Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/bb5af757-1bdc-48f9-bc20-c74fd49096a5.roa
File:                     bb5af757-1bdc-48f9-bc20-c74fd49096a5.roa (raw, json)
Hash identifier:          onu/QpCl71d+ajOJmClpjNMh0SHPpZfXFtfxeK6mj0A=
Subject key identifier:   70:48:77:7B:84:9E:F6:9D:BB:71:A9:5E:47:C0:7F:FE:B0:D1:E4:B7
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       2E606E2361009998DD33D2A012AB613F953E8655
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/bb5af757-1bdc-48f9-bc20-c74fd49096a5.roa
Signing time:             Fri 07 Mar 2025 15:01:03 +0000
ROA not before:           Fri 07 Mar 2025 15:01:03 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2605:9cc0:611::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:60:6e:23:61:00:99:98:dd:33:d2:a0:12:ab:61:3f:95:3e:86:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Mar  7 15:01:03 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:73:4b:d3:19:93:2e:79:cc:00:60:68:84:7f:
                    d9:d4:35:d2:80:7f:5d:81:3d:97:a5:fc:5f:5c:c5:
                    4c:0a:99:bc:62:b4:8f:e2:83:5c:89:55:db:72:19:
                    eb:04:a0:23:2c:4c:4f:f1:11:fa:73:77:e3:77:75:
                    50:b3:61:22:23:be:0e:17:1a:73:2d:77:0f:a4:c6:
                    cf:a1:25:ed:1a:df:b2:95:41:da:a9:1a:37:1d:9d:
                    69:ad:68:9f:f9:58:de:9a:e7:1c:69:67:f3:9f:42:
                    5a:8f:f8:4f:cb:8b:f3:4d:4e:93:a0:81:8e:13:85:
                    08:f3:20:ca:af:37:dd:f1:d2:b8:5e:9f:3d:f6:3c:
                    c8:6e:79:cc:d6:a5:de:b1:63:75:01:54:a2:88:3a:
                    fc:a9:5d:19:7f:b5:77:b7:7c:47:64:30:4f:d8:4d:
                    a9:a2:d1:21:71:19:23:eb:2b:53:c3:a1:ff:c8:c1:
                    dd:73:50:d8:ee:11:d2:df:19:00:0a:bf:60:88:9f:
                    53:57:55:a1:c8:1f:d4:8b:b5:94:af:ad:cf:ac:2c:
                    49:d7:6a:7d:99:04:41:ba:de:de:6d:91:b0:14:e0:
                    66:15:20:d2:84:f9:a0:95:a3:ef:75:34:bf:96:c9:
                    99:be:04:b9:6c:7a:e1:ec:7e:9a:79:0a:56:46:92:
                    c9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:48:77:7B:84:9E:F6:9D:BB:71:A9:5E:47:C0:7F:FE:B0:D1:E4:B7
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/bb5af757-1bdc-48f9-bc20-c74fd49096a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:611::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:07:1b:0c:1d:ea:33:e5:f1:88:98:f3:f0:4b:dd:8c:76:19:
         ce:c1:ec:e0:56:4b:e2:be:43:a9:ef:2f:34:c6:90:98:9c:5a:
         a5:c7:02:d3:1f:91:5d:72:24:96:3e:c7:5e:75:46:a8:d7:a9:
         10:90:92:7a:d2:02:20:ed:29:f5:b1:2d:ad:59:9b:54:20:f7:
         3c:dd:8b:b2:24:f3:a2:9e:72:fa:f0:dc:5a:d3:13:6c:d2:34:
         f0:67:54:45:28:b3:11:cc:a1:2b:e3:23:aa:f8:60:83:c5:f8:
         8c:4c:ba:b0:6b:7e:a2:7f:50:23:44:0f:c3:1f:be:64:7a:13:
         cb:a4:15:29:d1:71:5a:a2:e4:92:f9:78:5c:eb:e9:85:41:77:
         d3:4c:54:bc:54:67:3e:3b:27:5a:d2:9f:ae:b6:26:1b:79:58:
         a8:a5:cb:17:e5:27:4a:f8:8e:c7:16:a7:aa:9a:57:e4:41:fe:
         42:3a:05:ca:e2:31:98:20:ce:0f:67:9e:93:b0:ca:9c:33:3b:
         43:f8:85:5f:df:ab:eb:ff:89:11:67:0f:e9:06:ea:80:64:85:
         f9:91:ee:bb:07:32:d3:70:2c:d9:7b:48:35:c6:9a:e1:b7:74:
         13:de:a4:03:12:1b:fb:29:87:bc:3c:b3:fc:9b:49:84:22:f4:
         56:74:81:5e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULmBuI2EAmZjdM9KgEqthP5U+hlUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMzA3MTUwMTAzWhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjAzOGNkZDBjZmQ1M2JhM2UyOGViZDBkYjU4MTFkNWRh
OTM3ZTEyYTBhNWZlN2QyNzdkNzc1NzBhN2Y1ZDk2MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxc0vTGZMuecwAYGiEf9nUNdKAf12BPZel/F9cxUwKmbxi
tI/ig1yJVdtyGesEoCMsTE/xEfpzd+N3dVCzYSIjvg4XGnMtdw+kxs+hJe0a37KV
QdqpGjcdnWmtaJ/5WN6a5xxpZ/OfQlqP+E/Li/NNTpOggY4ThQjzIMqvN93x0rhe
nz32PMhueczWpd6xY3UBVKKIOvypXRl/tXe3fEdkME/YTami0SFxGSPrK1PDof/I
wd1zUNjuEdLfGQAKv2CIn1NXVaHIH9SLtZSvrc+sLEnXan2ZBEG63t5tkbAU4GYV
INKE+aCVo+91NL+WyZm+BLlseuHsfpp5ClZGksnlAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUcEh3e4Se9p27caleR8B//rDR5LcwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiL2JiNWFmNzU3LTFiZGMtNDhmOS1iYzIwLWM3NGZkNDkwOTZhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzABhEwDQYJKoZIhvcNAQELBQADggEBAJIHGwwd6jPl8YiY8/BL3Yx2
Gc7B7OBWS+K+Q6nvLzTGkJicWqXHAtMfkV1yJJY+x151RqjXqRCQknrSAiDtKfWx
La1Zm1Qg9zzdi7Ik86Kecvrw3FrTE2zSNPBnVEUosxHMoSvjI6r4YIPF+IxMurBr
fqJ/UCNED8MfvmR6E8ukFSnRcVqi5JL5eFzr6YVBd9NMVLxUZz47J1rSn662Jht5
WKilyxflJ0r4jscWp6qaV+RB/kI6BcriMZggzg9nnpOwypwzO0P4hV/fq+v/iRFn
D+kG6oBkhfmR7rsHMtNwLNl7SDXGmuG3dBPepAMSG/sph7w8s/ybSYQi9FZ0gV4=
-----END CERTIFICATE-----