Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8a8b863b-298e-48a9-bced-202e80d98f01.roa
File:                     8a8b863b-298e-48a9-bced-202e80d98f01.roa (raw, json)
Hash identifier:          butvksOS1oSz7O0EuD9YrnFlSCLB5vYXyLlxny3tins=
Subject key identifier:   A6:26:FF:0F:08:F0:4D:47:6E:D5:17:83:55:8F:E8:ED:48:D7:0C:2F
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       7B6BC36A332062310F29C66FCBC639F3485A6EE8
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8a8b863b-298e-48a9-bced-202e80d98f01.roa
Signing time:             Mon 31 Mar 2025 18:50:14 +0000
ROA not before:           Mon 31 Mar 2025 18:50:14 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:ee00::/40 maxlen: 40

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:6b:c3:6a:33:20:62:31:0f:29:c6:6f:cb:c6:39:f3:48:5a:6e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 18:50:14 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=c0bc4c1c55132fa01f257cb7ffc92fc5300dc681f4e21e29611e032af1a227dd, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:db:8a:21:3a:26:37:5b:03:38:f9:0d:9a:c3:
                    65:8f:53:3b:9a:42:a2:0b:17:0b:58:96:1e:71:99:
                    2a:5a:f4:bf:73:b6:bb:f2:10:26:8f:04:b6:44:f2:
                    52:5a:19:7e:fc:0e:bf:58:e9:52:59:10:96:3b:03:
                    93:16:6e:6e:e6:c8:65:d6:4f:18:4a:c2:76:db:cb:
                    5a:23:31:39:f6:ba:89:d1:e3:a3:5e:41:59:1b:d9:
                    d9:16:71:86:2b:ba:ba:ae:44:ae:a5:70:46:b0:0a:
                    19:d3:1e:2b:f4:a7:33:ff:22:f0:6c:a6:df:0e:fd:
                    0f:91:d7:84:36:e4:d1:51:74:d4:ba:d2:4f:75:b4:
                    94:30:c8:79:17:f0:13:ba:36:25:e2:03:37:26:bb:
                    23:b4:9d:8c:66:1e:e8:18:2f:1a:ee:8e:b1:3c:8f:
                    cb:90:7a:31:1f:46:19:c3:15:dc:76:ba:76:e8:8d:
                    40:e7:18:f8:98:02:be:b3:d2:7b:4b:94:6f:a5:41:
                    0a:4e:99:60:0f:65:0c:77:45:c6:42:5b:f7:05:c5:
                    71:e5:60:82:d2:9e:e1:72:40:40:57:75:9c:ea:7c:
                    55:63:49:e3:4d:a9:54:9c:56:9a:e7:57:25:03:10:
                    72:2b:dd:05:21:39:bf:5a:6d:23:80:3f:40:cc:36:
                    e5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:26:FF:0F:08:F0:4D:47:6E:D5:17:83:55:8F:E8:ED:48:D7:0C:2F
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8a8b863b-298e-48a9-bced-202e80d98f01.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ee00::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:f1:7c:12:38:c2:80:0d:4b:04:e0:01:e4:12:80:82:77:43:
         f8:37:4e:9e:8e:04:2d:96:81:c8:41:1b:1b:4d:38:7c:b1:4c:
         d7:2f:2c:7f:1c:ca:b1:e0:c6:99:11:39:b2:d0:93:98:20:66:
         51:18:65:e7:06:69:ba:f7:85:e2:d2:e9:d9:d7:a8:f4:ef:0f:
         38:ab:01:7b:6c:4d:5b:d6:1f:7b:ac:9a:c9:28:e6:3d:f0:06:
         0a:b0:9a:00:62:df:c8:da:d6:a0:5b:e4:1d:4d:3b:e8:15:21:
         2c:f5:a4:19:93:4a:5a:57:70:73:0f:82:c2:d9:c5:70:60:b4:
         6d:9e:a9:df:06:ec:e5:fe:33:23:ae:f7:df:8a:37:d0:f0:05:
         1b:ec:3f:7c:76:ca:d1:89:05:f6:37:31:0d:89:a1:86:ab:9c:
         a4:bf:1f:91:bf:e6:0c:66:cf:83:f6:20:3e:c5:8a:bb:92:82:
         1b:4a:fd:3f:81:67:2c:10:c0:23:ae:3b:40:26:11:06:c0:56:
         6c:5b:06:32:07:5b:99:8c:7e:1b:a8:95:9a:0c:bb:e3:5d:96:
         09:59:0f:ae:3a:8d:d6:61:2b:49:c8:a5:35:1e:4f:03:76:8c:
         df:54:87:91:86:ab:c8:19:97:ee:aa:81:44:04:df:0a:94:93:
         43:e6:db:c9
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUe2vDajMgYjEPKcZvy8Y580habugwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTg1MDE0WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMGJjNGMxYzU1MTMyZmEwMWYyNTdjYjdmZmM5MmZjNTMw
MGRjNjgxZjRlMjFlMjk2MTFlMDMyYWYxYTIyN2RkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDd24ohOiY3WwM4+Q2aw2WPUzuaQqILFwtYlh5xmSpa9L9z
trvyECaPBLZE8lJaGX78Dr9Y6VJZEJY7A5MWbm7myGXWTxhKwnbby1ojMTn2uonR
46NeQVkb2dkWcYYrurquRK6lcEawChnTHiv0pzP/IvBspt8O/Q+R14Q25NFRdNS6
0k91tJQwyHkX8BO6NiXiAzcmuyO0nYxmHugYLxrujrE8j8uQejEfRhnDFdx2unbo
jUDnGPiYAr6z0ntLlG+lQQpOmWAPZQx3RcZCW/cFxXHlYILSnuFyQEBXdZzqfFVj
SeNNqVScVprnVyUDEHIr3QUhOb9abSOAP0DMNuUnAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUpib/DwjwTUdu1ReDVY/o7UjXDC8wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzhhOGI4NjNiLTI5OGUtNDhhOS1iY2VkLTIwMmU4MGQ5OGYwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD77jANBgkqhkiG9w0BAQsFAAOCAQEAMvF8EjjCgA1LBOAB5BKAgndD
+DdOno4ELZaByEEbG004fLFM1y8sfxzKseDGmRE5stCTmCBmURhl5wZpuveF4tLp
2deo9O8POKsBe2xNW9Yfe6yaySjmPfAGCrCaAGLfyNrWoFvkHU076BUhLPWkGZNK
Wldwcw+CwtnFcGC0bZ6p3wbs5f4zI67334o30PAFG+w/fHbK0YkF9jcxDYmhhquc
pL8fkb/mDGbPg/YgPsWKu5KCG0r9P4FnLBDAI647QCYRBsBWbFsGMgdbmYx+G6iV
mgy7412WCVkPrjqN1mErScilNR5PA3aM31SHkYaryBmX7qqBRATfCpSTQ+bbyQ==
-----END CERTIFICATE-----