Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/ae85743c-c855-42b4-95ab-e8e4d2087c99.roa
File:                     ae85743c-c855-42b4-95ab-e8e4d2087c99.roa (raw, json)
Hash identifier:          +OkL1KkbkOfqcWBSgcXnIa7FWkyAJwzIiIDY9HARGWk=
Subject key identifier:   20:4C:84:F6:F4:DC:B7:47:FC:EB:17:7C:3E:E9:DA:DD:96:24:F6:B4
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       CC2260078B135CD3ECA1A6344B5C087BDEB06B
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/ae85743c-c855-42b4-95ab-e8e4d2087c99.roa
Signing time:             Mon 17 Mar 2025 15:31:10 +0000
ROA not before:           Mon 17 Mar 2025 15:31:10 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2605:9cc0:c0d::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            cc:22:60:07:8b:13:5c:d3:ec:a1:a6:34:4b:5c:08:7b:de:b0:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Mar 17 15:31:10 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:26:9c:60:f2:db:68:04:4c:58:e8:fd:66:e5:
                    50:69:6f:65:18:f2:0a:83:23:82:92:86:9e:46:bb:
                    36:7b:9e:48:c9:79:ad:6d:17:9d:20:58:43:56:2a:
                    0f:56:30:85:02:a2:83:5e:8d:a1:ea:6c:8e:26:e8:
                    cb:d1:fe:15:4d:7e:5b:33:af:fd:36:7b:db:3e:af:
                    00:1c:14:8a:a0:5d:1a:1a:a2:46:f1:fd:e0:a2:43:
                    77:25:af:28:91:bf:6a:c8:f4:76:7e:1f:fb:5c:26:
                    10:03:62:5e:47:67:07:57:f1:34:82:11:01:69:d2:
                    80:b7:31:dc:46:99:00:6d:17:b4:07:03:2f:31:87:
                    94:0d:e7:42:54:56:7d:ed:05:0c:2d:97:1b:bb:d3:
                    d3:46:0b:08:f4:44:75:3f:17:58:c4:e2:ce:d9:1f:
                    27:e2:6f:9d:cb:d3:76:8d:9a:2e:fe:2e:1d:4c:21:
                    ca:c0:6f:a7:3b:c7:c8:a5:3c:b7:4e:44:a0:05:a7:
                    a7:eb:d6:56:79:1c:c0:94:e1:33:f2:45:88:a6:3d:
                    a6:19:d4:23:bc:eb:85:b1:20:24:1c:da:0e:d7:de:
                    6f:fc:89:28:1f:43:22:6d:22:5c:89:63:4a:27:8d:
                    64:48:96:37:8d:a5:0a:eb:99:d4:9d:ba:b5:11:ad:
                    3b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:4C:84:F6:F4:DC:B7:47:FC:EB:17:7C:3E:E9:DA:DD:96:24:F6:B4
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/ae85743c-c855-42b4-95ab-e8e4d2087c99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:c0d::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:c4:e5:34:1c:76:4f:79:66:9a:7b:c0:65:8c:5e:93:73:86:
         b9:e9:16:47:cd:22:7c:c9:c5:6c:49:a2:12:9c:1b:a4:99:ac:
         ed:68:d3:2b:4e:68:a7:42:c0:e0:c4:f9:40:d9:7c:32:e2:22:
         b3:1d:6b:4a:6c:fe:04:15:2c:a2:02:e6:01:90:1b:8a:14:2c:
         b3:ff:f2:ed:b4:e2:6f:f6:18:3b:3b:a5:48:fa:8f:38:6b:b9:
         fa:4e:1c:78:8f:7f:89:b4:34:f7:4d:32:1e:df:16:54:53:ec:
         75:f4:23:4f:de:66:44:c6:d2:7b:39:70:cd:f1:d0:1b:37:79:
         81:67:2e:43:80:40:d4:5b:ae:c8:f3:e7:95:f5:e5:10:5b:ad:
         6f:0b:47:47:a7:d0:d2:d7:bc:a0:7e:cc:89:49:fd:24:ee:0f:
         73:20:97:67:83:cb:79:20:f7:01:01:0a:7d:00:ad:7c:7b:b2:
         b8:ff:99:4e:78:f4:1f:0a:02:f4:c8:94:bd:92:4d:b3:44:db:
         a3:31:9f:5d:91:9e:65:bc:b9:d0:b3:97:4d:79:8f:2c:7d:b9:
         3f:c2:79:e0:a4:dd:95:fa:3d:09:21:7f:34:71:fd:9e:4b:f2:
         ac:74:ea:64:0f:9b:16:2b:04:09:25:d5:4d:49:15:02:af:01:
         e0:96:52:e4
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUAMwiYAeLE1zT7KGmNEtcCHvesGswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMzE3MTUzMTEwWhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDFjY2JiMDE3OGI0NzM4OWQyNTQwNGZlZmIyNzc3Zjgz
YTU5YjY5MWNiMmNlNTg3NTEzMDhkMWFhNTViMTVjMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhJpxg8ttoBExY6P1m5VBpb2UY8gqDI4KShp5GuzZ7nkjJ
ea1tF50gWENWKg9WMIUCooNejaHqbI4m6MvR/hVNflszr/02e9s+rwAcFIqgXRoa
okbx/eCiQ3clryiRv2rI9HZ+H/tcJhADYl5HZwdX8TSCEQFp0oC3MdxGmQBtF7QH
Ay8xh5QN50JUVn3tBQwtlxu709NGCwj0RHU/F1jE4s7ZHyfib53L03aNmi7+Lh1M
IcrAb6c7x8ilPLdORKAFp6fr1lZ5HMCU4TPyRYimPaYZ1CO864WxICQc2g7X3m/8
iSgfQyJtIlyJY0onjWRIljeNpQrrmdSdurURrTvJAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUIEyE9vTct0f86xd8Puna3ZYk9rQwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiL2FlODU3NDNjLWM4NTUtNDJiNC05NWFiLWU4ZTRkMjA4N2M5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzADA0wDQYJKoZIhvcNAQELBQADggEBACnE5TQcdk95Zpp7wGWMXpNz
hrnpFkfNInzJxWxJohKcG6SZrO1o0ytOaKdCwODE+UDZfDLiIrMda0ps/gQVLKIC
5gGQG4oULLP/8u204m/2GDs7pUj6jzhrufpOHHiPf4m0NPdNMh7fFlRT7HX0I0/e
ZkTG0ns5cM3x0Bs3eYFnLkOAQNRbrsjz55X15RBbrW8LR0en0NLXvKB+zIlJ/STu
D3Mgl2eDy3kg9wEBCn0ArXx7srj/mU549B8KAvTIlL2STbNE26Mxn12RnmW8udCz
l015jyx9uT/CeeCk3ZX6PQkhfzRx/Z5L8qx06mQPmxYrBAkl1U1JFQKvAeCWUuQ=
-----END CERTIFICATE-----