Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c8560206-4c68-46a6-834e-4971768d50f8.roa
File:                     c8560206-4c68-46a6-834e-4971768d50f8.roa (raw, json)
Hash identifier:          plaaQmk5es4kfOAstU8hchoJ/KTQE22yXu3IZI0XVRM=
Subject key identifier:   DE:34:09:F7:4F:D0:D0:24:80:86:31:93:02:92:F2:71:4B:1F:B9:A2
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       7BF2C5D05839B3D0E795D5528ACF583B279537ED
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c8560206-4c68-46a6-834e-4971768d50f8.roa
Signing time:             Mon 10 Mar 2025 15:20:53 +0000
ROA not before:           Mon 10 Mar 2025 15:20:53 +0000
ROA not after:            Mon 14 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:7b40::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:f2:c5:d0:58:39:b3:d0:e7:95:d5:52:8a:cf:58:3b:27:95:37:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Mar 10 15:20:53 2025 GMT
            Not After : Apr 14 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cb:41:01:c1:c5:68:4f:e2:42:82:50:f2:25:
                    cf:02:b9:5d:47:12:9b:5f:a1:62:2d:ad:fc:4f:c5:
                    75:55:7f:f5:60:40:0c:11:86:b8:ac:a3:23:33:4b:
                    1d:bc:8b:7b:75:1e:94:58:c9:8f:ea:5f:2f:52:0f:
                    b7:a8:fc:78:38:d8:36:a9:de:32:21:32:c1:ac:88:
                    d5:65:72:e0:ed:04:bf:34:4c:6a:de:3d:fb:de:04:
                    e9:e0:cd:67:fc:79:b1:a2:6b:b6:62:e7:5b:7a:d1:
                    c4:0c:ce:e2:37:06:6d:3e:2c:dc:e5:8f:f2:6f:d5:
                    a5:0f:a0:31:8d:3e:71:3b:66:d6:61:e3:be:4d:93:
                    97:c5:2e:08:1d:c9:b3:c0:00:dd:16:34:2f:83:f9:
                    87:b7:01:16:04:af:c7:16:ed:d4:0f:97:f6:fa:e1:
                    a0:5a:81:ed:76:9d:8b:79:00:7f:8e:dc:f6:15:88:
                    e5:6f:a2:18:af:f7:34:70:07:12:3d:ae:bc:4f:fb:
                    18:50:24:a6:54:06:ed:d7:e6:40:cf:0a:f1:1f:c2:
                    5d:e9:c7:e9:e5:13:32:4c:07:11:ec:b5:45:9f:d4:
                    d7:44:bc:20:1e:24:ca:51:b7:31:bc:30:30:09:3f:
                    24:d2:a3:57:29:ed:93:48:3b:88:09:e4:13:cf:d3:
                    31:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:34:09:F7:4F:D0:D0:24:80:86:31:93:02:92:F2:71:4B:1F:B9:A2
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c8560206-4c68-46a6-834e-4971768d50f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:7b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:1b:c3:3f:2c:58:95:52:7e:74:eb:bc:a8:5f:61:8d:ab:a9:
         3f:24:14:e3:49:09:5b:06:74:16:b8:82:61:6b:4b:c8:f1:2b:
         32:f5:74:c3:73:55:e6:ea:f7:c9:e8:fb:54:aa:83:e8:40:5e:
         db:92:79:c7:ec:af:2e:a6:ec:1f:6e:5e:78:b6:74:a8:5f:0a:
         06:11:6c:b1:bd:b5:55:ad:3d:eb:76:b1:af:c0:92:91:74:2b:
         2b:9c:1d:b8:57:94:8a:c0:81:7d:2a:60:62:19:06:71:8e:4e:
         fb:c3:4b:6e:95:57:80:85:dd:c3:bd:ec:f4:78:b9:ac:0b:d8:
         1d:f2:ab:d1:18:c4:ce:64:c8:6d:92:a6:31:be:ea:7b:77:7f:
         75:7c:45:70:91:9d:24:2d:a5:e3:93:6a:1d:31:59:c7:e8:e3:
         07:e0:a7:7a:bb:58:6e:9a:64:8e:31:08:eb:da:2e:a9:d0:1f:
         8e:98:38:dc:82:74:bc:a8:67:5f:f9:fc:12:40:32:e8:c6:07:
         35:b7:a4:bb:7d:d4:d8:8a:40:74:94:c9:f9:f6:c0:8e:c5:11:
         2c:8c:f7:c3:7f:a0:f9:f3:a3:67:98:28:4e:2a:cf:b9:2f:12:
         94:cc:fc:ea:4e:94:95:18:b4:24:2d:9b:0d:de:29:65:b9:c5:
         57:34:4f:24
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUe/LF0Fg5s9DnldVSis9YOyeVN+0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMzEwMTUyMDUzWhcNMjUwNDE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTcyODU3MmQxNTJjNTM1ODVhZWI1ODMxNGM1Y2QwNzg4
ZWE4YTQ1OWQ0ZGZjODYyNTBmYTM3YWNjNzRhMTA2MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvy0EBwcVoT+JCglDyJc8CuV1HEptfoWItrfxPxXVVf/Vg
QAwRhrisoyMzSx28i3t1HpRYyY/qXy9SD7eo/Hg42Dap3jIhMsGsiNVlcuDtBL80
TGrePfveBOngzWf8ebGia7Zi51t60cQMzuI3Bm0+LNzlj/Jv1aUPoDGNPnE7ZtZh
475Nk5fFLggdybPAAN0WNC+D+Ye3ARYEr8cW7dQPl/b64aBage12nYt5AH+O3PYV
iOVvohiv9zRwBxI9rrxP+xhQJKZUBu3X5kDPCvEfwl3px+nlEzJMBxHstUWf1NdE
vCAeJMpRtzG8MDAJPyTSo1cp7ZNIO4gJ5BPP0zEHAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQU3jQJ90/Q0CSAhjGTApLycUsfuaIwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2M4NTYwMjA2LTRjNjgtNDZhNi04MzRlLTQ5NzE3NjhkNTBmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmBntAMA0GCSqGSIb3DQEBCwUAA4IBAQA1G8M/LFiVUn5067yoX2GNq6k/
JBTjSQlbBnQWuIJha0vI8Ssy9XTDc1Xm6vfJ6PtUqoPoQF7bknnH7K8upuwfbl54
tnSoXwoGEWyxvbVVrT3rdrGvwJKRdCsrnB24V5SKwIF9KmBiGQZxjk77w0tulVeA
hd3Dvez0eLmsC9gd8qvRGMTOZMhtkqYxvup7d391fEVwkZ0kLaXjk2odMVnH6OMH
4Kd6u1hummSOMQjr2i6p0B+OmDjcgnS8qGdf+fwSQDLoxgc1t6S7fdTYikB0lMn5
9sCOxREsjPfDf6D586NnmChOKs+5LxKUzPzqTpSVGLQkLZsN3illucVXNE8k
-----END CERTIFICATE-----