Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4a8623c4-10a0-46b6-a5f5-c94e84c56867.roa
File:                     4a8623c4-10a0-46b6-a5f5-c94e84c56867.roa (raw, json)
Hash identifier:          C0b6Ei6tGFYh/vLvwhz88zQauIDgjiJ4U1PebhatMlo=
Subject key identifier:   1C:EE:63:29:EC:92:54:0E:8D:0F:65:04:72:CC:C6:56:7A:36:13:78
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       27B3D76E6840DB23B4E2077BDC725B5B9FEF4946
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4a8623c4-10a0-46b6-a5f5-c94e84c56867.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:a0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:b3:d7:6e:68:40:db:23:b4:e2:07:7b:dc:72:5b:5b:9f:ef:49:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=d1db02eb04d99354a536eff38c46ac099b4c15e287f6087c85fc7a1a18aabf75, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4f:4d:00:bd:8a:da:1a:a4:ad:8d:3d:a2:9b:
                    f3:1a:60:d4:24:5f:21:8c:79:c2:35:73:8c:dd:c2:
                    4a:2a:96:c6:16:fe:27:f6:db:31:8d:af:f9:74:83:
                    c2:ae:33:61:88:d6:98:ba:9d:cb:36:bc:aa:36:22:
                    c4:c0:7d:ee:80:dc:c5:a3:d8:70:8b:7c:46:84:2b:
                    c4:dc:77:0a:80:e9:39:37:ed:1c:6e:e1:81:13:be:
                    36:bd:e3:c1:48:d5:75:1f:b9:bd:f6:1a:dd:93:98:
                    dd:e8:4f:9e:1d:9d:81:59:86:34:0f:cc:0e:54:f8:
                    65:35:ff:0d:74:8d:d5:18:ec:2d:aa:09:96:6d:84:
                    c5:70:c2:bf:57:4a:c3:70:f3:d9:18:cf:bd:75:e0:
                    8b:cb:da:7f:67:a0:24:62:2f:4b:21:a8:13:f9:68:
                    d1:44:4a:21:ce:f8:ab:33:14:78:77:1f:3d:d1:81:
                    5b:fb:41:ff:bb:ab:3a:85:de:aa:96:88:c6:e9:d8:
                    47:27:95:45:15:c9:4e:a0:39:b4:f2:79:df:b9:19:
                    d1:82:ac:29:99:9b:e1:30:76:a0:ce:63:ce:bc:73:
                    57:43:72:d2:f0:25:36:38:f9:7f:73:b4:2c:2d:35:
                    91:45:8e:ab:6f:ff:25:e0:36:b9:3b:bb:87:11:b6:
                    1d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:EE:63:29:EC:92:54:0E:8D:0F:65:04:72:CC:C6:56:7A:36:13:78
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4a8623c4-10a0-46b6-a5f5-c94e84c56867.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:69:3f:59:fc:f3:51:df:e2:10:57:f3:83:6e:19:6e:a7:b8:
         23:bc:25:4d:ba:47:25:1f:6c:23:31:e5:4b:31:3d:03:be:65:
         83:06:6b:82:30:bc:7f:96:22:37:0b:1d:7c:d2:7c:69:84:b7:
         3b:c4:ff:4e:65:ac:56:6d:e6:bb:ee:89:a6:84:9c:fd:a1:4e:
         59:c4:ed:fa:ef:3b:05:22:26:7e:44:57:ea:a0:98:26:03:59:
         fb:4b:9c:fd:2c:88:ae:79:24:47:b8:36:e9:8c:ba:b9:71:cc:
         e9:7f:49:21:de:12:ae:3d:c1:60:08:ca:1b:5f:be:59:f3:73:
         05:70:db:fc:1a:00:43:f7:b8:27:c6:4d:e5:22:18:ed:2c:cb:
         05:ed:9f:7f:62:e9:5f:68:e4:8c:96:02:68:eb:ae:d1:2c:8f:
         dc:cb:b8:fd:ed:fe:3b:ba:93:6a:47:dd:27:dd:70:e2:d1:b9:
         26:bc:b6:42:fb:53:0c:30:09:7d:a9:93:f6:c6:28:71:9b:88:
         9b:ec:15:bb:0a:1e:52:2a:9d:19:ce:7f:f6:67:e4:e1:35:fa:
         17:34:22:1f:6b:04:36:2e:82:15:d1:a8:04:3f:19:16:1d:4b:
         e6:f4:58:cd:0f:fa:30:8d:d3:78:12:28:f2:00:c5:cb:ca:a5:
         42:e3:9b:89
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJ7PXbmhA2yO04gd73HJbW5/vSUYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMWRiMDJlYjA0ZDk5MzU0YTUzNmVmZjM4YzQ2YWMwOTli
NGMxNWUyODdmNjA4N2M4NWZjN2ExYTE4YWFiZjc1MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBT00AvYraGqStjT2im/MaYNQkXyGMecI1c4zdwkoqlsYW
/if22zGNr/l0g8KuM2GI1pi6ncs2vKo2IsTAfe6A3MWj2HCLfEaEK8TcdwqA6Tk3
7Rxu4YETvja948FI1XUfub32Gt2TmN3oT54dnYFZhjQPzA5U+GU1/w10jdUY7C2q
CZZthMVwwr9XSsNw89kYz7114IvL2n9noCRiL0shqBP5aNFESiHO+KszFHh3Hz3R
gVv7Qf+7qzqF3qqWiMbp2EcnlUUVyU6gObTyed+5GdGCrCmZm+EwdqDOY868c1dD
ctLwJTY4+X9ztCwtNZFFjqtv/yXgNrk7u4cRth1tAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUHO5jKeySVA6ND2UEcszGVno2E3gwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRhODYyM2M0LTEwYTAtNDZiNi1hNWY1LWM5NGU4NGM1Njg2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAKAwDQYJKoZIhvcNAQELBQADggEBAKhpP1n881Hf4hBX84NuGW6n
uCO8JU26RyUfbCMx5UsxPQO+ZYMGa4IwvH+WIjcLHXzSfGmEtzvE/05lrFZt5rvu
iaaEnP2hTlnE7frvOwUiJn5EV+qgmCYDWftLnP0siK55JEe4NumMurlxzOl/SSHe
Eq49wWAIyhtfvlnzcwVw2/waAEP3uCfGTeUiGO0sywXtn39i6V9o5IyWAmjrrtEs
j9zLuP3t/ju6k2pH3SfdcOLRuSa8tkL7UwwwCX2pk/bGKHGbiJvsFbsKHlIqnRnO
f/Zn5OE1+hc0Ih9rBDYughXRqAQ/GRYdS+b0WM0P+jCN03gSKPIAxcvKpULjm4k=
-----END CERTIFICATE-----