Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/492df3c4-e0a9-4ee6-9ef4-ca6f96cceba1.roa
File:                     492df3c4-e0a9-4ee6-9ef4-ca6f96cceba1.roa (raw, json)
Hash identifier:          OunQz7Ma5OAsDf+ypLb0lW7HXHHuWpWnDisESuSbCnQ=
Subject key identifier:   A5:20:60:FF:55:39:BA:A7:4B:FC:E0:02:03:00:BA:4D:0E:FE:6C:F7
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       18AE34F76980AFA6FC50E6393E4650F43DB34808
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/492df3c4-e0a9-4ee6-9ef4-ca6f96cceba1.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f000::/24 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ae:34:f7:69:80:af:a6:fc:50:e6:39:3e:46:50:f4:3d:b3:48:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ac:72:5c:da:17:6e:b3:12:6c:b9:b0:07:7a:
                    33:44:4a:ec:60:89:e3:67:5c:19:34:2a:fd:69:0e:
                    0c:df:ce:5d:fc:9e:7f:07:0a:51:5b:59:73:ef:f3:
                    0c:a5:ba:26:1c:62:b0:c9:06:15:46:b2:58:9a:43:
                    11:91:47:9d:f2:f2:9c:39:37:9c:d0:b4:62:4a:cf:
                    25:ef:28:37:eb:06:bd:76:53:80:64:10:87:95:44:
                    67:cb:46:2e:b9:3c:94:84:45:e1:78:23:fa:7f:b3:
                    51:2f:52:c9:ff:76:41:2d:95:aa:1b:52:b3:1b:ff:
                    1f:86:c7:d2:40:08:9c:c5:b8:ec:0e:4f:20:e1:b3:
                    d6:02:eb:40:27:98:23:d9:e5:70:d3:9e:b6:68:ff:
                    ed:3b:53:1d:21:1c:94:89:76:c5:fa:c4:93:55:91:
                    7b:ea:ce:ce:be:ea:47:e7:0e:5f:b8:3a:9e:04:7d:
                    ed:18:63:ef:ed:6e:d9:14:58:a8:36:42:a1:90:d2:
                    c0:e7:28:98:96:f1:54:c7:7d:51:0d:e1:9d:a7:1b:
                    ab:34:e3:69:e0:27:05:6b:af:d3:04:d3:ae:f8:4c:
                    8c:7d:52:8d:7d:f1:44:fd:c7:81:07:5a:48:16:4b:
                    2a:d6:73:e7:75:b4:d4:07:87:4b:54:20:22:97:2a:
                    0a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:20:60:FF:55:39:BA:A7:4B:FC:E0:02:03:00:BA:4D:0E:FE:6C:F7
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/492df3c4-e0a9-4ee6-9ef4-ca6f96cceba1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f000::/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:e0:8e:c4:1f:0f:24:c3:ba:da:c5:98:3f:79:df:57:2b:c9:
         ae:cb:b7:63:50:0a:65:f7:90:b2:39:11:51:0d:9e:74:17:e2:
         0b:38:c1:f2:ea:a1:55:6f:00:90:82:85:e2:de:0a:cb:0b:84:
         1f:9a:6c:e1:d6:58:09:a8:71:cb:7e:a9:36:ce:19:0f:10:99:
         f9:2e:68:34:b3:e5:40:66:69:f4:e3:0b:fa:b4:70:a2:b1:ee:
         dd:94:57:41:1d:5b:14:2a:05:01:e8:95:c8:01:f2:4d:76:72:
         a6:75:76:80:9f:df:35:26:ce:02:49:0c:58:39:dc:a9:71:3d:
         0a:fa:06:22:2d:1b:c1:8e:a2:68:53:33:47:19:7b:14:8f:07:
         b0:44:11:bd:e8:ea:f1:48:67:f1:f0:50:6d:5d:16:32:a8:f6:
         e2:ed:bd:54:11:ea:2d:b1:7c:f8:e5:c0:c9:1c:86:ad:69:a3:
         28:88:da:7f:61:e4:c4:63:3f:46:4f:ca:9e:49:42:75:c3:a1:
         bc:45:f5:18:59:2a:9b:51:df:ae:3d:b3:ac:c1:aa:75:cf:da:
         2d:47:ac:8e:da:c1:4d:10:23:c9:06:59:db:f2:0b:63:d5:05:
         81:5d:7c:1d:f6:1e:8d:17:ce:cf:d6:bd:20:ff:23:1d:74:ae:
         46:10:9e:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGK4092mAr6b8UOY5PkZQ9D2zSAgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmI1YTYyNmExOWYxZWVhMzg2ZmU3YjVlN2NiOWY1ZGZi
MTcyNzUyZmNiMzUzYTY4Yjg2YjgzODUxNTIyMmIwMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDerHJc2hdusxJsubAHejNESuxgieNnXBk0Kv1pDgzfzl38
nn8HClFbWXPv8wyluiYcYrDJBhVGsliaQxGRR53y8pw5N5zQtGJKzyXvKDfrBr12
U4BkEIeVRGfLRi65PJSEReF4I/p/s1EvUsn/dkEtlaobUrMb/x+Gx9JACJzFuOwO
TyDhs9YC60AnmCPZ5XDTnrZo/+07Ux0hHJSJdsX6xJNVkXvqzs6+6kfnDl+4Op4E
fe0YY+/tbtkUWKg2QqGQ0sDnKJiW8VTHfVEN4Z2nG6s042ngJwVrr9ME0674TIx9
Uo198UT9x4EHWkgWSyrWc+d1tNQHh0tUICKXKgpXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpSBg/1U5uqdL/OACAwC6TQ7+bPcwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzQ5MmRmM2M0LWUwYTktNGVlNi05ZWY0LWNhNmY5NmNjZWJhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAC
MAYDBAAmAPAwDQYJKoZIhvcNAQELBQADggEBAG7gjsQfDyTDutrFmD9531crya7L
t2NQCmX3kLI5EVENnnQX4gs4wfLqoVVvAJCCheLeCssLhB+abOHWWAmocct+qTbO
GQ8QmfkuaDSz5UBmafTjC/q0cKKx7t2UV0EdWxQqBQHolcgB8k12cqZ1doCf3zUm
zgJJDFg53KlxPQr6BiItG8GOomhTM0cZexSPB7BEEb3o6vFIZ/HwUG1dFjKo9uLt
vVQR6i2xfPjlwMkchq1poyiI2n9h5MRjP0ZPyp5JQnXDobxF9RhZKptR3649s6zB
qnXP2i1HrI7awU0QI8kGWdvyC2PVBYFdfB32Ho0Xzs/WvSD/Ix10rkYQntE=
-----END CERTIFICATE-----