Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/15c69da0-d471-4f52-b26d-a3639b01e410.roa
File:                     15c69da0-d471-4f52-b26d-a3639b01e410.roa (raw, json)
Hash identifier:          lP02ZQJzqd/m0YuMghuW5OWRia7ZAEakC790KGgNxso=
Subject key identifier:   FE:F0:E9:26:06:2F:97:CB:28:F0:3E:F1:BB:57:86:6B:D2:CA:EC:90
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       40117883FD60A28E508B2E02E6C9EE8E017C0C61
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/15c69da0-d471-4f52-b26d-a3639b01e410.roa
Signing time:             Mon 17 Mar 2025 15:31:25 +0000
ROA not before:           Mon 17 Mar 2025 15:31:25 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2605:9cc0:c0e::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:11:78:83:fd:60:a2:8e:50:8b:2e:02:e6:c9:ee:8e:01:7c:0c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Mar 17 15:31:25 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:47:a0:9a:fe:25:03:bb:4f:f3:f4:29:39:30:
                    f3:3c:9e:ea:23:6f:a4:a4:8e:77:0a:5d:11:df:9d:
                    4a:f4:cf:4c:01:74:a2:9e:1a:24:bd:d2:ab:6d:ae:
                    15:be:a6:0a:f2:75:80:86:98:9c:2e:0b:f0:97:d9:
                    cf:80:56:5c:e4:cb:3f:cc:29:40:09:db:d6:f6:cd:
                    d3:16:2b:1b:a5:49:1c:c9:0d:19:d0:94:a3:ac:b6:
                    77:88:23:7a:c3:68:83:21:a9:6f:54:09:fe:73:30:
                    3d:d6:3c:ed:12:42:3a:c2:c0:62:9b:60:c3:d8:4e:
                    85:2e:b3:cc:65:2e:81:e6:d3:33:fd:6e:67:19:9e:
                    28:24:43:74:52:4f:33:65:22:cb:98:6a:4a:f1:59:
                    f5:e1:e8:e9:17:43:dd:63:ff:43:39:db:ad:25:45:
                    3f:67:2f:55:6d:cc:0b:7a:ac:b9:c2:9a:20:48:42:
                    7e:69:4c:8f:dc:b3:09:b3:c0:64:57:cd:8a:9d:6c:
                    5a:23:0c:2b:02:bb:42:bb:e5:d6:98:51:75:80:75:
                    ec:4e:df:ad:a8:d5:b2:df:56:e5:15:e7:ab:9f:12:
                    aa:57:1c:d2:6c:3a:c1:76:ec:b2:6f:84:9e:5d:ec:
                    00:ba:10:55:91:78:cc:15:5c:3b:fa:16:e7:ed:23:
                    dc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:F0:E9:26:06:2F:97:CB:28:F0:3E:F1:BB:57:86:6B:D2:CA:EC:90
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/15c69da0-d471-4f52-b26d-a3639b01e410.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:c0e::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:b1:97:e6:fa:06:48:f1:f7:0f:b8:cf:77:19:d9:2e:15:85:
         e3:7b:d2:dc:35:bd:50:86:85:63:4c:05:cc:aa:8c:55:5a:38:
         1b:f8:b1:21:34:73:84:6f:e4:37:dc:91:25:c1:a1:6c:0f:59:
         5b:60:47:59:9e:d6:99:52:7c:b0:04:29:28:fd:0b:6e:4a:b1:
         bf:e1:14:71:71:4e:f4:a8:29:3e:ae:64:36:d5:34:4e:d4:39:
         e6:cf:3f:79:3b:35:80:25:b3:a5:3c:5f:18:52:ec:ee:67:00:
         47:d5:8e:c9:0f:b3:aa:72:aa:fb:1c:e3:29:d1:73:77:7a:b3:
         a8:05:d5:8b:9f:ef:d8:a8:fb:b1:5f:0f:c7:79:1f:b6:d4:67:
         b1:b9:07:e7:a1:af:b2:2c:71:9d:8f:49:46:96:0f:a1:60:5e:
         1f:bd:59:4a:d2:8e:77:3c:20:87:c0:de:b3:ee:9e:e9:93:d8:
         bc:92:28:c5:c1:a6:16:a4:50:bd:ef:ad:8e:29:54:37:c5:75:
         dc:3a:9a:4c:6d:23:ba:f4:b5:65:9f:0c:e7:49:b5:48:87:dc:
         f1:b2:e8:78:8a:2e:5d:6f:3b:36:1a:d4:0f:bb:6b:4e:f4:94:
         05:d3:e8:eb:f3:23:63:ca:ba:21:b9:40:4f:94:04:f7:c1:24:
         32:b5:20:65
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQBF4g/1goo5Qiy4C5snujgF8DGEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMzE3MTUzMTI1WhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzg2ZGQ0OGYzZGNhOWYxNmU0ZmQ1N2VjODZlMTkxOWFk
YzkwNjM4OTYyNWFmMTM2YjFhNmZkYzhmYzkxNWZiMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSR6Ca/iUDu0/z9Ck5MPM8nuojb6SkjncKXRHfnUr0z0wB
dKKeGiS90qttrhW+pgrydYCGmJwuC/CX2c+AVlzkyz/MKUAJ29b2zdMWKxulSRzJ
DRnQlKOstneII3rDaIMhqW9UCf5zMD3WPO0SQjrCwGKbYMPYToUus8xlLoHm0zP9
bmcZnigkQ3RSTzNlIsuYakrxWfXh6OkXQ91j/0M5260lRT9nL1VtzAt6rLnCmiBI
Qn5pTI/cswmzwGRXzYqdbFojDCsCu0K75daYUXWAdexO362o1bLfVuUV56ufEqpX
HNJsOsF27LJvhJ5d7AC6EFWReMwVXDv6FuftI9yrAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU/vDpJgYvl8so8D7xu1eGa9LK7JAwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzE1YzY5ZGEwLWQ0NzEtNGY1Mi1iMjZkLWEzNjM5YjAxZTQxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzADA4wDQYJKoZIhvcNAQELBQADggEBABexl+b6Bkjx9w+4z3cZ2S4V
heN70tw1vVCGhWNMBcyqjFVaOBv4sSE0c4Rv5DfckSXBoWwPWVtgR1me1plSfLAE
KSj9C25Ksb/hFHFxTvSoKT6uZDbVNE7UOebPP3k7NYAls6U8XxhS7O5nAEfVjskP
s6pyqvsc4ynRc3d6s6gF1Yuf79io+7FfD8d5H7bUZ7G5B+ehr7IscZ2PSUaWD6Fg
Xh+9WUrSjnc8IIfA3rPunumT2LySKMXBphakUL3vrY4pVDfFddw6mkxtI7r0tWWf
DOdJtUiH3PGy6HiKLl1vOzYa1A+7a070lAXT6OvzI2PKuiG5QE+UBPfBJDK1IGU=
-----END CERTIFICATE-----