Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f555d010-5e5e-4c02-8722-e69da1514f97.roa
File:                     f555d010-5e5e-4c02-8722-e69da1514f97.roa (raw, json)
Hash identifier:          +2HBE5v8B9RunkZ+ckowzTdQElWtM6fiiGcCQuen7D4=
Subject key identifier:   90:2C:89:66:DE:54:87:D7:D7:E0:8C:18:F1:D3:E7:91:90:44:D5:6D
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       42D743F084C83356BAE712BDA0B23F7C1A33A7C0
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f555d010-5e5e-4c02-8722-e69da1514f97.roa
Signing time:             Mon 31 Mar 2025 18:41:13 +0000
ROA not before:           Mon 31 Mar 2025 18:41:13 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:8000::/34 maxlen: 34

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:d7:43:f0:84:c8:33:56:ba:e7:12:bd:a0:b2:3f:7c:1a:33:a7:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar 31 18:41:13 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=89a2573b4561c47b2fb9d0c8f6885e7de7e20381b8fd8149ffea8480cfdfd004, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:16:ea:9a:b9:1b:56:0a:7f:ed:47:ff:14:71:
                    49:4b:c5:61:c9:f6:d0:f4:8d:d9:2b:44:4c:77:bb:
                    2c:80:07:04:c2:0b:07:a0:03:b3:72:2d:6a:48:f3:
                    e0:c5:b8:26:86:74:e5:da:0e:70:7c:5b:51:62:1d:
                    f8:9a:d9:30:8c:15:6f:a7:2d:55:db:36:eb:ce:eb:
                    eb:ab:18:6f:07:40:20:e5:70:37:91:66:e7:1e:9c:
                    88:cd:ca:48:b5:6e:d2:12:8e:d4:eb:57:4f:27:7a:
                    29:81:ee:64:de:32:d5:44:65:61:87:c4:80:b5:14:
                    2c:3a:f5:1e:59:f1:64:d1:b9:ee:74:5d:12:85:ea:
                    23:c9:cf:fd:34:b0:37:03:5c:48:72:59:25:e5:a9:
                    a2:db:f6:29:d2:96:a7:65:74:f2:56:32:7c:da:a5:
                    13:0c:92:dc:6c:36:0b:ab:99:6e:e2:14:80:b8:18:
                    66:6b:79:ed:cf:08:80:43:25:e6:cf:6f:97:d3:83:
                    80:b0:87:13:75:34:df:43:90:72:51:df:74:af:bf:
                    64:fa:ec:40:bc:b3:34:3b:24:a0:18:10:8f:e5:41:
                    83:04:ea:e2:8f:8c:7f:d7:66:a9:f9:bb:67:ce:bd:
                    81:00:da:87:39:a4:c8:e3:ba:82:8a:7c:90:7b:73:
                    60:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:2C:89:66:DE:54:87:D7:D7:E0:8C:18:F1:D3:E7:91:90:44:D5:6D
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f555d010-5e5e-4c02-8722-e69da1514f97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         a6:58:84:97:ff:2a:cb:66:7a:b0:59:00:43:c4:6f:fe:a5:b3:
         95:e3:91:2d:a7:8a:c6:ce:3b:7c:42:2b:aa:63:95:38:ba:1d:
         90:d9:7d:e1:7b:85:c7:9c:db:df:0a:6e:b2:db:dc:69:25:c9:
         a9:94:f6:d7:26:de:28:95:51:d1:f3:5f:26:b9:ee:34:d3:e4:
         97:f3:fb:f2:c3:78:9d:b2:7c:07:3a:1e:d4:45:0c:dc:19:00:
         98:60:9b:28:3e:30:2c:a6:2a:cd:29:e6:15:62:de:0c:66:94:
         50:12:f2:78:07:80:d0:62:30:c4:6d:cb:90:49:34:2f:0c:57:
         36:f1:5c:fb:93:a0:2e:ff:20:51:6a:98:24:26:af:de:ed:5c:
         00:14:4e:db:db:ff:4b:54:3a:50:3e:dd:59:0d:fd:43:80:53:
         9a:fa:af:0a:0e:0b:89:3c:b6:bf:3f:93:f4:7c:9e:ae:f4:b1:
         a4:48:75:79:89:a3:fd:b9:2c:dd:23:22:9d:01:77:ca:ec:a3:
         e4:a1:f8:41:5f:1b:b3:cd:d4:e8:1f:3e:42:da:fc:6f:fe:2d:
         f7:64:af:6c:f6:f5:66:9b:39:79:f5:0c:70:10:ab:45:35:5a:
         2e:07:3e:99:76:41:20:89:74:f3:f5:ec:3e:42:75:4c:ce:3c:
         58:b0:1c:53
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQtdD8ITIM1a65xK9oLI/fBozp8AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzMxMTg0MTEzWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWEyNTczYjQ1NjFjNDdiMmZiOWQwYzhmNjg4NWU3ZGU3
ZTIwMzgxYjhmZDgxNDlmZmVhODQ4MGNmZGZkMDA0MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZFuqauRtWCn/tR/8UcUlLxWHJ9tD0jdkrREx3uyyABwTC
CwegA7NyLWpI8+DFuCaGdOXaDnB8W1FiHfia2TCMFW+nLVXbNuvO6+urGG8HQCDl
cDeRZucenIjNyki1btISjtTrV08neimB7mTeMtVEZWGHxIC1FCw69R5Z8WTRue50
XRKF6iPJz/00sDcDXEhyWSXlqaLb9inSlqdldPJWMnzapRMMktxsNgurmW7iFIC4
GGZree3PCIBDJebPb5fTg4CwhxN1NN9DkHJR33Svv2T67EC8szQ7JKAYEI/lQYME
6uKPjH/XZqn5u2fOvYEA2oc5pMjjuoKKfJB7c2CzAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUkCyJZt5Uh9fX4IwY8dPnkZBE1W0wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2Y1NTVkMDEwLTVlNWUtNGMwMi04NzIyLWU2OWRhMTUxNGY5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgYmAPD7gDANBgkqhkiG9w0BAQsFAAOCAQEApliEl/8qy2Z6sFkAQ8Rv/qWz
leORLaeKxs47fEIrqmOVOLodkNl94XuFx5zb3wpustvcaSXJqZT21ybeKJVR0fNf
JrnuNNPkl/P78sN4nbJ8Bzoe1EUM3BkAmGCbKD4wLKYqzSnmFWLeDGaUUBLyeAeA
0GIwxG3LkEk0LwxXNvFc+5OgLv8gUWqYJCav3u1cABRO29v/S1Q6UD7dWQ39Q4BT
mvqvCg4LiTy2vz+T9HyervSxpEh1eYmj/bks3SMinQF3yuyj5KH4QV8bs83U6B8+
Qtr8b/4t92SvbPb1Zps5efUMcBCrRTVaLgc+mXZBIIl08/XsPkJ1TM48WLAcUw==
-----END CERTIFICATE-----