Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/c3cfc811-2379-40d0-911d-bea0ba2b9c30.roa
File:                     c3cfc811-2379-40d0-911d-bea0ba2b9c30.roa (raw, json)
Hash identifier:          NNcv0AOCyfNH/qbA9OVph81RRKS20C1DSsmI6yqNqxU=
Subject key identifier:   21:50:6F:E5:C5:DE:EC:85:85:24:6E:84:7C:CE:DB:E1:8F:DB:E6:B7
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       0AFD9DD154E3B95452F9F808968D74AC17C48AD3
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/c3cfc811-2379-40d0-911d-bea0ba2b9c30.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2605:9cc0:399::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:fd:9d:d1:54:e3:b9:54:52:f9:f8:08:96:8d:74:ac:17:c4:8a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=fba5d4053ecd0a1f5cb5dd820a4c2b5b60af4b94b33c760116b8cd0a9cadffe0, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0e:5a:66:38:63:29:01:c2:da:33:96:aa:0b:
                    a3:8c:e5:84:ab:7b:1a:7d:30:29:31:bb:23:27:c3:
                    2e:37:d7:86:cc:b8:c6:30:ca:e6:b0:6b:68:65:eb:
                    2c:49:eb:d9:59:fd:c6:5a:b1:35:2b:9e:06:d0:13:
                    8f:d4:dd:de:6f:ef:1e:c6:bc:35:ed:56:79:12:f9:
                    ef:96:e9:e6:94:e1:00:de:f7:ef:f7:fd:87:25:ae:
                    59:ab:40:c8:e3:dc:6e:ba:f6:f3:5d:3a:9e:88:a1:
                    d5:a2:ff:38:78:d9:31:06:21:d2:5e:94:f1:52:97:
                    d2:aa:28:7a:9e:1c:4c:9d:53:7b:db:3d:ae:e6:27:
                    0c:b9:17:3e:91:5c:61:05:e8:25:98:b7:8d:93:5b:
                    4c:47:ef:26:6f:26:39:71:79:51:be:bd:13:47:83:
                    8c:4b:26:e5:30:22:b8:a1:46:26:31:44:47:73:e5:
                    b6:61:6a:0c:02:51:a2:ae:cc:7d:5a:f9:d4:5d:56:
                    e1:8f:61:f6:d2:0d:10:b4:57:22:b6:43:da:28:61:
                    d7:a8:cb:42:c5:56:b2:e1:cc:d8:a5:c7:b3:d3:df:
                    61:69:9e:23:31:c3:a6:d8:94:42:ab:5c:e0:9c:10:
                    3f:9b:c2:50:6b:ed:4b:cb:7c:46:12:53:23:d5:1a:
                    be:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:50:6F:E5:C5:DE:EC:85:85:24:6E:84:7C:CE:DB:E1:8F:DB:E6:B7
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/c3cfc811-2379-40d0-911d-bea0ba2b9c30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:399::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:2d:29:6f:0e:75:fb:0d:dc:c4:a1:21:0c:2e:3d:c8:3c:cd:
         27:19:4a:08:fa:4c:9c:ba:23:0a:7c:7b:e9:ce:6c:ba:3f:46:
         a7:11:16:4e:f9:9a:cc:ed:65:e0:8a:b3:c7:bd:ad:5a:d9:b3:
         5b:b1:c9:93:eb:3d:76:fd:28:f8:ca:60:5a:77:d6:65:2d:3e:
         c5:c6:4f:b3:aa:63:5c:30:fe:6f:07:59:ab:43:f6:63:98:2c:
         33:84:43:99:a0:07:ea:5d:dc:7a:e4:8a:77:2e:ed:ea:46:30:
         e5:03:3a:03:61:06:fa:92:12:fe:73:26:2a:5b:d4:a6:3a:fd:
         00:34:e8:4c:98:69:99:4e:a5:08:db:09:ba:fc:33:1e:63:e3:
         fa:1f:9c:d3:1a:bd:e1:19:d7:94:0c:7a:b5:9e:99:e0:04:35:
         82:34:c6:d2:80:98:9a:99:06:18:ba:b7:22:3f:36:2a:cd:39:
         ec:80:c5:01:d3:99:e2:36:12:47:73:e5:ad:96:16:d5:83:02:
         1c:23:45:4c:45:f2:8a:77:33:c9:48:53:df:2d:d3:c5:58:45:
         c5:be:28:b2:44:87:46:95:c7:88:8a:50:31:d2:0d:5a:1e:bb:
         b0:20:ef:fc:c0:0e:1f:c3:54:1d:fd:2b:52:11:57:84:65:0d:
         09:92:f5:66
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCv2d0VTjuVRS+fgIlo10rBfEitMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYmE1ZDQwNTNlY2QwYTFmNWNiNWRkODIwYTRjMmI1YjYw
YWY0Yjk0YjMzYzc2MDExNmI4Y2QwYTljYWRmZmUwMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUDlpmOGMpAcLaM5aqC6OM5YSrexp9MCkxuyMnwy4314bM
uMYwyuawa2hl6yxJ69lZ/cZasTUrngbQE4/U3d5v7x7GvDXtVnkS+e+W6eaU4QDe
9+/3/YclrlmrQMjj3G669vNdOp6IodWi/zh42TEGIdJelPFSl9KqKHqeHEydU3vb
Pa7mJwy5Fz6RXGEF6CWYt42TW0xH7yZvJjlxeVG+vRNHg4xLJuUwIrihRiYxREdz
5bZhagwCUaKuzH1a+dRdVuGPYfbSDRC0VyK2Q9ooYdeoy0LFVrLhzNilx7PT32Fp
niMxw6bYlEKrXOCcED+bwlBr7UvLfEYSUyPVGr4rAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUIVBv5cXe7IWFJG6EfM7b4Y/b5rcwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiL2MzY2ZjODExLTIzNzktNDBkMC05MTFkLWJlYTBiYTJiOWMzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzAA5kwDQYJKoZIhvcNAQELBQADggEBAGAtKW8OdfsN3MShIQwuPcg8
zScZSgj6TJy6Iwp8e+nObLo/RqcRFk75msztZeCKs8e9rVrZs1uxyZPrPXb9KPjK
YFp31mUtPsXGT7OqY1ww/m8HWatD9mOYLDOEQ5mgB+pd3Hrkincu7epGMOUDOgNh
BvqSEv5zJipb1KY6/QA06EyYaZlOpQjbCbr8Mx5j4/ofnNMaveEZ15QMerWemeAE
NYI0xtKAmJqZBhi6tyI/NirNOeyAxQHTmeI2Ekdz5a2WFtWDAhwjRUxF8op3M8lI
U98t08VYRcW+KLJEh0aVx4iKUDHSDVoeu7Ag7/zADh/DVB39K1IRV4RlDQmS9WY=
-----END CERTIFICATE-----