Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/344bc29d-01a1-4e8a-bded-f30ec2519804.roa
File:                     344bc29d-01a1-4e8a-bded-f30ec2519804.roa (raw, json)
Hash identifier:          TxD6SQBDwcIQ02KmeU7aUA+0ZHMxEzRJtvxnD+m7oZI=
Subject key identifier:   BB:17:E0:52:9E:91:BA:8F:EF:30:0D:FE:3F:34:3A:5C:07:3F:87:75
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1CE2674313CF5F8B6C8075EEEE5ABF3461EA0DFC
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/344bc29d-01a1-4e8a-bded-f30ec2519804.roa
Signing time:             Tue 04 Mar 2025 23:50:40 +0000
ROA not before:           Tue 04 Mar 2025 23:50:40 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:700::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:e2:67:43:13:cf:5f:8b:6c:80:75:ee:ee:5a:bf:34:61:ea:0d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar  4 23:50:40 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b9:e8:9c:93:9e:e9:5a:1b:a0:22:8f:bf:23:
                    0b:52:2c:e7:16:be:4e:26:47:11:e0:ec:5f:95:3e:
                    bc:fc:12:66:12:ca:4a:12:e0:98:ea:33:3c:71:5b:
                    c2:60:42:f3:44:0e:5b:47:48:b6:89:3a:c7:eb:02:
                    bb:18:ec:ba:3a:f6:67:ec:a3:ed:e1:3b:96:38:9d:
                    11:04:ef:95:b9:50:89:7b:e5:72:9d:af:65:f5:45:
                    27:59:b1:8a:ae:a7:a9:e5:ce:dc:f1:56:ab:94:75:
                    5d:4d:98:dc:fd:6b:fa:59:d7:bc:40:e2:77:af:87:
                    b6:73:03:c8:b7:e0:18:77:7c:3a:e9:07:d8:0b:0f:
                    01:14:d4:b9:ac:70:e9:a8:27:14:6d:8d:38:99:b7:
                    ad:aa:30:f8:25:49:92:39:45:69:9f:18:b1:e8:f9:
                    62:dc:ce:32:9a:26:e0:e6:5b:58:44:f6:40:86:8a:
                    37:6f:9e:0c:25:ff:5a:6e:04:eb:57:f8:d1:54:0a:
                    2e:33:3c:18:76:4d:2a:e8:e6:a3:8c:9b:dc:01:6c:
                    01:2a:97:67:81:a9:d3:01:74:14:53:2a:f4:c8:8d:
                    e4:34:2a:24:00:b1:d3:ad:5d:83:e8:4b:0c:03:4e:
                    87:89:cf:72:a2:90:ba:ef:c4:b5:1d:a3:d3:ff:c4:
                    80:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:17:E0:52:9E:91:BA:8F:EF:30:0D:FE:3F:34:3A:5C:07:3F:87:75
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/344bc29d-01a1-4e8a-bded-f30ec2519804.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:20:9f:1c:81:75:90:90:5b:21:21:1c:49:2b:8d:01:67:fd:
         9b:43:8f:34:09:50:34:5b:1c:44:cd:07:89:76:fe:1c:00:89:
         9c:5e:9e:d9:a2:d7:a4:ef:27:85:b6:d1:3a:a9:b3:42:8a:02:
         2e:66:e0:1a:8b:c9:b7:d5:e6:cc:bf:d9:f2:0e:ba:06:63:17:
         6c:59:7d:27:a4:66:d3:3e:4e:d5:99:4b:89:39:3b:74:1a:64:
         2e:7f:c9:57:81:2b:e3:50:8b:71:95:29:ff:b1:e5:f3:01:62:
         7c:c0:96:58:cf:6b:dd:b9:08:b0:30:c7:cb:c3:bf:09:b9:2b:
         a3:c3:09:7a:8e:7d:90:13:09:59:2f:4d:df:06:77:1c:e5:5d:
         52:66:dc:f0:9b:9f:e2:3d:4f:7a:64:48:d9:70:15:ee:df:3c:
         73:1d:f3:a8:49:d1:76:a3:00:15:22:5a:c0:2b:85:39:c2:c0:
         be:29:b9:fe:30:e3:54:22:02:d5:41:5a:bd:a3:23:9b:80:f8:
         24:77:06:41:74:89:3a:44:be:0e:27:40:a5:83:37:07:98:55:
         4f:52:0c:98:15:52:21:3e:92:08:95:17:a9:a7:62:32:37:46:
         3d:28:85:be:d1:97:bc:4b:6c:48:b3:f4:20:c6:13:b5:62:d9:
         d8:e4:b5:42
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUHOJnQxPPX4tsgHXu7lq/NGHqDfwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzA0MjM1MDQwWhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDM2NDc0NGM4MjVjZjUzZmFkZjFmNmE3ZWZmODA2Y2I2
NTE5MDkwNTAwZmMxY2I1MDI4NWU2NWI3ODVlNGQ5MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgueick57pWhugIo+/IwtSLOcWvk4mRxHg7F+VPrz8EmYS
ykoS4JjqMzxxW8JgQvNEDltHSLaJOsfrArsY7Lo69mfso+3hO5Y4nREE75W5UIl7
5XKdr2X1RSdZsYqup6nlztzxVquUdV1NmNz9a/pZ17xA4nevh7ZzA8i34Bh3fDrp
B9gLDwEU1LmscOmoJxRtjTiZt62qMPglSZI5RWmfGLHo+WLczjKaJuDmW1hE9kCG
ijdvngwl/1puBOtX+NFUCi4zPBh2TSro5qOMm9wBbAEql2eBqdMBdBRTKvTIjeQ0
KiQAsdOtXYPoSwwDToeJz3KikLrvxLUdo9P/xIAjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUuxfgUp6Ruo/vMA3+PzQ6XAc/h3UwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzM0NGJjMjlkLTAxYTEtNGU4YS1iZGVkLWYzMGVjMjUxOTgwNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDwBzANBgkqhkiG9w0BAQsFAAOCAQEAeyCfHIF1kJBbISEcSSuNAWf9
m0OPNAlQNFscRM0HiXb+HACJnF6e2aLXpO8nhbbROqmzQooCLmbgGovJt9XmzL/Z
8g66BmMXbFl9J6Rm0z5O1ZlLiTk7dBpkLn/JV4Er41CLcZUp/7Hl8wFifMCWWM9r
3bkIsDDHy8O/Cbkro8MJeo59kBMJWS9N3wZ3HOVdUmbc8Juf4j1PemRI2XAV7t88
cx3zqEnRdqMAFSJawCuFOcLAvim5/jDjVCIC1UFavaMjm4D4JHcGQXSJOkS+DidA
pYM3B5hVT1IMmBVSIT6SCJUXqadiMjdGPSiFvtGXvEtsSLP0IMYTtWLZ2OS1Qg==
-----END CERTIFICATE-----