Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/ffab4039-aa02-4010-b0a8-bcadfb5eba51.roa
File:                     ffab4039-aa02-4010-b0a8-bcadfb5eba51.roa (raw, json)
Hash identifier:          bbIGEw6Q1Px7/fi5ZiSMozM0upSvPhMFlKyJVLx2UdM=
Subject key identifier:   8E:E7:2A:BB:BF:A3:4B:22:4F:0C:C6:45:77:91:C4:97:6B:92:AB:72
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       4B1A5344E73C711CF4DA8CC58FDD7E53240466F7
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/ffab4039-aa02-4010-b0a8-bcadfb5eba51.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:8140::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:1a:53:44:e7:3c:71:1c:f4:da:8c:c5:8f:dd:7e:53:24:04:66:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d7:68:05:08:0c:17:86:a2:9c:f5:37:a2:24:
                    8e:4c:b8:21:50:a8:61:b0:ef:2a:2b:46:51:b6:54:
                    7a:08:51:87:9c:c3:79:87:27:2a:9f:ae:44:d7:cf:
                    88:b5:b5:c2:d1:de:99:88:ff:21:80:b3:35:8b:a9:
                    57:31:22:cf:8e:f5:99:c3:c7:6f:20:b3:10:2d:42:
                    23:26:c7:a4:68:e4:ae:4a:26:b3:0c:de:b6:3a:d8:
                    69:c0:d9:e9:93:e2:d9:92:2a:ab:38:bf:83:2d:51:
                    83:d2:10:69:5c:44:2b:4e:f8:60:78:89:22:79:e2:
                    4e:9a:d2:5b:e0:04:be:0c:d7:51:ea:4a:27:76:1d:
                    5f:dc:02:19:84:04:25:b0:a2:ba:f8:cd:99:b3:be:
                    a9:80:a6:c7:90:79:f8:b1:fc:aa:9c:55:10:e4:d9:
                    11:5f:5d:8c:92:47:6b:ab:a4:f6:a6:b6:a1:aa:b6:
                    31:3b:07:05:5e:3f:d7:fd:d1:ae:16:8b:74:91:16:
                    fc:c9:63:33:1f:0f:73:7a:5f:4b:45:ce:02:cd:23:
                    bc:0c:f9:78:bb:11:ad:d4:01:06:f2:11:7a:0c:2e:
                    7a:9a:ec:ce:9f:36:33:e6:97:4b:9e:6b:20:54:ac:
                    7c:83:b5:1c:6c:7b:18:93:dc:b6:63:a6:09:1b:31:
                    ee:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E7:2A:BB:BF:A3:4B:22:4F:0C:C6:45:77:91:C4:97:6B:92:AB:72
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/ffab4039-aa02-4010-b0a8-bcadfb5eba51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:8140::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:ea:14:25:e7:6e:47:0a:28:7d:52:4b:1c:c2:84:56:e6:bd:
         f3:62:a1:8c:72:83:8a:21:f4:65:b1:28:ce:34:ec:a1:20:fd:
         55:9a:c2:95:ba:4b:38:b0:ef:f8:16:3f:b8:45:7f:b1:7a:1e:
         a9:4d:57:08:77:da:55:dd:75:3e:09:1f:c5:58:8c:2d:da:9d:
         a2:e4:b0:f5:f1:1f:74:05:22:11:72:c7:57:c1:fa:dc:08:b8:
         72:ad:89:4c:fd:62:cf:cf:8c:12:39:f5:18:b6:74:e1:6b:85:
         c8:56:b5:ce:71:33:7f:e1:11:e4:e9:77:64:12:24:51:fd:e3:
         76:74:e0:72:3d:a4:e5:70:8e:8d:ce:53:ac:c1:b5:3e:29:aa:
         10:9a:78:30:21:3d:2d:47:96:75:5d:ea:63:e7:10:63:a8:32:
         60:d6:3c:4a:26:8c:95:b5:59:ba:13:24:9d:62:65:c2:7c:b0:
         c2:74:ac:bf:24:e0:a3:eb:e8:49:43:4d:fa:51:b8:58:f4:b8:
         9a:a4:60:d3:86:56:91:9e:6e:ac:4e:d7:95:35:cf:58:e3:05:
         b2:24:d8:09:15:73:84:76:13:67:b4:a2:19:9e:ef:83:b1:5e:
         4d:f9:97:ed:65:bd:44:f1:15:f6:97:9b:ec:4e:a7:98:bc:ad:
         54:de:93:c2
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUSxpTROc8cRz02ozFj91+UyQEZvcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMzkxZjhkNzdiMDEyYzY5ZTJiNWZjNGFkNzllMDZiYTM5
ODNiM2M4ZjVjMDJhNjY0MzEzZjczOTM0MTIxMWJlMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC912gFCAwXhqKc9TeiJI5MuCFQqGGw7yorRlG2VHoIUYec
w3mHJyqfrkTXz4i1tcLR3pmI/yGAszWLqVcxIs+O9ZnDx28gsxAtQiMmx6Ro5K5K
JrMM3rY62GnA2emT4tmSKqs4v4MtUYPSEGlcRCtO+GB4iSJ54k6a0lvgBL4M11Hq
Sid2HV/cAhmEBCWworr4zZmzvqmApseQefix/KqcVRDk2RFfXYySR2urpPamtqGq
tjE7BwVeP9f90a4Wi3SRFvzJYzMfD3N6X0tFzgLNI7wM+Xi7Ea3UAQbyEXoMLnqa
7M6fNjPml0ueayBUrHyDtRxsexiT3LZjpgkbMe5hAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUjucqu7+jSyJPDMZFd5HEl2uSq3IwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2ZmYWI0MDM5LWFhMDItNDAxMC1iMGE4LWJjYWRmYjVlYmE1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmBoFAMA0GCSqGSIb3DQEBCwUAA4IBAQA66hQl525HCih9UkscwoRW5r3z
YqGMcoOKIfRlsSjONOyhIP1VmsKVuks4sO/4Fj+4RX+xeh6pTVcId9pV3XU+CR/F
WIwt2p2i5LD18R90BSIRcsdXwfrcCLhyrYlM/WLPz4wSOfUYtnTha4XIVrXOcTN/
4RHk6XdkEiRR/eN2dOByPaTlcI6NzlOswbU+KaoQmngwIT0tR5Z1Xepj5xBjqDJg
1jxKJoyVtVm6EySdYmXCfLDCdKy/JOCj6+hJQ036UbhY9LiapGDThlaRnm6sTteV
Nc9Y4wWyJNgJFXOEdhNntKIZnu+DsV5N+ZftZb1E8RX2l5vsTqeYvK1U3pPC
-----END CERTIFICATE-----