Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c4e52abf-4d7e-4707-bd4e-1ceba64e18cd.roa
File:                     c4e52abf-4d7e-4707-bd4e-1ceba64e18cd.roa (raw, json)
Hash identifier:          MamKkU1R9iUJVB4F1mhRF9nVfKQk3IZUyTLZG5S+Fr8=
Subject key identifier:   66:6A:76:5B:16:F8:B5:89:16:E0:AB:47:54:65:0C:79:33:FF:D9:C9
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1B445CF8C6130C7AEDA4D42FD74E8A39938FA358
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c4e52abf-4d7e-4707-bd4e-1ceba64e18cd.roa
Signing time:             Mon 31 Mar 2025 18:51:39 +0000
ROA not before:           Mon 31 Mar 2025 18:51:39 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:e600::/42 maxlen: 42

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:44:5c:f8:c6:13:0c:7a:ed:a4:d4:2f:d7:4e:8a:39:93:8f:a3:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 18:51:39 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=8d5a82eead600489f6c2036a5e1709f335b0eb65d03f8aa36cb22234f83f135b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9c:0a:19:83:4c:23:11:06:ed:29:d5:c1:af:
                    ca:36:44:87:00:e3:a4:0d:99:12:db:45:b9:35:d5:
                    38:75:e0:22:a1:8e:c1:c6:2a:fc:08:54:21:48:5d:
                    b8:23:26:30:b9:e6:bd:e4:50:a4:77:5f:3c:32:f0:
                    26:54:0d:4f:3d:68:ef:25:24:c9:a2:46:5d:a4:3a:
                    00:4f:0f:02:7e:5f:96:16:69:e6:50:35:94:19:26:
                    10:44:04:54:48:33:9f:cc:d0:64:54:68:e9:ee:92:
                    85:28:11:4a:cc:76:ff:d4:12:e7:de:4e:ab:c0:3b:
                    60:c9:e2:d5:85:97:85:b7:a1:cc:02:ff:a3:19:1a:
                    cd:37:97:6e:e0:9d:6f:51:98:78:bc:41:4e:16:93:
                    a0:e7:3f:ac:78:2a:4e:a1:49:b4:27:7f:9f:65:aa:
                    90:31:03:96:e4:12:41:95:60:1f:2d:1e:b2:1c:d3:
                    b6:bd:39:e6:0c:e1:bc:f7:1f:07:b4:3a:0b:d6:80:
                    85:74:87:c5:f9:25:8a:36:7f:87:7c:28:1b:89:a1:
                    cc:dd:09:2c:10:66:1f:35:93:bd:39:90:1d:56:40:
                    3c:cb:c6:16:60:26:39:27:57:75:02:76:0f:72:b4:
                    f1:61:10:bc:b2:11:54:13:6d:47:0e:65:7c:70:f5:
                    f8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:6A:76:5B:16:F8:B5:89:16:E0:AB:47:54:65:0C:79:33:FF:D9:C9
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c4e52abf-4d7e-4707-bd4e-1ceba64e18cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e600::/42

    Signature Algorithm: sha256WithRSAEncryption
         29:b2:c6:03:07:d6:a3:e9:a7:db:54:ac:fd:70:7e:d4:31:be:
         0b:b8:ac:7e:c0:d8:6b:86:25:32:0b:69:45:c2:a0:d3:d4:e3:
         56:5a:77:55:8e:6a:1c:9a:78:17:68:43:4f:ae:0c:77:7f:ae:
         3c:e8:3f:2a:a1:67:e5:57:5b:d0:34:b9:8f:df:45:f3:f5:d3:
         07:06:8e:c2:99:29:71:26:77:e8:80:7a:23:09:da:65:d2:78:
         2c:bc:38:9d:77:9f:17:02:3b:44:d0:29:44:58:66:ff:99:f3:
         fc:93:bf:c1:79:17:d9:b5:e5:a7:42:b0:29:36:81:01:87:a2:
         63:84:06:97:99:48:56:1a:d7:d3:29:76:18:a9:d4:c3:71:f8:
         06:57:31:c6:14:e3:b4:46:6a:0e:ae:4f:ef:5c:eb:29:df:41:
         c0:ca:aa:89:b2:14:91:f0:79:c8:99:af:df:31:e8:a7:18:b1:
         36:5d:e6:80:63:a8:a9:03:ff:55:b3:e0:53:b3:db:e7:1e:0f:
         4c:f2:44:b9:ad:02:84:14:20:d7:87:27:6c:e5:5a:84:b0:cc:
         29:64:12:a9:e9:0d:0b:fb:55:8e:b1:42:7f:bd:68:83:1e:ec:
         8c:4f:33:67:26:b4:9d:fb:2f:45:87:56:80:68:8a:a3:45:a5:
         e2:51:2b:fb
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUG0Rc+MYTDHrtpNQv106KOZOPo1gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTg1MTM5WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDVhODJlZWFkNjAwNDg5ZjZjMjAzNmE1ZTE3MDlmMzM1
YjBlYjY1ZDAzZjhhYTM2Y2IyMjIzNGY4M2YxMzViMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTnAoZg0wjEQbtKdXBr8o2RIcA46QNmRLbRbk11Th14CKh
jsHGKvwIVCFIXbgjJjC55r3kUKR3Xzwy8CZUDU89aO8lJMmiRl2kOgBPDwJ+X5YW
aeZQNZQZJhBEBFRIM5/M0GRUaOnukoUoEUrMdv/UEufeTqvAO2DJ4tWFl4W3ocwC
/6MZGs03l27gnW9RmHi8QU4Wk6DnP6x4Kk6hSbQnf59lqpAxA5bkEkGVYB8tHrIc
07a9OeYM4bz3Hwe0OgvWgIV0h8X5JYo2f4d8KBuJoczdCSwQZh81k705kB1WQDzL
xhZgJjknV3UCdg9ytPFhELyyEVQTbUcOZXxw9fhrAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUZmp2Wxb4tYkW4KtHVGUMeTP/2ckwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2M0ZTUyYWJmLTRkN2UtNDcwNy1iZDRlLTFjZWJhNjRlMThjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD75gAwDQYJKoZIhvcNAQELBQADggEBACmyxgMH1qPpp9tUrP1wftQx
vgu4rH7A2GuGJTILaUXCoNPU41Zad1WOahyaeBdoQ0+uDHd/rjzoPyqhZ+VXW9A0
uY/fRfP10wcGjsKZKXEmd+iAeiMJ2mXSeCy8OJ13nxcCO0TQKURYZv+Z8/yTv8F5
F9m15adCsCk2gQGHomOEBpeZSFYa19Mpdhip1MNx+AZXMcYU47RGag6uT+9c6ynf
QcDKqomyFJHweciZr98x6KcYsTZd5oBjqKkD/1Wz4FOz2+ceD0zyRLmtAoQUINeH
J2zlWoSwzClkEqnpDQv7VY6xQn+9aIMe7IxPM2cmtJ37L0WHVoBoiqNFpeJRK/s=
-----END CERTIFICATE-----