Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/83f507f9-6df5-4947-842f-b89f2709cc4a.roa
File:                     83f507f9-6df5-4947-842f-b89f2709cc4a.roa (raw, json)
Hash identifier:          I6C9w7ZOxyhG4VYecUiXc+uu6RqJQb8NYTrhg8DQxi0=
Subject key identifier:   29:1D:E4:F6:16:00:D7:99:72:7E:E8:F3:60:87:86:A7:CD:0E:B6:9A
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       48C91974B093038CE62D6E805B01B0A31FE66AAA
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/83f507f9-6df5-4947-842f-b89f2709cc4a.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:ef00::/42 maxlen: 42
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:c9:19:74:b0:93:03:8c:e6:2d:6e:80:5b:01:b0:a3:1f:e6:6a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=770a777e38ce7fe5f34d95aceebca4c05cedbf1d8d91b3cdd9daccb244037c62, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e7:15:83:4b:2d:53:4f:44:31:c2:5f:ab:95:
                    7e:36:cf:80:75:e9:c7:b8:d0:a8:bb:5e:49:59:04:
                    26:50:bb:5b:e8:d9:17:c4:95:6e:c6:1e:75:c8:45:
                    71:cb:b0:ab:38:99:e6:15:d3:f3:b5:a5:48:ae:c4:
                    f0:2f:b4:5d:65:0d:0e:4c:19:45:c0:df:84:87:49:
                    1f:99:e3:40:47:a8:2d:25:28:a4:1b:44:6c:87:96:
                    d8:4b:3a:3a:b7:20:a9:e9:73:bf:16:33:8a:b5:73:
                    8c:23:44:9e:30:bf:43:56:86:de:26:6b:bf:80:1a:
                    0b:00:12:5f:72:96:bf:c2:df:67:14:2b:b2:5d:58:
                    55:10:c4:63:db:91:c2:0a:8e:92:5d:36:c0:3a:12:
                    87:64:c5:80:8b:2c:e6:94:c7:4b:ef:54:ec:9f:17:
                    ff:b3:a5:4a:b6:ca:38:ca:e5:e6:4c:3f:f8:28:de:
                    17:2a:75:75:6e:06:46:c9:55:67:fc:a5:ff:65:14:
                    c8:b6:1b:01:e1:1a:19:11:97:05:90:a0:3d:5f:84:
                    91:a0:71:5c:49:f2:17:0b:7f:f4:8d:fb:5c:38:e2:
                    2a:68:6c:df:ae:6c:94:9c:2e:26:6e:62:51:d0:87:
                    22:67:f7:bf:13:dd:73:b5:67:d0:ed:ce:60:dd:cc:
                    85:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:1D:E4:F6:16:00:D7:99:72:7E:E8:F3:60:87:86:A7:CD:0E:B6:9A
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/83f507f9-6df5-4947-842f-b89f2709cc4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ef00::/42

    Signature Algorithm: sha256WithRSAEncryption
         01:0f:05:4a:dc:d7:e2:fa:d4:31:9d:4f:5c:dc:c7:10:ac:d3:
         48:29:72:d3:6b:99:2e:e8:b6:1b:21:23:1a:8c:9a:5c:2d:d1:
         e2:54:d5:a0:1e:33:1d:b8:d3:d0:39:9e:1e:de:17:84:f7:0c:
         bc:63:e0:b6:8c:f7:1f:bf:5a:df:13:6f:9a:14:39:aa:d7:82:
         57:3f:29:f1:d9:6d:57:26:04:17:a5:7d:11:fa:6e:76:38:f0:
         44:96:d2:47:5c:fa:e0:31:69:09:94:41:56:f1:37:15:ec:12:
         9d:65:03:c7:91:b3:83:78:16:27:f8:be:a2:35:b9:6b:a4:4f:
         86:27:02:cc:35:53:76:63:b1:ed:b1:d4:a9:93:5e:ca:df:90:
         a3:eb:ec:0e:56:b0:2d:70:b4:69:50:6b:d8:1f:8a:7c:91:2a:
         7a:ae:5b:69:18:58:81:e2:13:6b:2c:4c:53:0f:ef:3b:ea:0e:
         c0:bb:a8:e1:84:c3:b7:89:0f:21:3f:b7:34:df:93:7e:f3:7a:
         60:02:db:f5:35:c6:1a:50:8f:81:87:c0:f5:7b:69:57:ae:92:
         a9:a2:c1:c0:e0:24:18:10:ac:5f:bf:08:70:b3:fa:1d:0a:33:
         82:6d:3e:ba:2d:35:c3:d8:70:e2:55:1a:96:26:98:0d:89:1a:
         8e:2e:e7:03
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUSMkZdLCTA4zmLW6AWwGwox/maqowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NzBhNzc3ZTM4Y2U3ZmU1ZjM0ZDk1YWNlZWJjYTRjMDVj
ZWRiZjFkOGQ5MWIzY2RkOWRhY2NiMjQ0MDM3YzYyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCg5xWDSy1TT0Qxwl+rlX42z4B16ce40Ki7XklZBCZQu1vo
2RfElW7GHnXIRXHLsKs4meYV0/O1pUiuxPAvtF1lDQ5MGUXA34SHSR+Z40BHqC0l
KKQbRGyHlthLOjq3IKnpc78WM4q1c4wjRJ4wv0NWht4ma7+AGgsAEl9ylr/C32cU
K7JdWFUQxGPbkcIKjpJdNsA6EodkxYCLLOaUx0vvVOyfF/+zpUq2yjjK5eZMP/go
3hcqdXVuBkbJVWf8pf9lFMi2GwHhGhkRlwWQoD1fhJGgcVxJ8hcLf/SN+1w44ipo
bN+ubJScLiZuYlHQhyJn978T3XO1Z9DtzmDdzIV1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUKR3k9hYA15lyfujzYIeGp80OtpowHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzgzZjUwN2Y5LTZkZjUtNDk0Ny04NDJmLWI4OWYyNzA5Y2M0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPD77wAwDQYJKoZIhvcNAQELBQADggEBAAEPBUrc1+L61DGdT1zcxxCs
00gpctNrmS7othshIxqMmlwt0eJU1aAeMx2409A5nh7eF4T3DLxj4LaM9x+/Wt8T
b5oUOarXglc/KfHZbVcmBBelfRH6bnY48ESW0kdc+uAxaQmUQVbxNxXsEp1lA8eR
s4N4Fif4vqI1uWukT4YnAsw1U3Zjse2x1KmTXsrfkKPr7A5WsC1wtGlQa9gfinyR
KnquW2kYWIHiE2ssTFMP7zvqDsC7qOGEw7eJDyE/tzTfk37zemAC2/U1xhpQj4GH
wPV7aVeukqmiwcDgJBgQrF+/CHCz+h0KM4JtProtNcPYcOJVGpYmmA2JGo4u5wM=
-----END CERTIFICATE-----