Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8472ecf5-5d3d-4e46-b699-e29644b42fa4.roa
File:                     8472ecf5-5d3d-4e46-b699-e29644b42fa4.roa (raw, json)
Hash identifier:          utLHKaF4mRjzEDUmrJAUXMte9jiZOPqg1Y43965zesk=
Subject key identifier:   74:66:1D:46:E9:72:BC:26:51:C4:F0:36:B5:58:3C:8A:6A:DB:D6:EF
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       759E3CE98498AFDC1DC5B3141964BE27815905F2
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8472ecf5-5d3d-4e46-b699-e29644b42fa4.roa
Signing time:             Mon 31 Mar 2025 18:40:13 +0000
ROA not before:           Mon 31 Mar 2025 18:40:13 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:6::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:9e:3c:e9:84:98:af:dc:1d:c5:b3:14:19:64:be:27:81:59:05:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 18:40:13 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=c8fec2be8ac8f5acd16573b9a482564290a921f5553110cf53048e2015012f8c, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:37:0b:e7:d6:62:a7:ee:a9:e4:9e:a2:e1:a5:
                    c8:05:28:ba:3a:34:4e:29:69:f4:98:45:25:bf:ea:
                    60:7f:78:6f:4f:be:ea:03:dd:5f:17:3a:f4:65:64:
                    49:76:dc:5a:c9:2f:b4:fa:fb:d0:7f:2e:93:e7:1f:
                    79:de:ac:e0:75:9e:44:f1:a4:9b:60:8b:ab:e2:18:
                    c9:76:42:b8:57:e6:33:0a:d9:3b:e9:50:ed:25:8b:
                    8c:6d:02:82:e3:bf:9f:5e:44:b1:c9:8b:8c:de:71:
                    36:4f:1b:51:ce:46:89:62:dd:3b:3f:d6:c3:61:a6:
                    32:dd:b5:e0:2e:5d:cc:32:a6:df:1a:ff:24:e8:f0:
                    43:54:47:a5:bd:43:97:62:60:68:b1:f2:03:2a:89:
                    de:79:f2:01:c4:d7:a0:7f:1a:6b:50:98:b4:7c:21:
                    fe:4b:06:57:7b:3b:d3:04:f5:fb:fc:34:60:da:c7:
                    3f:e5:b4:4b:60:53:81:d0:41:d9:20:60:82:de:38:
                    25:6b:d9:54:57:ff:0d:d3:5a:d6:43:12:7a:6f:87:
                    e5:9d:61:0a:ee:2f:42:44:cb:5a:de:5e:b0:87:57:
                    82:ac:bc:5a:98:1a:27:af:21:a9:c2:b8:4e:e5:e0:
                    89:4f:27:84:00:3b:36:37:f1:ba:8c:83:66:28:71:
                    f8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:66:1D:46:E9:72:BC:26:51:C4:F0:36:B5:58:3C:8A:6A:DB:D6:EF
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8472ecf5-5d3d-4e46-b699-e29644b42fa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:8c:fc:cf:4a:2e:44:41:27:e0:2e:ee:b2:83:9b:26:b0:60:
         17:67:bd:74:70:db:3f:44:c4:5f:b8:4f:d3:7f:ba:f2:3e:d4:
         44:e0:94:07:a2:df:65:f8:25:c7:21:8a:4c:6e:ed:42:81:58:
         d7:90:67:47:9b:a2:38:e0:04:ea:94:b1:38:28:d3:d2:12:f9:
         7e:db:78:45:c7:c4:30:39:be:11:50:66:b4:1d:a2:0d:b5:8d:
         81:bb:35:68:14:dc:e1:ac:59:91:2c:d2:72:60:8d:8f:ba:9a:
         64:b5:85:5b:f8:7f:48:37:d9:75:09:00:f5:55:78:88:26:84:
         6c:25:71:6d:38:dc:06:02:71:1f:78:7f:f3:39:28:8c:8d:cc:
         0b:f3:dc:83:d9:3f:d7:1d:17:3d:e9:4e:f0:94:8f:b5:b6:d7:
         10:f6:7f:e9:06:d6:12:41:93:ab:75:01:c6:5d:e6:2a:31:7e:
         81:f3:cd:31:39:be:84:f9:46:09:ea:94:e0:59:2b:7a:b6:f8:
         f3:35:42:d4:8c:e0:b5:e0:66:b7:1a:a6:6b:e0:51:1e:35:ca:
         89:f6:fe:d6:88:73:4a:47:d5:36:36:8d:1f:33:1c:e8:f1:c7:
         05:6c:c3:ad:7c:5c:34:0a:14:de:ce:26:57:e2:89:d3:3a:38:
         46:9f:26:40
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUdZ486YSYr9wdxbMUGWS+J4FZBfIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTg0MDEzWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOGZlYzJiZThhYzhmNWFjZDE2NTczYjlhNDgyNTY0Mjkw
YTkyMWY1NTUzMTEwY2Y1MzA0OGUyMDE1MDEyZjhjMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpNwvn1mKn7qnknqLhpcgFKLo6NE4pafSYRSW/6mB/eG9P
vuoD3V8XOvRlZEl23FrJL7T6+9B/LpPnH3nerOB1nkTxpJtgi6viGMl2QrhX5jMK
2TvpUO0li4xtAoLjv59eRLHJi4zecTZPG1HORoli3Ts/1sNhpjLdteAuXcwypt8a
/yTo8ENUR6W9Q5diYGix8gMqid558gHE16B/GmtQmLR8If5LBld7O9ME9fv8NGDa
xz/ltEtgU4HQQdkgYILeOCVr2VRX/w3TWtZDEnpvh+WdYQruL0JEy1reXrCHV4Ks
vFqYGievIanCuE7l4IlPJ4QAOzY38bqMg2YocfiTAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUdGYdRulyvCZRxPA2tVg8imrb1u8wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2Lzg0NzJlY2Y1LTVkM2QtNGU0Ni1iNjk5LWUyOTY0NGI0MmZhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAAYwDQYJKoZIhvcNAQELBQADggEBAF6M/M9KLkRBJ+Au7rKDmyaw
YBdnvXRw2z9ExF+4T9N/uvI+1ETglAei32X4Jcchikxu7UKBWNeQZ0ebojjgBOqU
sTgo09IS+X7beEXHxDA5vhFQZrQdog21jYG7NWgU3OGsWZEs0nJgjY+6mmS1hVv4
f0g32XUJAPVVeIgmhGwlcW043AYCcR94f/M5KIyNzAvz3IPZP9cdFz3pTvCUj7W2
1xD2f+kG1hJBk6t1AcZd5ioxfoHzzTE5voT5RgnqlOBZK3q2+PM1QtSM4LXgZrca
pmvgUR41yon2/taIc0pH1TY2jR8zHOjxxwVsw618XDQKFN7OJlfiidM6OEafJkA=
-----END CERTIFICATE-----