Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/2592ade6-505a-4e24-928b-9a1e71b309ae.roa
File:                     2592ade6-505a-4e24-928b-9a1e71b309ae.roa (raw, json)
Hash identifier:          6Cls8caxul7ZMn11OaLNDBAkjVCfUDmxeBdwzGlmMH0=
Subject key identifier:   24:80:63:56:1A:4B:24:AF:5F:86:9C:F5:A9:A1:63:EB:0B:DD:3A:2E
Certificate issuer:       /CN=6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267
Certificate serial:       62FC096F7292544FA539017149F1A1FB6DF3568A
Authority key identifier: 6D:CA:65:D0:71:4D:7E:F2:56:90:BC:09:13:D3:54:DB:AC:89:2A:5E
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/2592ade6-505a-4e24-928b-9a1e71b309ae.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2605:c940::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:fc:09:6f:72:92:54:4f:a5:39:01:71:49:f1:a1:fb:6d:f3:56:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: CN=15f1683a-c0c2-4266-9a96-ecf9eba3239c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:79:17:32:72:b7:57:f3:1d:f1:b2:2f:62:4f:
                    96:72:fb:8f:47:5e:60:00:48:52:c5:80:54:79:f4:
                    7a:ae:05:13:86:ba:38:cd:23:b4:96:23:9c:d1:a6:
                    93:04:07:f5:17:d1:d2:8c:b1:58:e7:45:88:33:a3:
                    e9:b5:aa:5f:c9:4f:01:8c:8d:45:2f:76:16:fa:56:
                    73:0e:12:c9:eb:aa:48:80:b7:d2:70:2c:21:37:f5:
                    d8:c1:8c:21:d5:96:de:8e:d3:fd:7e:8b:25:d5:71:
                    b2:a7:0b:4d:4f:e4:f6:4a:73:84:36:22:50:cf:51:
                    80:b3:a1:65:46:43:88:75:9b:f7:cd:5a:20:07:bb:
                    7e:76:d6:59:c6:1a:37:19:93:0b:6a:ac:5e:e0:d0:
                    28:1d:7b:e0:95:c5:e1:8e:53:4f:1b:20:bc:49:29:
                    80:a9:0a:25:a2:8e:39:e5:c2:db:69:aa:d2:a0:50:
                    1e:71:40:5b:9a:66:48:6d:da:f9:e8:6c:2c:75:a7:
                    2f:72:b9:46:81:4b:f5:de:be:63:a3:88:2d:4f:58:
                    cf:8c:63:97:dc:88:c1:65:8f:a4:84:a8:2d:9e:05:
                    c6:80:dd:97:b1:6a:63:b8:4a:56:bf:52:a6:f9:7e:
                    19:20:a2:55:69:11:46:c2:da:eb:ab:b9:6b:1d:e1:
                    39:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:80:63:56:1A:4B:24:AF:5F:86:9C:F5:A9:A1:63:EB:0B:DD:3A:2E
            X509v3 Authority Key Identifier:
                keyid:6D:CA:65:D0:71:4D:7E:F2:56:90:BC:09:13:D3:54:DB:AC:89:2A:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/7276b2fa-548d-4970-8314-8d73945c34d8/6f9b985b0fe5def09b994f8cf60bad8c9029c00657750b2267.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/2592ade6-505a-4e24-928b-9a1e71b309ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b3f6b688-cff4-402f-97d5-02f6f1886b7e/5d7wm5lPjPYLrYyQKcAGV3ULImc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:c940::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:6b:81:49:d0:de:8a:06:19:77:de:e3:4b:22:76:35:b2:39:
         60:8e:70:07:1d:af:b0:bf:bb:bd:88:97:68:2a:d8:2d:88:a6:
         ee:53:3b:9a:d8:96:e7:9f:ee:f9:61:c5:e6:19:35:a0:35:58:
         c2:c1:5b:9e:f2:7b:a3:a1:95:82:61:89:e0:4c:65:4a:f6:79:
         fc:b1:56:70:c8:fd:40:8c:61:54:5b:bb:11:9b:02:81:57:45:
         58:96:5a:27:8d:af:e7:b2:ed:6a:96:93:e0:58:4f:5f:9b:46:
         d4:dd:65:65:9c:ba:a2:c2:5b:56:63:8f:90:10:18:4b:b4:ca:
         e1:63:f1:ed:6b:1c:5a:26:34:72:44:f1:75:d1:86:f7:ce:24:
         1d:71:e7:16:58:b3:15:ca:c2:72:a8:00:a3:e2:47:fb:49:de:
         64:80:ef:a9:78:4c:97:99:62:53:fd:b8:e2:8e:b8:ed:5a:3a:
         d8:c0:3e:23:fb:cd:2b:c3:0c:a2:7f:79:32:e8:27:41:f7:12:
         aa:29:24:ed:f6:cb:4f:a1:a3:73:f3:01:a1:d3:28:e2:42:31:
         2e:04:f8:52:ee:c2:4a:ea:fd:81:62:56:6f:4c:c5:1a:c4:c9:
         5c:3f:ec:d2:6b:fa:8e:9c:50:a1:e7:36:ae:af:1b:e1:ae:76:
         34:f8:ad:34
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUYvwJb3KSVE+lOQFxSfGh+23zVoowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmY5Yjk4NWIwZmU1ZGVmMDliOTk0ZjhjZjYwYmFkOGM5
MDI5YzAwNjU3NzUwYjIyNjcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNjA4NzhmZTZmZTdlMmIyNjdjMmFmMDc4NjRjMmNmZTEx
ZDk5YzA2OTQ2YjMzODFmN2EzODRiODk3MzhmOTM4MS0wKwYDVQQDEyQxNWYxNjgz
YS1jMGMyLTQyNjYtOWE5Ni1lY2Y5ZWJhMzIzOWMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9eRcycrdX8x3xsi9iT5Zy+49HXmAASFLFgFR59HquBROG
ujjNI7SWI5zRppMEB/UX0dKMsVjnRYgzo+m1ql/JTwGMjUUvdhb6VnMOEsnrqkiA
t9JwLCE39djBjCHVlt6O0/1+iyXVcbKnC01P5PZKc4Q2IlDPUYCzoWVGQ4h1m/fN
WiAHu3521lnGGjcZkwtqrF7g0Cgde+CVxeGOU08bILxJKYCpCiWijjnlwttpqtKg
UB5xQFuaZkht2vnobCx1py9yuUaBS/XevmOjiC1PWM+MY5fciMFlj6SEqC2eBcaA
3ZexamO4Sla/Uqb5fhkgolVpEUbC2uuruWsd4TkPAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUJIBjVhpLJK9fhpz1qaFj6wvdOi4wHwYDVR0jBBgwFoAUbcpl0HFNfvJW
kLwJE9NU26yJKl4wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83Mjc2YjJmYS01
NDhkLTQ5NzAtODMxNC04ZDczOTQ1YzM0ZDgvNmY5Yjk4NWIwZmU1ZGVmMDliOTk0
ZjhjZjYwYmFkOGM5MDI5YzAwNjU3NzUwYjIyNjcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjNmNmI2ODgtY2ZmNC00MDJmLTk3ZDUtMDJm
NmYxODg2YjdlLzI1OTJhZGU2LTUwNWEtNGUyNC05MjhiLTlhMWU3MWIzMDlhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2IzZjZiNjg4LWNmZjQtNDAyZi05N2Q1
LTAyZjZmMTg4NmI3ZS81ZDd3bTVsUGpQWUxyWXlRS2NBR1YzVUxJbWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmBclAMA0GCSqGSIb3DQEBCwUAA4IBAQALa4FJ0N6KBhl33uNLInY1sjlg
jnAHHa+wv7u9iJdoKtgtiKbuUzua2Jbnn+75YcXmGTWgNVjCwVue8nujoZWCYYng
TGVK9nn8sVZwyP1AjGFUW7sRmwKBV0VYllonja/nsu1qlpPgWE9fm0bU3WVlnLqi
wltWY4+QEBhLtMrhY/HtaxxaJjRyRPF10Yb3ziQdcecWWLMVysJyqACj4kf7Sd5k
gO+peEyXmWJT/bjijrjtWjrYwD4j+80rwwyif3ky6CdB9xKqKSTt9stPoaNz8wGh
0yjiQjEuBPhS7sJK6v2BYlZvTMUaxMlcP+zSa/qOnFCh5zaurxvhrnY0+K00
-----END CERTIFICATE-----