Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/86b10ce8-13f0-4570-9b30-d060db1fc6c1.roa
File:                     86b10ce8-13f0-4570-9b30-d060db1fc6c1.roa (raw, json)
Hash identifier:          cwX1zp28Tzj2lctzvBmVxceC7aXlVy4wvxxpKfXxtNs=
Subject key identifier:   1F:D6:8A:86:2F:AB:98:19:E9:59:67:8E:EB:7E:42:EC:5F:5B:E7:7A
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       34ACD9B3DBC5B80EAE08E459D9BFDB18ABB19755
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/86b10ce8-13f0-4570-9b30-d060db1fc6c1.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2605:9cc0:c03::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:ac:d9:b3:db:c5:b8:0e:ae:08:e4:59:d9:bf:db:18:ab:b1:97:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: serialNumber=95c98417df27ac083b2575d4ec1d179ccb0bd1b40f3b0300913e8bb97399c8a9, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:66:c9:bd:89:ee:e9:e7:b3:44:58:cf:45:ef:
                    5d:b0:b2:a1:99:ab:be:24:50:73:84:41:45:dc:a5:
                    a8:c0:32:00:d9:47:a1:1c:1d:f0:50:83:a5:28:f8:
                    ce:03:4f:73:f2:60:2a:b4:d1:c2:ec:9e:0b:84:f1:
                    15:1c:27:bf:76:3f:ab:6c:e9:b6:ce:4c:da:05:90:
                    30:99:16:40:c3:e8:94:d6:c7:4d:c8:fc:f4:99:48:
                    71:34:db:fa:01:8c:9b:ac:09:8c:9a:95:5c:f7:5e:
                    fb:d7:f8:1a:52:42:44:53:d6:3a:72:87:86:35:fa:
                    23:c8:da:a5:67:7b:32:87:66:f9:ae:9e:a7:9c:0b:
                    89:80:dc:85:e9:56:7f:14:75:8b:6f:4e:a7:9e:07:
                    98:c0:06:a7:14:81:fa:d4:db:f8:3d:73:55:d4:d9:
                    9d:e9:03:06:d8:34:32:54:8b:63:5a:35:12:d6:45:
                    ba:65:35:4e:2d:97:83:9e:03:68:72:21:54:57:bc:
                    db:c5:f5:81:7c:5d:5a:45:e2:05:57:9d:65:93:f9:
                    c5:67:c2:d9:48:3a:ca:38:f5:32:40:46:b3:06:3c:
                    43:b2:9d:ba:c1:65:76:93:47:64:20:50:1d:83:ad:
                    54:d6:07:8c:e3:48:8e:75:ed:d4:5c:b6:14:38:40:
                    05:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D6:8A:86:2F:AB:98:19:E9:59:67:8E:EB:7E:42:EC:5F:5B:E7:7A
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/86b10ce8-13f0-4570-9b30-d060db1fc6c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:c03::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:7c:a8:c8:5a:bb:ff:59:a3:ab:32:87:d1:2a:f7:92:b4:72:
         f4:22:9e:89:38:84:23:b7:f9:56:4b:91:5b:6c:82:25:15:b1:
         a7:1b:cd:1c:e6:93:eb:af:ef:29:a6:5c:8c:76:fa:e9:45:0c:
         60:97:bc:55:66:a5:fd:c9:d1:92:61:9c:3a:24:af:b1:e7:35:
         6a:d1:41:37:66:c1:af:dc:e5:28:fe:c5:40:78:80:5f:63:26:
         23:01:5e:b3:c0:4d:73:94:06:f3:7a:3e:e1:62:b9:17:83:69:
         01:1d:23:73:2a:e7:4e:18:16:f6:4e:72:78:3b:d7:16:34:29:
         93:30:03:5a:30:28:fb:c8:ab:30:ee:f3:42:67:8f:b4:86:e8:
         22:0a:ab:5d:ab:87:38:e6:04:7c:42:07:94:ab:ec:f7:8b:ba:
         f6:ad:f0:c7:7f:33:8f:d4:42:5b:f4:e7:eb:78:55:d7:35:b8:
         0d:94:65:b5:86:d5:0b:83:29:81:10:e3:07:a1:39:92:b3:75:
         5a:39:2f:4f:58:e2:7b:4d:1d:c0:3e:5e:a6:1c:7a:90:d8:0e:
         cb:5b:cf:89:97:3c:f6:fe:35:40:f8:11:78:26:29:a8:86:5a:
         3f:e9:61:a8:43:5b:bb:88:26:f7:fb:48:05:2e:fc:a8:21:29:
         be:77:86:b4
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUNKzZs9vFuA6uCORZ2b/bGKuxl1UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWM5ODQxN2RmMjdhYzA4M2IyNTc1ZDRlYzFkMTc5Y2Ni
MGJkMWI0MGYzYjAzMDA5MTNlOGJiOTczOTljOGE5MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkZsm9ie7p57NEWM9F712wsqGZq74kUHOEQUXcpajAMgDZ
R6EcHfBQg6Uo+M4DT3PyYCq00cLsnguE8RUcJ792P6ts6bbOTNoFkDCZFkDD6JTW
x03I/PSZSHE02/oBjJusCYyalVz3XvvX+BpSQkRT1jpyh4Y1+iPI2qVnezKHZvmu
nqecC4mA3IXpVn8UdYtvTqeeB5jABqcUgfrU2/g9c1XU2Z3pAwbYNDJUi2NaNRLW
RbplNU4tl4OeA2hyIVRXvNvF9YF8XVpF4gVXnWWT+cVnwtlIOso49TJARrMGPEOy
nbrBZXaTR2QgUB2DrVTWB4zjSI517dRcthQ4QAXfAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUH9aKhi+rmBnpWWeO635C7F9b53owHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzg2YjEwY2U4LTEzZjAtNDU3MC05YjMwLWQwNjBkYjFmYzZjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzADAMwDQYJKoZIhvcNAQELBQADggEBAKZ8qMhau/9Zo6syh9Eq95K0
cvQinok4hCO3+VZLkVtsgiUVsacbzRzmk+uv7ymmXIx2+ulFDGCXvFVmpf3J0ZJh
nDokr7HnNWrRQTdmwa/c5Sj+xUB4gF9jJiMBXrPATXOUBvN6PuFiuReDaQEdI3Mq
504YFvZOcng71xY0KZMwA1owKPvIqzDu80Jnj7SG6CIKq12rhzjmBHxCB5Sr7PeL
uvat8Md/M4/UQlv05+t4Vdc1uA2UZbWG1QuDKYEQ4wehOZKzdVo5L09Y4ntNHcA+
XqYcepDYDstbz4mXPPb+NUD4EXgmKaiGWj/pYahDW7uIJvf7SAUu/KghKb53hrQ=
-----END CERTIFICATE-----