Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3b1d79f6-944a-4da0-acd2-15477b975226.roa
File:                     3b1d79f6-944a-4da0-acd2-15477b975226.roa (raw, json)
Hash identifier:          dDg2fdozVeq/W7uzKZyiyHTaHPuqYS6sD+2aDUsl8rA=
Subject key identifier:   A8:79:B0:F4:C0:0F:0F:D7:A5:69:A7:8A:2E:B1:75:DC:EC:3E:64:DC
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       13E3147D1EA8EC2423FD39DD60F4B56F1E96F69A
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3b1d79f6-944a-4da0-acd2-15477b975226.roa
Signing time:             Tue 04 Mar 2025 23:11:02 +0000
ROA not before:           Tue 04 Mar 2025 23:11:02 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f0:551b::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:e3:14:7d:1e:a8:ec:24:23:fd:39:dd:60:f4:b5:6f:1e:96:f6:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Mar  4 23:11:02 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3f:5b:1f:ec:70:eb:20:f6:13:e7:e9:30:3e:
                    8b:6e:01:39:f1:91:fa:f5:de:f6:7a:92:15:94:75:
                    4e:eb:4c:9d:2b:10:b3:dc:71:bd:76:ca:e3:ef:59:
                    92:36:0a:a4:8e:35:32:71:de:b0:ee:a1:36:ea:a8:
                    9d:1d:36:78:34:2a:3e:a0:7a:43:fc:48:c9:f8:1b:
                    73:83:11:75:88:d8:9b:6e:31:36:fa:7e:74:ab:e4:
                    97:98:01:ba:6f:7f:a0:47:ba:7c:d3:92:6a:4a:c1:
                    9a:8a:69:b3:57:b3:c7:ce:bc:a6:b5:b6:a0:8e:fb:
                    17:af:97:7b:95:d1:5d:fe:e2:c7:be:6d:c8:09:2d:
                    3d:5d:23:69:0a:ff:4b:3f:00:0b:03:8d:64:d8:e0:
                    8e:9c:9c:1a:31:ed:2d:e7:16:fb:bc:21:80:04:dc:
                    75:6e:99:66:e1:38:e4:df:b1:06:71:72:6b:ea:69:
                    65:fb:32:ca:a2:85:bf:8a:9f:69:78:3d:5b:0e:51:
                    13:d2:6d:aa:e6:82:5b:9f:d3:74:57:a7:b7:24:44:
                    40:fe:8c:79:73:4e:91:fa:be:5a:cf:db:07:40:86:
                    60:c8:11:0b:06:3f:fb:9f:e3:8e:1d:e4:74:1b:d8:
                    ac:ba:26:b3:34:88:3e:a8:f3:41:aa:fc:5c:e1:d2:
                    66:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:79:B0:F4:C0:0F:0F:D7:A5:69:A7:8A:2E:B1:75:DC:EC:3E:64:DC
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/3b1d79f6-944a-4da0-acd2-15477b975226.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:551b::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:4d:bf:08:68:c5:53:fc:6a:d7:7d:1f:76:aa:2b:a3:13:d7:
         d8:c3:ad:80:1f:3c:1f:78:8c:fc:99:fe:a8:61:3d:37:d1:2c:
         c3:83:df:ee:6e:90:45:53:1f:bc:f3:d0:13:23:03:3f:29:ec:
         80:aa:57:7d:be:50:a1:55:7a:35:d0:45:11:ab:5d:65:86:9f:
         2a:3a:07:62:29:67:3c:0c:c4:c7:a1:41:49:23:a1:74:77:a4:
         5b:21:bd:17:3d:a6:df:f4:1a:05:c1:e9:53:8f:a4:fe:59:3a:
         56:80:94:7d:4b:92:8f:e2:62:80:95:cb:db:50:09:9f:ee:af:
         8b:40:66:a2:c0:ea:17:b7:0d:76:66:e1:46:76:42:41:3b:23:
         e4:e4:dd:2b:84:0b:a8:f4:78:5d:16:d5:4f:f7:cf:e5:fe:0d:
         ed:0c:0f:a5:44:b4:72:44:18:0c:90:40:c0:c0:de:59:01:96:
         ed:db:34:d2:9c:f0:c5:32:e7:a0:ec:d0:42:25:07:f4:1d:a8:
         0b:89:11:07:bb:eb:2b:c1:1b:13:a1:c9:89:36:39:e6:24:e9:
         17:8f:cf:ec:51:07:5f:27:a5:e0:c8:7e:a4:4e:06:ff:7d:44:
         74:76:4c:8a:69:c8:aa:56:fc:e7:9c:98:27:04:e9:a3:59:71:
         d8:43:2b:83
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUE+MUfR6o7CQj/TndYPS1bx6W9powDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMzA0MjMxMTAyWhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTg3ODNjMWVmNjQ0ZTYxYjhiMzM1ZWRhODAwOTc3MjI0
NGU4OTBhNjkyNjY3ZWQwMjdhNWM5ZGM3NWNmZTNiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEP1sf7HDrIPYT5+kwPotuATnxkfr13vZ6khWUdU7rTJ0r
ELPccb12yuPvWZI2CqSONTJx3rDuoTbqqJ0dNng0Kj6gekP8SMn4G3ODEXWI2Jtu
MTb6fnSr5JeYAbpvf6BHunzTkmpKwZqKabNXs8fOvKa1tqCO+xevl3uV0V3+4se+
bcgJLT1dI2kK/0s/AAsDjWTY4I6cnBox7S3nFvu8IYAE3HVumWbhOOTfsQZxcmvq
aWX7Msqihb+Kn2l4PVsOURPSbarmgluf03RXp7ckRED+jHlzTpH6vlrP2wdAhmDI
EQsGP/uf444d5HQb2Ky6JrM0iD6o80Gq/Fzh0madAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUqHmw9MAPD9elaaeKLrF13Ow+ZNwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzNiMWQ3OWY2LTk0NGEtNGRhMC1hY2QyLTE1NDc3Yjk3NTIyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRswDQYJKoZIhvcNAQELBQADggEBAItNvwhoxVP8atd9H3aqK6MT
19jDrYAfPB94jPyZ/qhhPTfRLMOD3+5ukEVTH7zz0BMjAz8p7ICqV32+UKFVejXQ
RRGrXWWGnyo6B2IpZzwMxMehQUkjoXR3pFshvRc9pt/0GgXB6VOPpP5ZOlaAlH1L
ko/iYoCVy9tQCZ/ur4tAZqLA6he3DXZm4UZ2QkE7I+Tk3SuEC6j0eF0W1U/3z+X+
De0MD6VEtHJEGAyQQMDA3lkBlu3bNNKc8MUy56Ds0EIlB/QdqAuJEQe76yvBGxOh
yYk2OeYk6RePz+xRB18npeDIfqROBv99RHR2TIppyKpW/OecmCcE6aNZcdhDK4M=
-----END CERTIFICATE-----