Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa
File:                     cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa (raw, json)
Hash identifier:          OWgCaQAN+EjBuVFsXjWqh/+ENOpOEijvF52eTBhYTak=
Subject key identifier:   5D:77:4A:22:82:B5:F9:63:30:EB:24:01:07:A6:99:56:D5:8C:30:C9
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       18EF8DA658C64FEA2A03E6DF14D55D81B86A169A
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa
Signing time:             Tue 04 Mar 2025 23:10:42 +0000
ROA not before:           Tue 04 Mar 2025 23:10:42 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5518::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ef:8d:a6:58:c6:4f:ea:2a:03:e6:df:14:d5:5d:81:b8:6a:16:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar  4 23:10:42 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ce:cd:8e:7b:ca:7e:bb:3e:16:97:97:e7:2f:
                    0c:8e:d8:16:eb:98:e9:ae:d0:81:05:b2:39:62:6f:
                    7b:38:15:02:a7:b3:07:33:2a:ab:aa:12:74:23:49:
                    29:fd:a2:c7:03:41:90:00:e4:26:de:1d:9d:af:50:
                    e6:22:56:c0:c2:5a:9e:f0:93:42:01:09:6a:df:26:
                    83:5d:ed:ab:9e:6e:4f:eb:04:b8:6c:5a:25:fc:23:
                    1c:15:45:0e:99:07:d0:58:62:58:52:6d:65:19:cb:
                    9f:22:85:1f:8a:b3:37:71:ca:16:bf:a8:29:77:4a:
                    00:fd:26:61:8e:fd:81:80:55:db:f8:b1:ce:2d:2b:
                    13:53:49:7d:1e:30:e4:0a:2a:38:cd:52:81:bf:c8:
                    99:94:94:f8:a3:93:9e:74:07:26:3d:89:e2:9e:56:
                    83:9d:ea:af:a6:b2:7f:f7:aa:b4:57:8b:a5:0c:15:
                    0e:c4:f6:97:c5:ba:a4:7f:bf:ac:68:40:82:25:29:
                    1c:c2:88:41:76:d6:de:c6:d8:9e:5f:9a:79:b4:fb:
                    b5:74:81:7a:0d:d5:e4:ea:46:b5:d3:20:2d:e6:26:
                    2f:3e:14:58:53:1a:3a:26:ed:e7:47:5b:90:a6:54:
                    25:04:85:ca:1e:53:64:b7:9b:58:c6:25:1d:fc:3f:
                    92:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:77:4A:22:82:B5:F9:63:30:EB:24:01:07:A6:99:56:D5:8C:30:C9
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/cbf43d99-4d01-4d24-ada9-6e34368d1d71.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5518::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:93:07:72:05:93:fe:d5:39:67:d5:c0:4a:16:37:01:9c:e2:
         b6:5a:c1:2d:a2:3b:62:5a:3c:6a:d8:fe:55:f6:0e:bb:c3:48:
         bf:23:0e:8d:c2:22:d2:8f:d3:f2:03:72:5a:bb:88:7f:02:bc:
         f1:50:3b:02:b9:11:a4:40:ce:f5:26:bb:56:5d:06:03:c5:18:
         63:d6:c6:7b:93:f4:c0:3a:c5:c9:9a:97:20:26:45:f3:e8:b6:
         41:2f:48:95:a7:c2:19:a5:aa:04:e1:b8:45:a9:5d:c3:bc:fc:
         6a:42:b2:91:dd:42:6e:c8:21:dd:f5:35:8f:fa:62:1a:51:ce:
         ca:42:b0:4d:0a:f3:d2:30:ca:c7:7d:9a:6a:43:9e:08:ca:f6:
         a9:85:32:87:c6:55:82:ff:64:74:67:e9:b7:11:04:f9:bc:41:
         cc:91:ec:8c:5f:0d:ea:ec:27:20:3d:f5:66:29:ed:83:0e:96:
         88:f7:b4:ce:d9:54:3e:d3:a0:e7:c5:b1:14:33:92:0d:ec:ab:
         f4:87:2f:45:1c:26:d2:ef:aa:2f:df:55:69:d0:4e:f4:fa:12:
         93:71:fc:53:86:0f:ef:fd:6f:6c:e4:a3:48:6e:35:49:c2:23:
         20:d5:10:fb:0b:f9:b3:2b:c5:56:fe:62:77:76:84:81:73:77:
         6e:ca:e2:b5
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUGO+NpljGT+oqA+bfFNVdgbhqFpowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzA0MjMxMDQyWhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjljZDIwZGNmM2E1OTZkMmFiYTM2M2IwZjdiMzY1MmNi
YjJmNzEwYjFhODFhODlmNzM1ZjM2NGY2N2NlMDJlMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpzs2Oe8p+uz4Wl5fnLwyO2BbrmOmu0IEFsjlib3s4FQKn
swczKquqEnQjSSn9oscDQZAA5CbeHZ2vUOYiVsDCWp7wk0IBCWrfJoNd7auebk/r
BLhsWiX8IxwVRQ6ZB9BYYlhSbWUZy58ihR+Kszdxyha/qCl3SgD9JmGO/YGAVdv4
sc4tKxNTSX0eMOQKKjjNUoG/yJmUlPijk550ByY9ieKeVoOd6q+msn/3qrRXi6UM
FQ7E9pfFuqR/v6xoQIIlKRzCiEF21t7G2J5fmnm0+7V0gXoN1eTqRrXTIC3mJi8+
FFhTGjom7edHW5CmVCUEhcoeU2S3m1jGJR38P5LHAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUXXdKIoK1+WMw6yQBB6aZVtWMMMkwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2NiZjQzZDk5LTRkMDEtNGQyNC1hZGE5LTZlMzQzNjhkMWQ3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRgwDQYJKoZIhvcNAQELBQADggEBAAqTB3IFk/7VOWfVwEoWNwGc
4rZawS2iO2JaPGrY/lX2DrvDSL8jDo3CItKP0/IDclq7iH8CvPFQOwK5EaRAzvUm
u1ZdBgPFGGPWxnuT9MA6xcmalyAmRfPotkEvSJWnwhmlqgThuEWpXcO8/GpCspHd
Qm7IId31NY/6YhpRzspCsE0K89Iwysd9mmpDngjK9qmFMofGVYL/ZHRn6bcRBPm8
QcyR7IxfDersJyA99WYp7YMOloj3tM7ZVD7ToOfFsRQzkg3sq/SHL0UcJtLvqi/f
VWnQTvT6EpNx/FOGD+/9b2zko0huNUnCIyDVEPsL+bMrxVb+Ynd2hIFzd27K4rU=
-----END CERTIFICATE-----