Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/84326b70-b7e7-4a5d-9f1c-9fa5105f6c05.roa
File:                     84326b70-b7e7-4a5d-9f1c-9fa5105f6c05.roa (raw, json)
Hash identifier:          2K5qAq5AZY1QHmyduqwhUCInJcZ086UfwhD6ZttGb54=
Subject key identifier:   9E:5A:A3:BA:DD:58:2B:B3:1F:C9:1C:C2:38:F6:F3:A5:CF:FB:DD:49
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       4BB734BB70BE5FD8960746F95593D28F12535996
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/84326b70-b7e7-4a5d-9f1c-9fa5105f6c05.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:a700::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:b7:34:bb:70:be:5f:d8:96:07:46:f9:55:93:d2:8f:12:53:59:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:74:23:a2:42:97:7e:f5:9d:28:a7:df:15:68:
                    5e:e9:02:73:23:bc:0b:9a:fc:b3:12:6e:f5:fc:32:
                    7c:63:1d:75:c4:e9:24:88:f3:b4:7a:b8:e4:b8:b6:
                    f6:2f:9c:11:bb:9c:bd:45:f0:fb:00:90:b7:8f:b8:
                    85:36:d2:ba:55:4a:1f:5f:b1:68:f0:bf:2c:1e:4a:
                    44:4f:0d:e7:15:56:90:de:39:b8:22:ea:66:16:9c:
                    db:bc:c3:ab:5f:0d:f3:55:00:84:df:fd:25:07:a9:
                    8e:2d:3c:39:fe:1e:0a:98:13:b9:0f:b2:66:56:20:
                    f5:40:9d:b1:1f:b4:fe:71:1c:13:b3:1f:c4:1b:5e:
                    d5:2c:dc:d2:d0:ce:10:2b:28:6d:b7:42:53:16:fa:
                    1c:d6:01:b7:9a:ea:a4:de:b1:e6:36:6a:a2:27:0b:
                    00:29:f1:a1:dd:8a:f2:7b:b7:69:ed:e1:52:70:ed:
                    86:9b:97:f6:c0:b7:73:13:2c:02:c4:34:5c:2c:cf:
                    3f:d7:ce:3b:1b:43:52:4b:3c:3e:c1:2e:83:df:9a:
                    e0:26:5e:d8:1c:43:5c:fc:be:8d:4a:b8:cc:a8:14:
                    11:53:b3:79:23:66:36:c2:5e:db:cc:09:eb:92:55:
                    54:e4:a3:3e:da:ce:1b:b5:5c:ac:7b:30:b0:f9:8d:
                    98:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:5A:A3:BA:DD:58:2B:B3:1F:C9:1C:C2:38:F6:F3:A5:CF:FB:DD:49
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/84326b70-b7e7-4a5d-9f1c-9fa5105f6c05.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:a700::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:9b:6e:89:00:82:d3:ca:ac:a6:cc:77:32:a9:64:60:39:3c:
         fb:3e:b1:5a:40:ba:9a:ef:77:78:cd:22:3c:cb:d0:52:4a:7b:
         de:8e:45:e5:43:6b:13:54:5e:43:0a:99:73:48:b3:a2:92:5e:
         dc:4d:30:02:51:c7:33:c7:50:b7:3a:74:42:fc:68:83:a0:b1:
         ce:36:f9:26:53:a5:1b:02:82:77:d6:77:bc:f9:df:04:02:51:
         88:3d:8c:d8:d3:0c:4e:d9:11:0a:e7:ba:a7:67:89:c5:de:ff:
         66:d0:5c:05:36:7a:25:fb:39:1a:10:89:5a:fb:59:f6:d6:2b:
         f7:40:46:d5:17:ab:b6:99:98:82:e8:53:34:ba:25:c8:4b:13:
         8a:2a:4e:06:a0:f8:0d:af:a4:71:48:fe:32:e5:0f:ae:e2:a3:
         4b:40:eb:cb:54:0b:ff:93:20:97:bf:83:d4:74:c4:36:dd:83:
         10:12:18:b1:df:94:0d:f1:0c:a2:5f:bc:61:d0:2e:a6:9d:64:
         14:8d:b3:15:4d:fe:02:0f:3b:9d:d0:a7:8f:ca:ae:7f:9f:7a:
         d9:69:c7:fd:85:2e:5e:f1:90:e5:e4:07:17:d0:73:dd:9b:d6:
         f5:a8:b5:f5:1c:0c:a2:dd:e8:62:14:82:e8:9c:f2:e6:e6:78:
         6f:d6:cc:07
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUS7c0u3C+X9iWB0b5VZPSjxJTWZYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOGY0OGQ2NGNjZjhiYWFjOTgxYmQ3MTVlNjNjMTE4MTJj
NGU5NmFjNTgxYzU1MzdkNTNjOTk4NzZlNjBjNTljMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDdCOiQpd+9Z0op98VaF7pAnMjvAua/LMSbvX8MnxjHXXE
6SSI87R6uOS4tvYvnBG7nL1F8PsAkLePuIU20rpVSh9fsWjwvyweSkRPDecVVpDe
Obgi6mYWnNu8w6tfDfNVAITf/SUHqY4tPDn+HgqYE7kPsmZWIPVAnbEftP5xHBOz
H8QbXtUs3NLQzhArKG23QlMW+hzWAbea6qTeseY2aqInCwAp8aHdivJ7t2nt4VJw
7Yabl/bAt3MTLALENFwszz/XzjsbQ1JLPD7BLoPfmuAmXtgcQ1z8vo1KuMyoFBFT
s3kjZjbCXtvMCeuSVVTkoz7azhu1XKx7MLD5jZidAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUnlqjut1YK7MfyRzCOPbzpc/73UkwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1Lzg0MzI2YjcwLWI3ZTctNGE1ZC05ZjFjLTlmYTUxMDVmNmMwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAJAApzANBgkqhkiG9w0BAQsFAAOCAQEAjptuiQCC08qspsx3MqlkYDk8
+z6xWkC6mu93eM0iPMvQUkp73o5F5UNrE1ReQwqZc0izopJe3E0wAlHHM8dQtzp0
Qvxog6Cxzjb5JlOlGwKCd9Z3vPnfBAJRiD2M2NMMTtkRCue6p2eJxd7/ZtBcBTZ6
Jfs5GhCJWvtZ9tYr90BG1RertpmYguhTNLolyEsTiipOBqD4Da+kcUj+MuUPruKj
S0Dry1QL/5Mgl7+D1HTENt2DEBIYsd+UDfEMol+8YdAupp1kFI2zFU3+Ag87ndCn
j8quf5962WnH/YUuXvGQ5eQHF9Bz3ZvW9ai19RwMot3oYhSC6Jzy5uZ4b9bMBw==
-----END CERTIFICATE-----