Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/958ff9b2-2a71-408a-a63d-bf8515b23c8e.roa
File:                     958ff9b2-2a71-408a-a63d-bf8515b23c8e.roa (raw, json)
Hash identifier:          q29Ig6rMjbueTwf79UIqc6vRoFj2wFuBYKoh4Fbf7ks=
Subject key identifier:   BB:00:6F:6B:4A:DF:D3:74:8F:5E:3C:63:64:F0:4C:30:7D:8B:2F:4E
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3B8A7D93A389FE135C94529D783A0C63C7D6F860
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/958ff9b2-2a71-408a-a63d-bf8515b23c8e.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5527::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:8a:7d:93:a3:89:fe:13:5c:94:52:9d:78:3a:0c:63:c7:d6:f8:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: serialNumber=0381cbcb7d465638e797c939d4f941f7a9796ada0f0ad1a0110983f378e05025, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:aa:7a:69:bc:d3:5e:fe:75:ff:dd:b4:08:43:
                    0d:6d:c3:55:db:4f:95:46:5b:c4:32:d7:ac:84:27:
                    55:47:60:b1:b7:8f:09:4a:01:b1:84:31:30:a4:a2:
                    8e:fb:6d:fd:8a:5e:b2:0e:d5:11:34:8c:bd:50:9c:
                    f2:15:9e:65:95:89:37:a1:72:41:be:36:c4:0c:e7:
                    e9:d0:81:ed:4b:e2:e9:a6:3a:ec:b7:b9:f7:af:1e:
                    b4:ee:a4:b0:80:d4:fd:4f:6a:ed:a8:fa:5d:a5:84:
                    81:95:68:69:fd:f2:02:bc:82:c2:d3:30:0b:33:cd:
                    c0:6e:59:6c:d5:c3:b0:3f:40:cf:9b:f3:62:b4:8a:
                    dd:94:18:ad:8f:2a:b9:0d:03:21:f0:27:f1:f6:d1:
                    c3:a6:74:bc:7f:43:11:48:82:c8:e8:3a:eb:8c:ee:
                    c5:f9:0a:76:68:aa:a0:12:8b:a2:0d:c9:b6:5a:a7:
                    8f:9d:3c:6f:f4:7c:0b:e0:88:16:7f:2a:41:59:33:
                    47:c7:16:ac:5f:76:b9:c2:e6:17:1f:3e:3f:8d:ed:
                    87:c0:42:68:f0:1d:6d:2d:26:a9:3b:54:34:6b:ed:
                    48:7e:4c:61:32:e0:1b:16:50:ef:7e:2a:91:35:39:
                    1e:ac:c2:ce:d8:bb:bd:60:aa:c8:0b:10:61:57:34:
                    6e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:00:6F:6B:4A:DF:D3:74:8F:5E:3C:63:64:F0:4C:30:7D:8B:2F:4E
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/958ff9b2-2a71-408a-a63d-bf8515b23c8e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5527::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:2d:eb:36:a7:65:60:65:c3:32:f6:22:29:a9:3c:66:bb:67:
         83:a4:b1:93:db:4f:ae:c0:79:51:55:89:49:69:41:cb:66:09:
         12:ab:ca:45:8a:fa:4e:1e:95:15:2f:52:15:fa:35:d2:59:1b:
         cf:e4:b8:2e:8c:17:cf:e8:0d:51:5b:fa:78:fb:14:98:f5:87:
         1f:57:7b:fc:b7:e6:50:7a:81:15:7a:f1:5a:d1:0d:f7:45:bc:
         be:ae:5d:09:ed:94:75:0e:c3:4a:ab:7c:d7:37:2a:c0:17:96:
         77:fc:de:b3:c3:a0:7a:b9:15:44:ab:2e:e2:73:03:91:ba:61:
         33:02:d9:b4:e0:79:10:d2:2b:b2:5c:0e:85:cd:ab:4c:0a:24:
         37:63:c7:fa:4b:13:e5:32:7f:52:8f:14:74:b9:c7:a1:91:ec:
         60:68:04:ed:33:ab:0a:bf:79:c3:a5:30:18:2c:22:f9:90:55:
         bb:79:3b:e7:3c:86:32:0e:96:fa:6a:51:9d:c3:9a:e3:08:b8:
         c8:c4:d8:52:64:9d:bd:37:d9:c5:48:b9:7c:3c:57:d6:cd:5f:
         ab:56:c3:60:09:b8:93:69:0a:b6:7e:d4:62:1e:08:80:56:41:
         df:5f:d8:f8:12:13:4b:be:9d:52:f1:c2:c9:1b:58:cb:93:c4:
         31:d2:4e:79
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUO4p9k6OJ/hNclFKdeDoMY8fW+GAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzgxY2JjYjdkNDY1NjM4ZTc5N2M5MzlkNGY5NDFmN2E5
Nzk2YWRhMGYwYWQxYTAxMTA5ODNmMzc4ZTA1MDI1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaqnppvNNe/nX/3bQIQw1tw1XbT5VGW8Qy16yEJ1VHYLG3
jwlKAbGEMTCkoo77bf2KXrIO1RE0jL1QnPIVnmWViTehckG+NsQM5+nQge1L4umm
Ouy3ufevHrTupLCA1P1Pau2o+l2lhIGVaGn98gK8gsLTMAszzcBuWWzVw7A/QM+b
82K0it2UGK2PKrkNAyHwJ/H20cOmdLx/QxFIgsjoOuuM7sX5CnZoqqASi6INybZa
p4+dPG/0fAvgiBZ/KkFZM0fHFqxfdrnC5hcfPj+N7YfAQmjwHW0tJqk7VDRr7Uh+
TGEy4BsWUO9+KpE1OR6sws7Yu71gqsgLEGFXNG5PAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUuwBva0rf03SPXjxjZPBMMH2LL04wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2Lzk1OGZmOWIyLTJhNzEtNDA4YS1hNjNkLWJmODUxNWIyM2M4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVScwDQYJKoZIhvcNAQELBQADggEBADwt6zanZWBlwzL2IimpPGa7
Z4OksZPbT67AeVFViUlpQctmCRKrykWK+k4elRUvUhX6NdJZG8/kuC6MF8/oDVFb
+nj7FJj1hx9Xe/y35lB6gRV68VrRDfdFvL6uXQntlHUOw0qrfNc3KsAXlnf83rPD
oHq5FUSrLuJzA5G6YTMC2bTgeRDSK7JcDoXNq0wKJDdjx/pLE+Uyf1KPFHS5x6GR
7GBoBO0zqwq/ecOlMBgsIvmQVbt5O+c8hjIOlvpqUZ3DmuMIuMjE2FJknb032cVI
uXw8V9bNX6tWw2AJuJNpCrZ+1GIeCIBWQd9f2PgSE0u+nVLxwskbWMuTxDHSTnk=
-----END CERTIFICATE-----