Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/72241dc6-56ae-4337-bb4b-b84fbdae51d0.roa
File:                     72241dc6-56ae-4337-bb4b-b84fbdae51d0.roa (raw, json)
Hash identifier:          GXw8fjyKC9H1MLwsnqfOpcdyK7b8Zj0MAOKUdVJt8T8=
Subject key identifier:   1F:C6:E5:1B:65:7E:CF:C7:C4:1F:BA:10:41:7F:0E:48:90:84:8B:53
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1F4C272993B1CC85BA65D2EE2E4232E1A0850039
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/72241dc6-56ae-4337-bb4b-b84fbdae51d0.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:ee00::/42 maxlen: 42
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:4c:27:29:93:b1:cc:85:ba:65:d2:ee:2e:42:32:e1:a0:85:00:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=2551699a1708f7d3c642ba59cd90d3860b5c4527cacb2e9a7a3b474cb0e2a40b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9e:22:2d:cd:d4:dd:4b:f4:30:06:cd:f5:4b:
                    83:1e:3d:d3:ba:0d:66:32:3a:56:17:73:d3:a1:29:
                    68:e3:02:dc:1b:ad:ee:e5:6e:89:6f:c7:fe:69:85:
                    bd:93:26:94:06:f1:96:be:0f:0d:02:fb:34:00:bb:
                    50:cd:6d:45:3d:40:24:6d:53:e3:8d:7f:e4:76:70:
                    bc:db:dd:be:b0:70:de:df:6b:5b:97:91:f2:7d:43:
                    b1:a9:ab:8f:47:05:ea:d3:85:52:9b:61:22:5a:2c:
                    50:14:e6:2d:16:ee:02:09:fe:08:23:cb:ae:4f:e8:
                    7f:a7:ad:12:43:05:92:2e:fb:f7:96:5e:4d:1b:83:
                    57:9f:97:0a:de:15:72:fe:40:79:f4:52:99:f6:d2:
                    df:07:f5:20:2c:6b:87:02:f2:e8:6c:ba:4b:09:fc:
                    73:80:e1:a8:45:a7:b5:bf:6e:8a:ae:0b:c5:71:a3:
                    0d:7d:83:5d:f5:60:c7:54:f1:20:9a:55:c6:fa:f6:
                    9f:e6:31:53:5b:33:e1:a9:b0:5a:9d:34:4b:32:39:
                    aa:f0:0b:83:7d:18:a9:e2:28:f9:72:c1:cc:50:20:
                    db:92:51:24:c6:e8:6b:f0:9c:26:f5:07:de:a9:44:
                    a6:d4:de:f7:84:12:9d:53:13:03:c0:aa:99:1b:91:
                    64:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:C6:E5:1B:65:7E:CF:C7:C4:1F:BA:10:41:7F:0E:48:90:84:8B:53
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/72241dc6-56ae-4337-bb4b-b84fbdae51d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ee00::/42

    Signature Algorithm: sha256WithRSAEncryption
         3c:0a:14:26:3b:d0:ff:63:6f:6a:92:8a:53:91:b8:0f:06:b9:
         9f:4d:f5:69:e8:33:fc:44:a2:47:70:ae:e7:63:15:40:fb:c2:
         d9:56:15:b7:4d:1e:4a:e1:d5:e8:05:10:fd:67:5a:ad:d6:0a:
         10:e6:54:e8:52:bd:0b:4d:b9:d6:2f:74:e3:1f:16:34:38:c8:
         da:6e:d0:e4:45:49:c9:e3:b5:bb:a5:ce:82:f1:dc:29:ad:11:
         7c:a7:9d:ce:07:e3:f5:25:0b:8b:e1:37:71:6f:ca:b6:cb:52:
         fc:28:93:4a:c3:24:a7:9e:33:2a:b2:20:34:95:e0:79:fa:4d:
         ee:6f:fd:34:18:4c:85:25:41:6a:d6:a2:ae:86:1f:82:89:7e:
         49:fe:14:26:49:16:3b:21:f6:ab:2b:f8:e6:a2:7e:96:53:44:
         ac:7a:a1:ad:dd:12:5c:74:be:18:d5:46:c2:9b:94:0a:f7:22:
         bc:9d:6c:10:7d:b7:32:f5:bf:63:2a:1b:e1:b6:4e:84:64:ee:
         80:55:30:22:7f:79:4c:9f:79:8e:03:da:29:05:94:94:0c:60:
         42:6f:37:23:4f:0c:af:1b:0f:dd:66:5c:23:46:a1:3a:07:4e:
         3b:b4:62:7d:38:fb:9d:81:bb:80:2a:32:74:24:54:42:01:2f:
         b0:98:8f:13
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUH0wnKZOxzIW6ZdLuLkIy4aCFADkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTUxNjk5YTE3MDhmN2QzYzY0MmJhNTljZDkwZDM4NjBi
NWM0NTI3Y2FjYjJlOWE3YTNiNDc0Y2IwZTJhNDBiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKniItzdTdS/QwBs31S4MePdO6DWYyOlYXc9OhKWjjAtwb
re7lbolvx/5phb2TJpQG8Za+Dw0C+zQAu1DNbUU9QCRtU+ONf+R2cLzb3b6wcN7f
a1uXkfJ9Q7Gpq49HBerThVKbYSJaLFAU5i0W7gIJ/ggjy65P6H+nrRJDBZIu+/eW
Xk0bg1eflwreFXL+QHn0Upn20t8H9SAsa4cC8uhsuksJ/HOA4ahFp7W/boquC8Vx
ow19g131YMdU8SCaVcb69p/mMVNbM+GpsFqdNEsyOarwC4N9GKniKPlywcxQINuS
USTG6GvwnCb1B96pRKbU3veEEp1TEwPAqpkbkWTvAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUH8blG2V+z8fEH7oQQX8OSJCEi1MwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzcyMjQxZGM2LTU2YWUtNDMzNy1iYjRiLWI4NGZiZGFlNTFkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD77gAwDQYJKoZIhvcNAQELBQADggEBADwKFCY70P9jb2qSilORuA8G
uZ9N9WnoM/xEokdwrudjFUD7wtlWFbdNHkrh1egFEP1nWq3WChDmVOhSvQtNudYv
dOMfFjQ4yNpu0ORFScnjtbulzoLx3CmtEXynnc4H4/UlC4vhN3FvyrbLUvwok0rD
JKeeMyqyIDSV4Hn6Te5v/TQYTIUlQWrWoq6GH4KJfkn+FCZJFjsh9qsr+OaifpZT
RKx6oa3dElx0vhjVRsKblAr3IrydbBB9tzL1v2MqG+G2ToRk7oBVMCJ/eUyfeY4D
2ikFlJQMYEJvNyNPDK8bD91mXCNGoToHTju0Yn04+52Bu4AqMnQkVEIBL7CYjxM=
-----END CERTIFICATE-----