Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/adb258f2-061e-4e94-b6ee-d4de9405ec61.roa
File:                     adb258f2-061e-4e94-b6ee-d4de9405ec61.roa (raw, json)
Hash identifier:          SNlcFq4Z1Q0vcvmhdoLL8bNvTuka9CgZ1nN6FrRFuN0=
Subject key identifier:   F3:20:91:F8:9F:0B:7E:84:06:0D:16:40:DC:E4:46:C7:38:89:0D:49
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       518D20BA968DC237FD2506C3CCFEFD75182798DD
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/adb258f2-061e-4e94-b6ee-d4de9405ec61.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:8000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:8d:20:ba:96:8d:c2:37:fd:25:06:c3:cc:fe:fd:75:18:27:98:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=1e8171d0528b8c90fb90a2ce740aa00be216bebb2b35fc935b4bfd3dc1fa520b, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5a:3e:55:aa:e6:1f:12:d8:6e:4a:37:6e:fa:
                    e6:a1:d8:32:66:7e:b3:5e:dc:86:33:f1:6f:f3:88:
                    39:a2:72:be:a7:2f:17:c0:80:83:f1:fd:f2:51:de:
                    90:1f:87:35:61:15:6b:96:91:1e:bb:13:2c:ea:ca:
                    b5:1b:9f:76:0c:3f:d6:d1:5b:64:82:ff:ec:5a:b2:
                    18:20:7d:d0:74:56:14:2e:c0:bf:34:f0:b4:f6:00:
                    d2:ee:c5:91:bb:cd:6a:3f:e5:a1:d7:33:8f:e8:2c:
                    19:46:94:c7:d0:22:91:a9:ad:83:a4:6e:7f:75:0b:
                    4b:c5:65:9d:ff:f2:73:95:51:16:dd:dd:d9:7f:9d:
                    2c:04:f2:2d:3f:a4:fc:83:20:c7:b6:be:53:ea:8c:
                    a5:b4:fa:0c:3e:41:bd:f2:02:0f:b0:f5:41:0b:6e:
                    ce:14:76:b0:6c:cd:a1:05:3a:19:dd:6d:7c:e8:5a:
                    8b:4e:a0:58:9b:1c:ae:35:52:bd:86:a4:a4:7e:92:
                    cb:4b:29:0b:65:b9:0c:88:59:6e:a6:3f:69:fe:7c:
                    cf:c6:11:fc:72:63:43:6f:28:db:5a:0d:20:b9:b0:
                    9d:3e:c7:bb:ea:c8:07:1c:7b:c0:94:4f:33:8d:14:
                    fc:b7:58:3a:fb:ca:1e:6d:d8:33:42:bf:bd:32:29:
                    ec:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:20:91:F8:9F:0B:7E:84:06:0D:16:40:DC:E4:46:C7:38:89:0D:49
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/adb258f2-061e-4e94-b6ee-d4de9405ec61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:b2:df:7a:ab:4d:8f:7e:2e:a6:e3:64:6d:5b:83:6c:6b:49:
         5d:95:9b:e0:8d:a0:ee:8c:96:f4:a9:0c:09:3f:58:98:fa:67:
         5e:7f:5e:36:15:09:7f:a4:45:fd:59:ca:8e:81:d5:c2:e5:a5:
         a8:70:a2:a6:f7:90:f8:bf:f6:25:59:71:99:e2:4b:e3:86:e3:
         44:ec:f0:e5:2d:97:d2:dc:b0:ea:c7:71:41:ae:a9:0c:75:90:
         31:84:86:17:75:97:0f:cc:c7:6e:74:03:2a:b5:0b:a6:32:97:
         88:5e:76:de:e2:ce:5e:cc:25:e4:b4:05:69:8b:8c:78:cb:7e:
         18:05:ae:35:69:47:3c:fd:f0:9d:71:b4:27:e7:96:ee:b6:15:
         38:b5:fd:22:f4:14:bb:2f:2e:5c:ab:28:11:82:b0:3b:9b:31:
         e6:30:ac:82:b1:55:46:e7:03:49:49:c2:95:70:5b:00:ca:08:
         71:e1:cf:9a:7c:4a:49:79:d2:7d:26:62:a7:11:38:a7:2c:86:
         ac:91:d5:53:08:ae:55:de:3e:ba:8e:c0:05:b4:b3:63:83:77:
         13:1a:8f:96:f7:29:83:58:8d:51:17:a7:86:b5:04:ff:ce:77:
         1f:7d:e9:ca:95:23:85:e0:1a:e9:c9:92:4e:44:47:93:41:94:
         2a:99:8d:7b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUUY0gupaNwjf9JQbDzP79dRgnmN0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTgxNzFkMDUyOGI4YzkwZmI5MGEyY2U3NDBhYTAwYmUy
MTZiZWJiMmIzNWZjOTM1YjRiZmQzZGMxZmE1MjBiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhWj5VquYfEthuSjdu+uah2DJmfrNe3IYz8W/ziDmicr6n
LxfAgIPx/fJR3pAfhzVhFWuWkR67EyzqyrUbn3YMP9bRW2SC/+xashggfdB0VhQu
wL808LT2ANLuxZG7zWo/5aHXM4/oLBlGlMfQIpGprYOkbn91C0vFZZ3/8nOVURbd
3dl/nSwE8i0/pPyDIMe2vlPqjKW0+gw+Qb3yAg+w9UELbs4UdrBszaEFOhndbXzo
WotOoFibHK41Ur2GpKR+kstLKQtluQyIWW6mP2n+fM/GEfxyY0NvKNtaDSC5sJ0+
x7vqyAcce8CUTzONFPy3WDr7yh5t2DNCv70yKewnAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU8yCR+J8LfoQGDRZA3ORGxziJDUkwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2FkYjI1OGYyLTA2MWUtNGU5NC1iNmVlLWQ0ZGU5NDA1ZWM2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwgDANBgkqhkiG9w0BAQsFAAOCAQEAnbLfeqtNj34upuNkbVuDbGtJ
XZWb4I2g7oyW9KkMCT9YmPpnXn9eNhUJf6RF/VnKjoHVwuWlqHCipveQ+L/2JVlx
meJL44bjROzw5S2X0tyw6sdxQa6pDHWQMYSGF3WXD8zHbnQDKrULpjKXiF523uLO
Xswl5LQFaYuMeMt+GAWuNWlHPP3wnXG0J+eW7rYVOLX9IvQUuy8uXKsoEYKwO5sx
5jCsgrFVRucDSUnClXBbAMoIceHPmnxKSXnSfSZipxE4pyyGrJHVUwiuVd4+uo7A
BbSzY4N3ExqPlvcpg1iNURenhrUE/853H33pypUjheAa6cmSTkRHk0GUKpmNew==
-----END CERTIFICATE-----