Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0396d0da-0d50-49a7-bf6f-b7d6361f8eeb.roa
File:                     0396d0da-0d50-49a7-bf6f-b7d6361f8eeb.roa (raw, json)
Hash identifier:          gijpVBZHsFR2t42ifARiREXDOuMIUotji+yq1aIBShI=
Subject key identifier:   39:6F:80:78:82:0B:73:C5:7C:0D:C7:DF:FF:E3:1B:51:38:4E:49:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       702FCEB1B45812074D6A9E6803D1C62C0782D92A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0396d0da-0d50-49a7-bf6f-b7d6361f8eeb.roa
Signing time:             Wed 26 Mar 2025 00:21:51 +0000
ROA not before:           Wed 26 Mar 2025 00:21:51 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:4010::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:2f:ce:b1:b4:58:12:07:4d:6a:9e:68:03:d1:c6:2c:07:82:d9:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 26 00:21:51 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:8a:79:63:ee:b8:be:ff:48:73:e9:03:f3:10:
                    f9:9d:5e:8f:a1:33:da:75:bb:7c:de:ca:7f:c6:0e:
                    dd:33:4a:cc:92:0c:12:86:01:80:0b:f4:a0:05:46:
                    a1:e2:41:f5:9b:56:33:48:3e:65:e0:46:08:bc:ff:
                    aa:28:71:72:f9:ea:b1:29:df:40:48:83:80:fd:c5:
                    17:8e:3d:78:75:e0:09:61:6b:25:d9:a1:5e:40:62:
                    16:54:be:01:2a:0d:1b:98:fe:97:f5:f8:13:3a:43:
                    cb:45:f3:82:e7:b3:2e:89:b5:da:0e:0b:07:f3:7a:
                    9f:df:7a:52:72:fc:0b:47:a0:13:50:dd:f1:ce:02:
                    15:13:bd:98:cf:92:f7:1c:49:f9:b4:c4:38:5f:a4:
                    6d:51:d7:e4:c7:ef:41:49:1a:c0:c8:ad:39:46:15:
                    b7:1a:fa:8e:71:2d:5e:1b:2b:73:97:7f:88:58:10:
                    33:b6:ba:f8:cd:44:85:62:2b:4a:6a:0b:f8:64:99:
                    c3:a5:44:a5:16:ef:97:c2:0b:ac:ba:98:de:70:9c:
                    8a:d1:1a:a3:b6:6a:ff:46:96:b4:8f:47:92:d0:12:
                    d1:6b:15:4c:1a:24:25:7f:b8:fb:8d:a8:50:b6:cb:
                    a0:fe:6a:cc:c0:80:d9:4f:db:7f:af:a3:2b:aa:28:
                    3a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6F:80:78:82:0B:73:C5:7C:0D:C7:DF:FF:E3:1B:51:38:4E:49:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0396d0da-0d50-49a7-bf6f-b7d6361f8eeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:4010::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:1c:6c:b1:49:cf:5f:bf:8d:ee:25:5c:f2:1b:62:ad:2b:ec:
         9f:15:6f:a9:a4:94:05:86:d3:ff:c3:c5:2d:83:8b:8e:14:f9:
         91:74:27:93:da:39:c5:ef:35:9e:e9:62:17:40:9f:17:68:38:
         c4:51:17:96:58:ad:74:12:bb:47:f8:95:82:38:6f:c2:c2:fa:
         0d:14:a5:05:70:c8:25:0d:dc:48:30:c3:ad:f0:5a:1d:a4:4b:
         61:15:57:b0:0e:b7:09:d9:52:33:c4:f6:aa:1f:2a:8a:7b:4f:
         bc:00:f7:55:1a:7a:ea:32:6c:44:28:fd:a7:b2:d8:69:71:96:
         b9:db:c6:e7:a4:40:cb:fe:f6:ee:a0:7f:6f:8b:cd:97:36:50:
         41:32:d4:e2:9d:05:1e:f7:fa:d2:3c:e3:f1:f9:8c:f4:b9:04:
         a5:f6:56:47:ba:1a:ac:4e:94:34:f9:a8:e3:d9:2f:39:ba:d4:
         64:06:28:cf:bf:a6:e9:6c:e1:ad:e7:f3:fa:58:28:3c:24:6a:
         de:2e:90:ce:3a:f4:cb:cb:ab:be:a3:e2:a3:5e:1a:36:7d:3c:
         a2:95:1e:45:5d:a8:60:7c:17:22:7c:35:0a:d5:1e:19:d3:3f:
         30:b6:9d:fa:dd:eb:50:34:1a:f5:00:37:95:49:2d:0c:33:5e:
         f4:e1:a6:0e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcC/OsbRYEgdNap5oA9HGLAeC2SowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI2MDAyMTUxWhcNMjUwNDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMDFiZjg3YzYzNzcwNzYxMmU1NGQxZjA1YjVkYTExMzY2
MmE0MWQzOThhZGI5Y2Q0MGQ5NzZiNGExMjM0YTg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZinlj7ri+/0hz6QPzEPmdXo+hM9p1u3zeyn/GDt0zSsyS
DBKGAYAL9KAFRqHiQfWbVjNIPmXgRgi8/6oocXL56rEp30BIg4D9xReOPXh14Alh
ayXZoV5AYhZUvgEqDRuY/pf1+BM6Q8tF84Lnsy6JtdoOCwfzep/felJy/AtHoBNQ
3fHOAhUTvZjPkvccSfm0xDhfpG1R1+TH70FJGsDIrTlGFbca+o5xLV4bK3OXf4hY
EDO2uvjNRIViK0pqC/hkmcOlRKUW75fCC6y6mN5wnIrRGqO2av9GlrSPR5LQEtFr
FUwaJCV/uPuNqFC2y6D+aszAgNlP23+voyuqKDrzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUOW+AeIILc8V8Dcff/+MbUThOSZgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzOTZkMGRhLTBkNTAtNDlhNy1iZjZmLWI3ZDYzNjFmOGVlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//QBAwDQYJKoZIhvcNAQELBQADggEBAG0cbLFJz1+/je4lXPIbYq0r
7J8Vb6mklAWG0//DxS2Di44U+ZF0J5PaOcXvNZ7pYhdAnxdoOMRRF5ZYrXQSu0f4
lYI4b8LC+g0UpQVwyCUN3Egww63wWh2kS2EVV7AOtwnZUjPE9qofKop7T7wA91Ua
euoybEQo/aey2GlxlrnbxuekQMv+9u6gf2+LzZc2UEEy1OKdBR73+tI84/H5jPS5
BKX2Vke6GqxOlDT5qOPZLzm61GQGKM+/puls4a3n8/pYKDwkat4ukM469MvLq76j
4qNeGjZ9PKKVHkVdqGB8FyJ8NQrVHhnTPzC2nfrd61A0GvUAN5VJLQwzXvThpg4=
-----END CERTIFICATE-----