Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/5247e20e-4480-4c24-b0b9-365d2db6de35.roa
File:                     5247e20e-4480-4c24-b0b9-365d2db6de35.roa (raw, json)
Hash identifier:          XGfYOMWpAnscEhvVBwnb5hg12a/0dn6X+I5QHUQI2Gs=
Subject key identifier:   F7:EC:5A:90:9A:57:71:7D:FE:63:8A:8E:22:6D:F7:CF:2C:03:C6:52
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       78F20EC67CF9FE9D4621BBA17F24B2F518A6B7FE
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/5247e20e-4480-4c24-b0b9-365d2db6de35.roa
Signing time:             Mon 17 Mar 2025 15:30:08 +0000
ROA not before:           Mon 17 Mar 2025 15:30:08 +0000
ROA not after:            Mon 21 Apr 2025 23:59:59 +0000
asID:                     21664
IP address blocks:        2605:9cc0:c15::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:f2:0e:c6:7c:f9:fe:9d:46:21:bb:a1:7f:24:b2:f5:18:a6:b7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Mar 17 15:30:08 2025 GMT
            Not After : Apr 21 23:59:59 2025 GMT
        Subject: CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:47:6b:03:b8:24:34:0d:09:81:8f:68:e5:e6:
                    e1:1c:ba:11:dd:36:3b:96:f7:63:b1:62:70:4a:5a:
                    c5:53:f3:02:27:3f:07:ab:30:06:2d:10:70:49:7b:
                    79:30:09:8b:b1:15:be:ff:7a:8f:09:43:f5:9c:68:
                    f4:f2:51:bf:5a:a5:61:c2:06:d9:81:f2:71:14:c0:
                    f5:b6:cb:13:31:5c:f0:cf:4d:f2:41:ee:45:a4:d7:
                    30:14:2f:39:a4:85:63:70:4f:97:47:ca:e6:b2:3f:
                    81:27:2a:40:b8:bf:c4:ef:42:84:72:d0:ab:3e:b6:
                    97:6a:2f:5b:10:0b:d8:a5:b1:93:d3:8a:ee:f8:2c:
                    a7:70:e6:e3:83:d6:64:a7:b0:5f:21:c6:5e:d7:a9:
                    46:64:3e:dd:42:d5:e9:4d:bf:8d:77:ac:1d:09:13:
                    f6:6f:3d:0b:6d:53:35:72:ce:48:c7:42:3a:45:22:
                    54:3f:af:20:7e:0a:38:8c:f6:07:be:d4:f3:5f:01:
                    25:29:fc:df:4a:3f:67:ea:ba:dd:87:da:fb:bf:a6:
                    ca:b8:74:dd:67:b1:10:c2:57:17:ab:28:85:5c:08:
                    37:6a:c4:62:72:03:70:7e:3e:a9:8d:3f:b9:7e:a2:
                    0d:90:cf:81:45:31:2b:7c:55:b8:49:e7:a3:cc:de:
                    89:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:EC:5A:90:9A:57:71:7D:FE:63:8A:8E:22:6D:F7:CF:2C:03:C6:52
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/5247e20e-4480-4c24-b0b9-365d2db6de35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:c15::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:05:6c:84:d7:ce:cf:05:37:88:99:96:b8:33:dd:8f:1c:c6:
         d1:f5:b7:cf:c4:7c:69:6b:7f:0d:c9:e6:2e:93:7c:af:26:78:
         85:e2:a8:39:7b:ab:1b:b8:4a:c5:8c:27:7c:c4:df:d5:ae:41:
         a3:a4:1b:b7:44:a5:a5:03:b4:d0:49:05:a5:a6:97:ae:75:90:
         c2:13:d3:bd:0e:06:0f:62:9f:24:dc:78:17:a4:98:47:69:dc:
         15:a5:c5:a2:3f:03:74:27:0e:24:a6:55:3f:ad:d0:0b:e9:66:
         5b:bb:22:13:79:d3:c0:4c:ff:5a:0b:55:89:7f:c8:7f:fd:fa:
         05:78:de:c4:e3:71:e1:29:c8:81:1a:37:5b:b2:59:cf:b7:11:
         63:08:0b:f9:e0:62:d3:de:ab:5a:bd:ff:53:2a:95:75:06:a7:
         94:80:24:78:cb:ec:56:7f:2c:1b:47:7d:90:d2:ed:38:2d:8a:
         51:a0:59:af:47:0f:42:16:66:ea:5a:84:31:b6:e7:71:60:d9:
         7e:90:80:c5:ad:df:e9:03:e7:a2:1e:e1:a4:c7:1f:61:85:bc:
         0b:f0:00:a4:b4:38:57:5e:30:63:7b:9d:93:2c:d9:f1:d1:97:
         da:91:e8:f0:2f:5f:66:8b:87:38:a2:80:2b:68:61:42:a7:da:
         02:1d:8b:b8
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUePIOxnz5/p1GIbuhfySy9Rimt/4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjUwMzE3MTUzMDA4WhcNMjUwNDIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NTBlZWQzYWVhZWZlZGQyMGMzZDBmYWYwMjEwN2QyM2Vl
ODY1ZDcxNmQwYWI2MTYyN2VlYmQ1ZmRhODk4MzQ0MS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmR2sDuCQ0DQmBj2jl5uEcuhHdNjuW92OxYnBKWsVT8wIn
PwerMAYtEHBJe3kwCYuxFb7/eo8JQ/WcaPTyUb9apWHCBtmB8nEUwPW2yxMxXPDP
TfJB7kWk1zAULzmkhWNwT5dHyuayP4EnKkC4v8TvQoRy0Ks+tpdqL1sQC9ilsZPT
iu74LKdw5uOD1mSnsF8hxl7XqUZkPt1C1elNv413rB0JE/ZvPQttUzVyzkjHQjpF
IlQ/ryB+CjiM9ge+1PNfASUp/N9KP2fqut2H2vu/psq4dN1nsRDCVxerKIVcCDdq
xGJyA3B+PqmNP7l+og2Qz4FFMSt8VbhJ56PM3ok5AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU9+xakJpXcX3+Y4qOIm33zywDxlIwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzUyNDdlMjBlLTQ0ODAtNGMyNC1iMGI5LTM2NWQyZGI2ZGUzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzADBUwDQYJKoZIhvcNAQELBQADggEBAH8FbITXzs8FN4iZlrgz3Y8c
xtH1t8/EfGlrfw3J5i6TfK8meIXiqDl7qxu4SsWMJ3zE39WuQaOkG7dEpaUDtNBJ
BaWml651kMIT070OBg9inyTceBekmEdp3BWlxaI/A3QnDiSmVT+t0AvpZlu7IhN5
08BM/1oLVYl/yH/9+gV43sTjceEpyIEaN1uyWc+3EWMIC/ngYtPeq1q9/1MqlXUG
p5SAJHjL7FZ/LBtHfZDS7TgtilGgWa9HD0IWZupahDG253Fg2X6QgMWt3+kD56Ie
4aTHH2GFvAvwAKS0OFdeMGN7nZMs2fHRl9qR6PAvX2aLhziigCtoYUKn2gIdi7g=
-----END CERTIFICATE-----