Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a1083a01-360a-4b23-a3a3-630df82536fc.roa
File:                     a1083a01-360a-4b23-a3a3-630df82536fc.roa (raw, json)
Hash identifier:          0o8a3x8VXxKrHNgyzzXmNM68Rq6BuJnPg5DHAFqrfAY=
Subject key identifier:   34:02:4A:20:AF:98:C9:3E:A6:C3:D5:93:39:58:41:0D:81:2C:35:A2
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3E9112BCC4933578FE37FC1F67BBAC2F003C2348
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a1083a01-360a-4b23-a3a3-630df82536fc.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:80::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:91:12:bc:c4:93:35:78:fe:37:fc:1f:67:bb:ac:2f:00:3c:23:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=9bd95296991284416d168539916a4522fdd95119f69099e4e47667f8f907db0a, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a6:b4:54:88:a9:7e:54:98:da:c1:54:dc:aa:
                    c0:d4:11:c8:c9:08:38:82:ac:f1:cf:66:e5:80:08:
                    ea:7e:3b:cc:d0:a9:9c:ed:58:61:fa:39:16:38:b0:
                    b9:7a:51:95:9f:fe:91:b5:4b:05:67:af:bf:31:cc:
                    1a:b3:58:89:15:b2:6d:da:f0:33:a2:8e:31:21:28:
                    26:1f:a9:03:f9:52:f1:c4:1f:c0:26:c2:9b:de:78:
                    ec:68:82:f4:27:23:43:13:02:e9:12:d1:33:99:92:
                    ea:18:5c:22:eb:12:12:a9:bb:21:a7:cc:00:63:b6:
                    67:42:e2:4d:d5:c6:23:69:9f:2d:a5:e0:c4:ab:b8:
                    ba:2c:46:e6:54:c7:0c:57:4f:97:c3:43:48:30:13:
                    de:a5:cd:f8:f8:04:b7:b9:f8:78:ed:4b:f3:4d:3b:
                    8f:21:3b:1a:56:d6:7e:f8:61:ce:9d:21:e7:e2:5a:
                    35:9b:c0:a3:2b:e2:6d:df:9f:66:2a:2f:b3:25:2d:
                    5e:bf:86:a3:3b:ea:32:72:83:d7:05:ae:d6:3b:7e:
                    16:d9:61:a4:0c:17:62:4d:f6:36:af:c9:1f:a6:57:
                    36:36:cb:37:48:3e:20:29:a7:81:af:1a:49:07:9c:
                    4f:77:7d:7c:0d:4e:db:9d:39:69:ff:96:da:06:42:
                    0c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:02:4A:20:AF:98:C9:3E:A6:C3:D5:93:39:58:41:0D:81:2C:35:A2
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a1083a01-360a-4b23-a3a3-630df82536fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:94:aa:09:72:41:17:7b:c8:b5:41:83:ed:cc:bc:ba:8b:ae:
         55:07:8c:4c:eb:82:a0:b2:d0:03:61:61:69:a2:24:d5:08:e9:
         fa:ec:dc:b0:d4:49:8c:de:99:14:ca:dd:fb:2f:44:84:70:70:
         1c:9d:a6:29:ce:d7:ac:32:1e:da:96:ed:fd:bc:db:45:c4:2c:
         43:fc:3e:bb:ea:6e:6b:53:7f:4e:83:5c:bc:41:8b:2c:a1:c4:
         58:93:7f:0a:89:50:32:6d:1b:7d:b3:a9:b3:17:22:b1:d9:a8:
         f8:b4:b7:3c:1f:70:0a:60:a0:cf:9e:81:ed:dc:98:78:14:d8:
         3b:52:76:03:3d:a8:09:e8:f7:ba:8f:26:ec:24:67:52:62:07:
         8e:d1:60:53:05:c9:65:37:81:a2:36:ab:b3:3f:5f:43:70:74:
         5d:54:aa:b3:81:6d:3c:29:8a:33:73:42:3a:61:5b:42:a0:da:
         f4:29:c8:f6:ca:2e:fa:2c:99:f1:01:59:b7:8c:91:9d:7b:b6:
         2f:74:bc:b7:4e:b6:2d:36:72:8a:12:ee:2c:08:58:2c:00:1e:
         2e:b4:96:7b:6b:28:85:7d:2b:ab:3e:0c:70:13:5c:0a:23:bb:
         3d:9b:e7:b6:4a:79:85:1f:b6:7a:f6:18:73:42:ee:96:32:a0:
         81:b5:c8:03
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUPpESvMSTNXj+N/wfZ7usLwA8I0gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YmQ5NTI5Njk5MTI4NDQxNmQxNjg1Mzk5MTZhNDUyMmZk
ZDk1MTE5ZjY5MDk5ZTRlNDc2NjdmOGY5MDdkYjBhMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3prRUiKl+VJjawVTcqsDUEcjJCDiCrPHPZuWACOp+O8zQ
qZztWGH6ORY4sLl6UZWf/pG1SwVnr78xzBqzWIkVsm3a8DOijjEhKCYfqQP5UvHE
H8AmwpveeOxogvQnI0MTAukS0TOZkuoYXCLrEhKpuyGnzABjtmdC4k3VxiNpny2l
4MSruLosRuZUxwxXT5fDQ0gwE96lzfj4BLe5+HjtS/NNO48hOxpW1n74Yc6dIefi
WjWbwKMr4m3fn2YqL7MlLV6/hqM76jJyg9cFrtY7fhbZYaQMF2JN9javyR+mVzY2
yzdIPiApp4GvGkkHnE93fXwNTtudOWn/ltoGQgyJAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUNAJKIK+YyT6mw9WTOVhBDYEsNaIwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2ExMDgzYTAxLTM2MGEtNGIyMy1hM2EzLTYzMGRmODI1MzZmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAIAwDQYJKoZIhvcNAQELBQADggEBAJGUqglyQRd7yLVBg+3MvLqL
rlUHjEzrgqCy0ANhYWmiJNUI6frs3LDUSYzemRTK3fsvRIRwcBydpinO16wyHtqW
7f2820XELEP8PrvqbmtTf06DXLxBiyyhxFiTfwqJUDJtG32zqbMXIrHZqPi0tzwf
cApgoM+ege3cmHgU2DtSdgM9qAno97qPJuwkZ1JiB47RYFMFyWU3gaI2q7M/X0Nw
dF1UqrOBbTwpijNzQjphW0Kg2vQpyPbKLvosmfEBWbeMkZ17ti90vLdOti02cooS
7iwIWCwAHi60lntrKIV9K6s+DHATXAojuz2b57ZKeYUftnr2GHNC7pYyoIG1yAM=
-----END CERTIFICATE-----