Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c91dc110-e4d6-4a78-90dc-94e4d2083c89.roa
File:                     c91dc110-e4d6-4a78-90dc-94e4d2083c89.roa (raw, json)
Hash identifier:          kSCAYbbCx9fBZ374X+DAvP0mt2pHbx66p+qCJ0IGQpY=
Subject key identifier:   5F:A8:1C:CB:64:02:DC:10:83:CB:6D:7D:78:74:C3:65:3F:76:A2:DD
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       7C90B7920C84C15A0907D9CFB3403B032B5EE3A5
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c91dc110-e4d6-4a78-90dc-94e4d2083c89.roa
Signing time:             Mon 31 Mar 2025 19:00:08 +0000
ROA not before:           Mon 31 Mar 2025 19:00:08 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:100::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:90:b7:92:0c:84:c1:5a:09:07:d9:cf:b3:40:3b:03:2b:5e:e3:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 19:00:08 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=2ea76a84772ecc048d0e9b36d2a2506c21f43a1aa54444decd818b3562975d17, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:91:27:e7:3c:79:4f:d6:6c:16:14:1b:5f:71:
                    13:12:94:d9:e0:2a:23:cb:83:17:35:27:87:9f:c9:
                    e1:16:88:83:31:25:11:64:53:8f:e1:fc:15:5b:05:
                    60:e2:dd:18:aa:57:94:0e:34:02:58:f8:c4:33:7d:
                    4f:39:9b:ca:bd:8e:ca:cc:17:ee:a4:07:8d:48:fa:
                    d9:d7:b5:48:10:4e:bd:fb:e0:84:4c:4b:02:17:43:
                    35:8a:15:f5:91:57:bc:fc:28:b4:87:02:88:9e:23:
                    d1:fa:18:54:c0:7e:50:4e:cd:d4:34:db:c3:b4:80:
                    48:50:1d:8b:57:8b:ca:7f:b6:8f:b8:67:d5:54:ca:
                    e9:9f:71:9a:56:bb:cf:93:b6:37:3b:11:9a:59:ee:
                    8d:67:2a:15:79:e3:8f:d7:eb:b4:46:70:89:cd:4b:
                    e6:00:8c:14:28:d1:25:14:ce:75:22:38:f1:56:f1:
                    5f:87:cf:05:11:5e:2e:fe:fb:53:bd:81:d8:30:f2:
                    2d:08:a2:0e:15:0c:8d:39:0a:ac:3e:4b:2f:59:85:
                    f8:f1:d2:6e:08:31:28:37:4f:20:1a:a9:3e:ed:10:
                    86:c4:11:c7:5b:c7:1d:80:00:6f:e6:82:7f:bb:41:
                    de:b2:63:a9:96:00:c7:7d:cd:84:cc:f8:30:22:b6:
                    58:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A8:1C:CB:64:02:DC:10:83:CB:6D:7D:78:74:C3:65:3F:76:A2:DD
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/c91dc110-e4d6-4a78-90dc-94e4d2083c89.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:4f:59:83:bb:0f:c5:f5:11:fa:90:ac:49:eb:97:18:5f:de:
         fd:ad:ff:ec:10:b0:a4:39:ce:28:f1:cc:19:3a:93:be:fd:04:
         8a:f3:1e:0a:22:7f:4e:5f:f1:ad:07:ae:b2:e7:70:41:ab:51:
         71:6f:5f:89:7c:87:69:f5:ed:89:59:22:43:96:8e:38:a4:9b:
         bf:3e:7b:a4:6a:ba:fc:56:67:b1:4a:3b:29:59:ba:9c:f9:8a:
         85:53:d9:48:60:10:2b:9a:10:13:ab:14:56:d5:f1:ee:68:b9:
         f5:be:41:ac:c5:3b:e2:98:47:52:97:28:3f:4a:5f:c9:78:15:
         d7:bd:51:98:40:70:3c:03:62:f7:4b:62:bd:86:d7:95:39:6a:
         2c:d0:3f:99:10:7c:3a:e4:80:d9:0b:9f:0d:8a:9f:24:e8:9c:
         13:9e:78:48:9b:31:f7:a6:71:27:3a:ab:c6:05:bd:e1:2d:b5:
         e3:3b:78:ae:3a:39:46:19:93:0b:13:7c:ce:5f:c9:79:e4:91:
         72:99:47:22:d3:65:5f:24:12:16:13:9b:98:f2:73:3e:e6:4a:
         6d:78:de:ea:5d:a0:39:23:a9:82:3b:ee:ed:f3:3f:ed:68:79:
         12:72:70:89:4c:26:a6:3a:7a:f0:dd:e5:0e:6f:c1:f9:26:c3:
         66:c0:a5:6c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUfJC3kgyEwVoJB9nPs0A7Ayte46UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTkwMDA4WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZWE3NmE4NDc3MmVjYzA0OGQwZTliMzZkMmEyNTA2YzIx
ZjQzYTFhYTU0NDQ0ZGVjZDgxOGIzNTYyOTc1ZDE3MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwkSfnPHlP1mwWFBtfcRMSlNngKiPLgxc1J4efyeEWiIMx
JRFkU4/h/BVbBWDi3RiqV5QONAJY+MQzfU85m8q9jsrMF+6kB41I+tnXtUgQTr37
4IRMSwIXQzWKFfWRV7z8KLSHAoieI9H6GFTAflBOzdQ028O0gEhQHYtXi8p/to+4
Z9VUyumfcZpWu8+Ttjc7EZpZ7o1nKhV544/X67RGcInNS+YAjBQo0SUUznUiOPFW
8V+HzwURXi7++1O9gdgw8i0Iog4VDI05Cqw+Sy9Zhfjx0m4IMSg3TyAaqT7tEIbE
Ecdbxx2AAG/mgn+7Qd6yY6mWAMd9zYTM+DAitljnAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUX6gcy2QC3BCDy219eHTDZT92ot0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2M5MWRjMTEwLWU0ZDYtNGE3OC05MGRjLTk0ZTRkMjA4M2M4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwATANBgkqhkiG9w0BAQsFAAOCAQEALU9Zg7sPxfUR+pCsSeuXGF/e
/a3/7BCwpDnOKPHMGTqTvv0EivMeCiJ/Tl/xrQeusudwQatRcW9fiXyHafXtiVki
Q5aOOKSbvz57pGq6/FZnsUo7KVm6nPmKhVPZSGAQK5oQE6sUVtXx7mi59b5BrMU7
4phHUpcoP0pfyXgV171RmEBwPANi90tivYbXlTlqLNA/mRB8OuSA2QufDYqfJOic
E554SJsx96ZxJzqrxgW94S214zt4rjo5RhmTCxN8zl/JeeSRcplHItNlXyQSFhOb
mPJzPuZKbXje6l2gOSOpgjvu7fM/7Wh5EnJwiUwmpjp68N3lDm/B+SbDZsClbA==
-----END CERTIFICATE-----