR9owCaWqrwGucnU3
in0HLcQomIC2Ryn7d0dUA8V3CPjnQNnMNU7JCmRklS8irdHXGMdMAyg4+RpVYeTM
OLCTRMZtKPzjd/zMlKQOmm3w9nCs04LjwJIg+f4Rwekyuz7ucoiM8blSFbvShMxk
11bKiJCdCRNopoGOu9YgOcNt7f3q9Kp2uqpg5d9/POClsDwzGu2lwG7K/2DwI2TE
Ofcvk32XczC4nmOFaYG2Zq6+KAnC+7xL0IGOrF15R3tLYhzNePFob6cEz/4zSRw7
+ccb689YhixaS8TEJ6QuEut/ZjwABqNvGGLpYwFfc7eEyHiDE6sJMh/pWsUSkP0=
-----END CERTIFICATE-----