Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/20eac0c1-044c-4d7c-96cc-5e378621a09e.roa
File:                     20eac0c1-044c-4d7c-96cc-5e378621a09e.roa (raw, json)
Hash identifier:          /p8rt6/YDuWmhNU5hXivntPsUybGgxV269aPJEpSC9o=
Subject key identifier:   F3:00:3C:38:94:B5:4D:9C:67:5F:D0:66:32:4F:DC:84:11:A1:6B:40
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       46BD7AE8D0DC4CEDEE7CBB171AD9CE377AB40E88
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/20eac0c1-044c-4d7c-96cc-5e378621a09e.roa
Signing time:             Mon 09 Dec 2024 00:00:00 +0000
ROA not before:           Mon 09 Dec 2024 00:00:00 +0000
ROA not after:            Mon 13 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:a900::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:bd:7a:e8:d0:dc:4c:ed:ee:7c:bb:17:1a:d9:ce:37:7a:b4:0e:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Dec  9 00:00:00 2024 GMT
            Not After : Jan 13 23:59:59 2025 GMT
        Subject: CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:01:84:c1:d0:2c:aa:e3:45:0a:53:22:41:8e:
                    0b:86:10:e9:ec:49:ae:c9:62:df:b6:bd:50:b9:4f:
                    6e:21:25:12:43:bd:be:8f:58:f1:1f:5a:31:79:3c:
                    1c:80:a8:01:b4:3f:dc:94:f4:31:2d:75:80:c6:65:
                    2a:2b:f2:d1:b6:b0:21:a6:5b:b8:e3:c4:a2:2a:35:
                    b2:93:00:05:59:88:cf:f9:c8:47:25:bb:e8:61:74:
                    74:e3:57:ce:53:d7:79:62:c7:6f:b5:05:c9:b6:47:
                    17:d4:ba:66:8f:ed:0a:d8:3c:dd:af:36:fa:14:16:
                    b0:64:07:bd:48:84:a8:04:a1:44:3a:a5:91:8c:f3:
                    f7:ef:fa:99:81:31:4e:d5:df:50:b1:e4:00:01:a9:
                    4f:99:fd:9c:72:88:89:de:9b:7b:87:82:dd:7c:7e:
                    a8:56:f0:92:05:11:11:22:c5:2e:80:9c:0a:a4:5d:
                    2a:1f:c2:1a:47:58:f7:38:38:63:4e:9e:47:20:a3:
                    2a:d7:e9:ee:40:02:3c:7c:f9:e2:f4:54:1e:cb:76:
                    3b:7f:ec:61:f5:0b:6a:b4:c2:6b:01:9b:06:cc:9c:
                    8c:f6:c9:a3:a2:5d:a4:3f:03:8a:29:0e:c6:f1:b8:
                    e2:17:ea:e6:8e:4d:4b:12:71:8a:84:78:24:b9:4e:
                    d5:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:00:3C:38:94:B5:4D:9C:67:5F:D0:66:32:4F:DC:84:11:A1:6B:40
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/20eac0c1-044c-4d7c-96cc-5e378621a09e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:a900::/40

    Signature Algorithm: sha256WithRSAEncryption
         bf:55:72:80:70:f6:72:9c:e8:95:de:f3:64:48:f4:54:12:53:
         4c:30:bc:62:a4:4c:2a:aa:1e:c9:b5:2c:90:f2:58:75:9e:13:
         3d:f8:bf:a9:1e:fb:4d:b1:1e:34:80:70:99:29:23:14:f6:1d:
         c8:c3:68:c8:0f:1e:9c:81:b9:b5:6a:cb:ed:67:53:cd:9d:da:
         09:44:7e:34:32:c4:9d:ec:5e:a3:56:a1:5e:f3:54:b4:69:9b:
         9d:a1:5c:cd:2b:2f:aa:35:ff:ac:05:5d:23:46:37:4c:c2:5a:
         3d:aa:5f:47:95:f6:3b:db:66:63:06:e6:12:3a:95:b9:6a:23:
         60:3b:64:81:f3:ae:7d:a1:33:f0:53:7c:e3:6a:64:1b:2e:e0:
         0f:e2:80:7a:18:5d:1e:42:70:a1:0f:27:2b:43:68:e5:43:06:
         1d:34:d0:9e:37:f3:e9:3e:ca:dd:78:1c:aa:8d:12:68:aa:88:
         a3:c7:09:98:ab:78:66:2d:04:fe:09:60:fd:3c:28:fc:06:52:
         50:c8:e9:d2:3b:2a:af:b6:02:00:86:5f:5a:40:52:fb:e4:81:
         14:fc:33:d9:a6:63:da:34:6f:24:eb:ab:41:98:7e:63:4e:25:
         b7:4b:74:c2:19:11:62:fe:ff:31:95:13:cd:3c:ee:b7:e0:a5:
         4d:d4:f5:86
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIURr166NDcTO3ufLsXGtnON3q0DogwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjQxMjA5MDAwMDAwWhcNMjUwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWRkOGM1ZjU1ZGMxNzRjNjljODQ1MDQ1NjZkYWEzZDdk
NDc4ZWI5MmJmOTNhYzAyZWFjNjgzNTE3ZjVjMjU3MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeAYTB0Cyq40UKUyJBjguGEOnsSa7JYt+2vVC5T24hJRJD
vb6PWPEfWjF5PByAqAG0P9yU9DEtdYDGZSor8tG2sCGmW7jjxKIqNbKTAAVZiM/5
yEclu+hhdHTjV85T13lix2+1Bcm2RxfUumaP7QrYPN2vNvoUFrBkB71IhKgEoUQ6
pZGM8/fv+pmBMU7V31Cx5AABqU+Z/ZxyiInem3uHgt18fqhW8JIFEREixS6AnAqk
XSofwhpHWPc4OGNOnkcgoyrX6e5AAjx8+eL0VB7Ldjt/7GH1C2q0wmsBmwbMnIz2
yaOiXaQ/A4opDsbxuOIX6uaOTUsScYqEeCS5TtU9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU8wA8OJS1TZxnX9BmMk/chBGha0AwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzIwZWFjMGMxLTA0NGMtNGQ3Yy05NmNjLTVlMzc4NjIxYTA5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAJAAqTANBgkqhkiG9w0BAQsFAAOCAQEAv1VygHD2cpzold7zZEj0VBJT
TDC8YqRMKqoeybUskPJYdZ4TPfi/qR77TbEeNIBwmSkjFPYdyMNoyA8enIG5tWrL
7WdTzZ3aCUR+NDLEnexeo1ahXvNUtGmbnaFczSsvqjX/rAVdI0Y3TMJaPapfR5X2
O9tmYwbmEjqVuWojYDtkgfOufaEz8FN842pkGy7gD+KAehhdHkJwoQ8nK0No5UMG
HTTQnjfz6T7K3Xgcqo0SaKqIo8cJmKt4Zi0E/glg/Two/AZSUMjp0jsqr7YCAIZf
WkBS++SBFPwz2aZj2jRvJOurQZh+Y04lt0t0whkRYv7/MZUTzTzut+ClTdT1hg==
-----END CERTIFICATE-----