Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a84b381b-bc70-4b19-91a5-fa66fa80011e.roa
File:                     a84b381b-bc70-4b19-91a5-fa66fa80011e.roa (raw, json)
Hash identifier:          zjN96lSRvjnHDdtGZugp9MjEgx4ZpFyTa7NSsVyvkXg=
Subject key identifier:   85:45:39:63:FE:E8:22:D9:AF:C3:F1:0A:80:61:AD:EB:36:6F:DA:D1
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       3A96BE8ABF3A8A8CDF3EF99315187492EA8AD8D6
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a84b381b-bc70-4b19-91a5-fa66fa80011e.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f2:7000::/44 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:96:be:8a:bf:3a:8a:8c:df:3e:f9:93:15:18:74:92:ea:8a:d8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=ed6e7e437dccf98fdfffc30953ab0259720498fbaa1f46bd4eec8933a7581370, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:39:16:79:ab:a1:9a:42:72:0a:bd:3e:65:9b:
                    88:52:48:9f:da:aa:8c:ed:4d:3e:27:92:f3:aa:cb:
                    a4:6e:2c:fe:94:76:c6:75:18:33:3d:83:d1:6b:1a:
                    d6:e4:0e:ac:f7:8d:54:94:31:cf:81:4d:20:47:81:
                    fb:63:e2:ab:0e:29:f9:c4:de:a4:41:83:f6:d0:6b:
                    18:97:3d:d9:df:25:64:e3:99:58:83:57:25:19:a8:
                    71:e3:b9:ce:b1:cc:53:2d:1f:42:60:c8:90:6c:64:
                    d5:cb:2c:8b:51:9a:41:e6:bf:fc:b8:4f:69:3d:cc:
                    f9:ec:0b:93:88:2c:fb:60:6f:fa:5c:11:9b:f3:0b:
                    f9:65:46:e5:f2:f5:55:3c:e2:4e:12:ef:42:6b:5d:
                    3e:74:d6:a5:62:9d:e5:8e:27:9e:2d:25:6a:4d:39:
                    e9:25:eb:f2:2b:19:ef:7a:be:22:51:af:29:f8:54:
                    b1:49:e8:91:46:62:ae:64:c6:5f:dc:b5:4e:87:59:
                    15:dd:4d:34:25:0d:7a:93:28:71:19:d1:9c:07:18:
                    84:b8:c4:d3:bd:0e:c4:c5:39:28:df:1f:da:32:32:
                    50:47:6e:2b:bd:00:f1:94:c9:a2:03:ec:6d:f8:4d:
                    53:4a:bc:99:06:af:84:dc:30:fd:8c:ab:b5:f4:76:
                    78:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:45:39:63:FE:E8:22:D9:AF:C3:F1:0A:80:61:AD:EB:36:6F:DA:D1
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a84b381b-bc70-4b19-91a5-fa66fa80011e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f2:7000::/44

    Signature Algorithm: sha256WithRSAEncryption
         05:60:c0:f8:ec:da:83:72:3e:ca:34:00:77:a7:78:7f:d4:61:
         2f:b8:14:8d:f4:5a:36:6a:26:7a:42:a9:77:65:00:33:48:be:
         43:c5:a2:21:88:71:d9:85:99:9b:1d:e3:4f:86:26:30:95:94:
         02:2c:23:a3:53:bb:68:de:12:36:ab:62:b1:2a:50:19:98:22:
         a8:51:cf:6b:58:27:cb:ad:2f:12:70:06:33:ee:65:0f:d7:48:
         e5:43:e1:8c:ba:57:59:05:fd:aa:2c:2c:b6:56:39:3d:2d:15:
         b7:bc:0b:cf:cb:8a:08:24:69:f1:6c:61:b1:a4:99:2c:b2:ce:
         bc:9b:2c:ba:ab:9d:56:5d:a2:3f:ed:84:ca:d1:f0:bc:49:74:
         a7:d4:a8:33:89:6d:86:10:12:59:50:d8:eb:17:67:59:c8:04:
         c2:67:2a:53:ec:66:4f:a0:15:95:5f:cd:2c:50:b4:b3:3a:80:
         9b:ab:d6:8c:d9:d5:a2:4b:de:e3:62:ad:b4:74:da:bd:d3:79:
         6d:ec:f1:49:47:f8:66:d8:29:ed:8a:61:62:70:47:c7:8f:de:
         9f:66:7c:4d:dc:18:90:f9:18:cb:9d:e0:d2:d6:ac:af:8b:ea:
         4f:97:d7:db:11:7f:79:9c:09:bd:1f:f2:54:76:64:8f:f6:41:
         11:4d:ec:0b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUOpa+ir86iozfPvmTFRh0kuqK2NYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDZlN2U0MzdkY2NmOThmZGZmZmMzMDk1M2FiMDI1OTcy
MDQ5OGZiYWExZjQ2YmQ0ZWVjODkzM2E3NTgxMzcwMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVORZ5q6GaQnIKvT5lm4hSSJ/aqoztTT4nkvOqy6RuLP6U
dsZ1GDM9g9FrGtbkDqz3jVSUMc+BTSBHgftj4qsOKfnE3qRBg/bQaxiXPdnfJWTj
mViDVyUZqHHjuc6xzFMtH0JgyJBsZNXLLItRmkHmv/y4T2k9zPnsC5OILPtgb/pc
EZvzC/llRuXy9VU84k4S70JrXT501qVineWOJ54tJWpNOekl6/IrGe96viJRryn4
VLFJ6JFGYq5kxl/ctU6HWRXdTTQlDXqTKHEZ0ZwHGIS4xNO9DsTFOSjfH9oyMlBH
biu9APGUyaID7G34TVNKvJkGr4TcMP2Mq7X0dnh3AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUhUU5Y/7oItmvw/EKgGGt6zZv2tEwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2E4NGIzODFiLWJjNzAtNGIxOS05MWE1LWZhNjZmYTgwMDExZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmAPDycAAwDQYJKoZIhvcNAQELBQADggEBAAVgwPjs2oNyPso0AHeneH/U
YS+4FI30WjZqJnpCqXdlADNIvkPFoiGIcdmFmZsd40+GJjCVlAIsI6NTu2jeEjar
YrEqUBmYIqhRz2tYJ8utLxJwBjPuZQ/XSOVD4Yy6V1kF/aosLLZWOT0tFbe8C8/L
iggkafFsYbGkmSyyzrybLLqrnVZdoj/thMrR8LxJdKfUqDOJbYYQEllQ2OsXZ1nI
BMJnKlPsZk+gFZVfzSxQtLM6gJur1ozZ1aJL3uNirbR02r3TeW3s8UlH+GbYKe2K
YWJwR8eP3p9mfE3cGJD5GMud4NLWrK+L6k+X19sRf3mcCb0f8lR2ZI/2QRFN7As=
-----END CERTIFICATE-----