Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21aa0dd7-3715-4fba-9058-ff15105f4485.roa
File:                     21aa0dd7-3715-4fba-9058-ff15105f4485.roa (raw, json)
Hash identifier:          Snva9zIVypi2Xvciz2T5nEXD7H7iYCJu7dztAbTiQDw=
Subject key identifier:   22:3B:2B:45:C7:86:0F:81:98:55:E0:B0:90:CF:88:D7:E4:6C:EB:48
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       41F2C01BD3D2EEFB9F7BDFD01D4A44904101EDB5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21aa0dd7-3715-4fba-9058-ff15105f4485.roa
Signing time:             Tue 25 Mar 2025 17:01:07 +0000
ROA not before:           Tue 25 Mar 2025 17:01:07 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:10c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:f2:c0:1b:d3:d2:ee:fb:9f:7b:df:d0:1d:4a:44:90:41:01:ed:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 25 17:01:07 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f0:28:35:ac:50:2b:0f:a2:e1:a8:f7:32:90:
                    63:ce:39:85:fb:77:09:8d:ae:a2:ad:8e:37:0e:22:
                    91:42:e5:dd:f6:c8:3d:4d:30:29:ee:0c:62:cd:7b:
                    47:11:53:57:de:f2:b4:5f:b9:d5:91:c0:fd:89:0b:
                    7a:00:0c:18:02:6f:19:88:23:40:25:da:25:d6:bb:
                    5a:d2:3a:db:eb:49:08:9f:95:84:fe:0e:ee:b6:85:
                    d9:c3:1a:c2:25:08:28:c0:80:de:73:79:da:94:0c:
                    72:c1:1e:24:7b:a2:9e:d3:ea:71:31:fc:40:94:2b:
                    4f:ac:7e:e8:cd:1e:1f:d6:4a:0b:96:e9:e8:fe:71:
                    8c:92:2b:e8:70:60:3d:7f:20:02:b8:1e:bb:cd:7e:
                    00:a6:8c:d4:19:53:99:be:bc:a5:a0:2a:41:ef:24:
                    11:1d:11:15:ef:88:f3:cc:9c:50:b1:fd:b0:77:07:
                    a9:53:87:2c:b2:ab:19:e8:bd:04:56:d6:54:c4:ee:
                    01:27:84:5a:7c:ce:99:9d:f2:32:cf:0e:ac:ac:9d:
                    85:88:ef:68:fc:d2:cd:c4:89:10:5f:7e:2f:d7:85:
                    f0:b4:9c:fa:07:f8:55:25:8e:d0:0c:13:dd:ff:2c:
                    25:fd:2d:b0:4e:10:51:38:de:9a:3d:d0:e2:0a:56:
                    81:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:3B:2B:45:C7:86:0F:81:98:55:E0:B0:90:CF:88:D7:E4:6C:EB:48
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21aa0dd7-3715-4fba-9058-ff15105f4485.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:10c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:11:30:5a:22:76:a8:81:18:f9:93:72:d5:cf:47:97:eb:6a:
         45:1a:51:a2:ef:1e:ee:65:2d:18:04:07:56:15:07:22:0f:c2:
         12:06:63:48:78:6a:45:82:0b:50:10:d6:53:a8:93:11:ba:fc:
         3e:02:c7:a7:74:53:70:e3:79:94:18:70:3a:27:2b:fa:35:01:
         0e:af:89:bf:01:ff:70:30:b1:81:e2:ec:0f:36:00:86:32:e7:
         76:15:69:a1:93:10:89:9d:06:33:a6:55:97:53:ae:6d:a6:91:
         28:fe:49:7f:97:d9:c8:c3:8e:31:1b:27:87:44:bd:65:04:e1:
         69:a5:95:54:ff:cb:16:d0:17:a3:2b:1f:7c:35:cd:b5:0c:7e:
         c8:a0:6a:67:6b:0e:29:46:17:f9:19:35:e1:9a:9a:21:b2:c1:
         cd:f6:a6:63:09:a4:f6:ae:b7:17:4a:ce:8b:23:2a:22:e9:21:
         c7:5b:b0:b4:bc:1b:18:15:46:0e:7f:44:d0:70:9e:e4:6f:c1:
         d4:38:ad:7e:4e:fe:2c:16:98:d7:53:01:0c:c5:dc:2e:09:6c:
         d7:dc:e4:52:1f:b6:41:52:37:fd:c7:34:b5:54:12:4d:35:a9:
         a9:ea:00:f3:db:d1:3d:69:7d:d4:bf:fe:0b:3d:0e:35:01:f0:
         3b:b3:a6:05
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQfLAG9PS7vufe9/QHUpEkEEB7bUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI1MTcwMTA3WhcNMjUwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNmVkMzU5MTA2MDdlZTNjNzBjMTg4YTFmYmQ0OThmNWRk
NmE3NGU0ZTUzMWM3MTJjNDA0ZTE4NjQ2NWI0YjhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCK8Cg1rFArD6LhqPcykGPOOYX7dwmNrqKtjjcOIpFC5d32
yD1NMCnuDGLNe0cRU1fe8rRfudWRwP2JC3oADBgCbxmII0Al2iXWu1rSOtvrSQif
lYT+Du62hdnDGsIlCCjAgN5zedqUDHLBHiR7op7T6nEx/ECUK0+sfujNHh/WSguW
6ej+cYySK+hwYD1/IAK4HrvNfgCmjNQZU5m+vKWgKkHvJBEdERXviPPMnFCx/bB3
B6lThyyyqxnovQRW1lTE7gEnhFp8zpmd8jLPDqysnYWI72j80s3EiRBffi/XhfC0
nPoH+FUljtAME93/LCX9LbBOEFE43po90OIKVoF/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUIjsrRceGD4GYVeCwkM+I1+Rs60gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxYWEwZGQ3LTM3MTUtNGZiYS05MDU4LWZmMTUxMDVmNDQ4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AEMAwDQYJKoZIhvcNAQELBQADggEBAMsRMFoidqiBGPmTctXPR5fr
akUaUaLvHu5lLRgEB1YVByIPwhIGY0h4akWCC1AQ1lOokxG6/D4Cx6d0U3DjeZQY
cDonK/o1AQ6vib8B/3AwsYHi7A82AIYy53YVaaGTEImdBjOmVZdTrm2mkSj+SX+X
2cjDjjEbJ4dEvWUE4WmllVT/yxbQF6MrH3w1zbUMfsigamdrDilGF/kZNeGamiGy
wc32pmMJpPautxdKzosjKiLpIcdbsLS8GxgVRg5/RNBwnuRvwdQ4rX5O/iwWmNdT
AQzF3C4JbNfc5FIftkFSN/3HNLVUEk01qanqAPPb0T1pfdS//gs9DjUB8DuzpgU=
-----END CERTIFICATE-----