Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fca66e5-1583-4d16-a2d8-bb8ef34ed54d.roa
File:                     1fca66e5-1583-4d16-a2d8-bb8ef34ed54d.roa (raw, json)
Hash identifier:          QHDU0in45X437NdK2tpOcVLU2FbvXgC0BdBMeWSgE4c=
Subject key identifier:   D0:79:B1:5A:C6:FE:28:65:D9:83:29:94:5F:D2:DC:54:D3:6F:5A:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DB6772E5E5304C2661C03C72B233EDAF496D329
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fca66e5-1583-4d16-a2d8-bb8ef34ed54d.roa
Signing time:             Fri 28 Mar 2025 15:51:15 +0000
ROA not before:           Fri 28 Mar 2025 15:51:15 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:5040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:b6:77:2e:5e:53:04:c2:66:1c:03:c7:2b:23:3e:da:f4:96:d3:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:51:15 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:69:bf:03:19:e6:5e:c4:34:a4:03:24:50:df:
                    fc:0d:df:47:34:b5:d0:bc:b8:20:d9:d0:a6:c9:37:
                    d9:55:aa:a5:b4:7a:8d:a8:b3:cb:b1:cf:5a:55:fb:
                    12:e0:b2:74:67:49:e5:8c:30:8b:0b:03:6e:d1:d0:
                    1f:bd:36:30:58:db:94:93:74:f6:89:be:99:11:50:
                    7f:23:61:de:57:b6:d4:76:7f:78:de:76:44:a1:06:
                    2d:dd:35:27:92:40:d8:77:2c:57:d6:2b:9e:a8:5b:
                    cb:b7:4b:ee:73:bc:a9:c6:23:cb:8f:ff:95:3f:dc:
                    e2:df:48:03:4b:c2:a6:cc:08:dc:94:92:29:99:a9:
                    41:b5:90:a1:16:14:a6:cd:4d:ef:7c:c5:8f:9f:a3:
                    5d:07:b8:d0:8b:e0:93:b0:1a:bc:bd:ec:9d:b8:36:
                    a2:68:4e:17:79:4b:85:24:30:06:1b:96:19:de:63:
                    26:32:31:87:fb:40:aa:8d:8b:f6:81:03:6f:c5:d8:
                    0f:ad:7f:2b:de:c8:62:91:98:76:fb:c9:c8:d3:26:
                    b0:94:48:e8:9e:b6:10:18:ec:d3:7c:50:38:ab:5d:
                    4b:d0:2d:cc:bb:5b:7a:30:c6:f7:b6:af:fb:13:61:
                    cf:05:13:4f:c5:fb:f7:6e:ce:52:97:b7:95:fb:26:
                    e2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:79:B1:5A:C6:FE:28:65:D9:83:29:94:5F:D2:DC:54:D3:6F:5A:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fca66e5-1583-4d16-a2d8-bb8ef34ed54d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:5040::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:9b:69:37:f7:a3:c6:b9:46:be:c7:b6:35:dd:5f:30:3f:a9:
         0c:ad:f5:de:0f:cd:8b:4a:ee:f6:b6:11:65:ba:e9:10:a6:ec:
         f8:d2:9a:6e:15:8e:3d:4e:1b:6b:9e:0e:76:e5:13:a8:69:4a:
         15:d1:25:0d:47:63:a4:1a:5f:6f:3c:05:33:01:ad:14:8f:8b:
         57:a8:bc:57:c1:40:98:31:4c:e6:24:32:8a:07:27:67:8e:d6:
         6b:89:c4:6c:fe:68:c0:3c:58:74:bf:b2:08:95:54:b4:b4:0d:
         2f:f6:47:b7:e1:a5:f5:92:8b:1c:95:e3:fd:cf:ca:00:2c:0d:
         f2:25:82:af:bb:d6:5f:3e:10:b2:9f:1c:b6:e7:79:aa:c1:53:
         32:74:10:19:40:1e:ee:cc:5c:aa:76:34:f4:11:93:b7:2d:60:
         3d:12:93:ba:3e:53:27:6d:6b:9d:86:70:34:42:43:fb:73:79:
         98:9b:02:33:9c:38:08:55:b7:a7:c8:74:66:c7:de:36:f6:c6:
         0b:58:b0:99:bb:c2:37:39:dc:07:91:f2:66:80:97:5a:fe:d6:
         78:40:8b:b5:8c:b1:47:03:ab:62:4e:0f:7a:5d:d4:33:1f:ff:
         e1:42:f9:22:ea:ff:35:76:e3:7d:09:18:36:34:64:72:19:d4:
         b1:96:47:b5
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUfbZ3Ll5TBMJmHAPHKyM+2vSW0ykwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTU1MTE1WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjE3ZjI2NjVjN2ViZGIzNWQ3N2Y3NzVlYWZlYjg4NzQx
YmEzMWQxMWEzNjliNjRjYzliMDI5YTdhOTIxZDZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlab8DGeZexDSkAyRQ3/wN30c0tdC8uCDZ0KbJN9lVqqW0
eo2os8uxz1pV+xLgsnRnSeWMMIsLA27R0B+9NjBY25STdPaJvpkRUH8jYd5XttR2
f3jedkShBi3dNSeSQNh3LFfWK56oW8u3S+5zvKnGI8uP/5U/3OLfSANLwqbMCNyU
kimZqUG1kKEWFKbNTe98xY+fo10HuNCL4JOwGry97J24NqJoThd5S4UkMAYblhne
YyYyMYf7QKqNi/aBA2/F2A+tfyveyGKRmHb7ycjTJrCUSOiethAY7NN8UDirXUvQ
Lcy7W3owxve2r/sTYc8FE0/F+/duzlKXt5X7JuIZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU0HmxWsb+KGXZgymUX9LcVNNvWpwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmY2E2NmU1LTE1ODMtNGQxNi1hMmQ4LWJiOGVmMzRlZDU0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hUEAwDQYJKoZIhvcNAQELBQADggEBAMGbaTf3o8a5Rr7HtjXdXzA/
qQyt9d4PzYtK7va2EWW66RCm7PjSmm4Vjj1OG2ueDnblE6hpShXRJQ1HY6QaX288
BTMBrRSPi1eovFfBQJgxTOYkMooHJ2eO1muJxGz+aMA8WHS/sgiVVLS0DS/2R7fh
pfWSixyV4/3PygAsDfIlgq+71l8+ELKfHLbnearBUzJ0EBlAHu7MXKp2NPQRk7ct
YD0Sk7o+Uydta52GcDRCQ/tzeZibAjOcOAhVt6fIdGbH3jb2xgtYsJm7wjc53AeR
8maAl1r+1nhAi7WMsUcDq2JOD3pd1DMf/+FC+SLq/zV2430JGDY0ZHIZ1LGWR7U=
-----END CERTIFICATE-----