Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8bf5253f-208e-4866-9167-6fea11a31b49.roa
File:                     8bf5253f-208e-4866-9167-6fea11a31b49.roa (raw, json)
Hash identifier:          QkhUKoG34m3mk+XNwyFLnreEZ5UlFily5bnzEPOhLV4=
Subject key identifier:   F6:1B:E0:C1:81:E7:34:E1:76:A0:A7:E1:24:AA:E5:7C:AD:5E:40:B3
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       65822A4D96D1BC1D8FC41FBD0D367DFABFB5F466
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8bf5253f-208e-4866-9167-6fea11a31b49.roa
Signing time:             Mon 09 Dec 2024 00:00:00 +0000
ROA not before:           Mon 09 Dec 2024 00:00:00 +0000
ROA not after:            Mon 13 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e100::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:82:2a:4d:96:d1:bc:1d:8f:c4:1f:bd:0d:36:7d:fa:bf:b5:f4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec  9 00:00:00 2024 GMT
            Not After : Jan 13 23:59:59 2025 GMT
        Subject: serialNumber=27e0ad758d74a727493f451fd57bdc037dc4199d47506cfdb7550510097a5da8, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:93:c1:ea:e5:87:b8:4a:c3:35:35:02:7c:29:
                    82:bd:47:39:3c:ae:3a:9a:1a:15:7f:a2:58:bb:a6:
                    23:cf:e5:a8:2d:a1:52:ae:40:7b:67:f5:64:fa:3d:
                    24:4a:bf:1e:b1:1a:80:aa:d5:be:78:61:a8:95:08:
                    61:4e:19:fc:ba:2a:15:9d:dc:e5:cf:82:29:a1:99:
                    64:f9:d1:6f:24:31:79:74:88:65:75:3f:02:9c:5f:
                    73:5c:a0:cc:4f:dd:14:42:fd:01:ff:00:85:5a:ba:
                    88:b2:ce:e6:32:35:8b:81:a8:1c:d0:7a:62:1f:3c:
                    16:fb:6f:a9:0b:aa:19:1f:77:c5:7c:d1:cb:f3:fd:
                    01:f7:6a:25:9e:cc:99:3e:dd:21:bb:12:41:0b:c6:
                    cc:91:1a:23:9f:da:54:4e:5a:92:0b:29:de:bc:64:
                    e4:74:9b:d5:b4:64:76:53:ae:e5:04:27:f4:46:41:
                    65:fb:e9:4d:e0:36:a4:b8:90:e2:50:29:e3:2a:6b:
                    4b:6f:55:8c:32:b8:af:10:5f:ec:e5:86:c5:a1:b5:
                    bf:82:73:6c:94:b0:c8:56:5b:fd:ae:7e:1f:0e:ec:
                    36:55:b6:c6:d9:1b:04:54:69:6d:c2:b0:77:4a:9f:
                    a4:a2:8c:4a:b3:3c:35:9c:46:a0:80:57:08:e8:1e:
                    29:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1B:E0:C1:81:E7:34:E1:76:A0:A7:E1:24:AA:E5:7C:AD:5E:40:B3
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8bf5253f-208e-4866-9167-6fea11a31b49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e100::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:3a:d8:c4:a8:10:cd:07:e7:3b:84:ce:12:4c:95:ec:1f:5e:
         7e:b0:f2:50:55:ff:32:f6:e4:d7:8b:8e:f7:e1:1b:fc:c2:cf:
         b2:e5:ba:c1:2e:a9:f8:17:d9:88:60:b0:d9:b5:92:8c:0f:a1:
         c9:c1:41:41:02:7f:2a:1e:e0:45:5a:13:06:81:d3:03:a9:15:
         13:3b:3a:4d:f2:f3:8d:bf:a1:e6:df:06:35:b9:10:8a:08:3b:
         08:d2:b9:af:04:9b:29:c4:ab:cf:32:1b:18:73:3e:76:10:0f:
         04:85:f4:bb:4b:53:81:34:e1:15:45:c0:47:c5:e8:52:6f:fb:
         36:58:6d:c1:1b:fb:34:c3:52:f9:a9:83:48:0c:e6:35:cd:42:
         8a:17:a9:60:f4:9e:a0:71:be:36:36:1d:ef:48:7a:43:7a:a4:
         89:43:51:51:3e:47:c8:bc:42:bd:67:36:f7:10:ef:a0:0b:1f:
         c7:ca:32:b3:be:59:f8:7b:4d:e7:97:20:66:e8:61:74:73:a9:
         99:f1:20:08:07:35:d7:11:da:92:f5:a8:73:6f:3c:bf:f5:9d:
         1c:ce:a3:11:a4:e7:3c:64:99:a7:ff:38:e4:32:c5:51:05:14:
         29:e4:38:17:b7:2a:73:29:60:90:79:da:40:80:b2:f4:a8:56:
         23:13:b0:b4
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZYIqTZbRvB2PxB+9DTZ9+r+19GYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjA5MDAwMDAwWhcNMjUwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyN2UwYWQ3NThkNzRhNzI3NDkzZjQ1MWZkNTdiZGMwMzdk
YzQxOTlkNDc1MDZjZmRiNzU1MDUxMDA5N2E1ZGE4MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBk8Hq5Ye4SsM1NQJ8KYK9Rzk8rjqaGhV/oli7piPP5agt
oVKuQHtn9WT6PSRKvx6xGoCq1b54YaiVCGFOGfy6KhWd3OXPgimhmWT50W8kMXl0
iGV1PwKcX3NcoMxP3RRC/QH/AIVauoiyzuYyNYuBqBzQemIfPBb7b6kLqhkfd8V8
0cvz/QH3aiWezJk+3SG7EkELxsyRGiOf2lROWpILKd68ZOR0m9W0ZHZTruUEJ/RG
QWX76U3gNqS4kOJQKeMqa0tvVYwyuK8QX+zlhsWhtb+Cc2yUsMhWW/2ufh8O7DZV
tsbZGwRUaW3CsHdKn6SijEqzPDWcRqCAVwjoHinHAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU9hvgwYHnNOF2oKfhJKrlfK1eQLMwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzhiZjUyNTNmLTIwOGUtNDg2Ni05MTY3LTZmZWExMWEzMWI0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD74TANBgkqhkiG9w0BAQsFAAOCAQEAfTrYxKgQzQfnO4TOEkyV7B9e
frDyUFX/Mvbk14uO9+Eb/MLPsuW6wS6p+BfZiGCw2bWSjA+hycFBQQJ/Kh7gRVoT
BoHTA6kVEzs6TfLzjb+h5t8GNbkQigg7CNK5rwSbKcSrzzIbGHM+dhAPBIX0u0tT
gTThFUXAR8XoUm/7NlhtwRv7NMNS+amDSAzmNc1CihepYPSeoHG+NjYd70h6Q3qk
iUNRUT5HyLxCvWc29xDvoAsfx8oys75Z+HtN55cgZuhhdHOpmfEgCAc11xHakvWo
c288v/WdHM6jEaTnPGSZp/845DLFUQUUKeQ4F7cqcylgkHnaQICy9KhWIxOwtA==
-----END CERTIFICATE-----