Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/267d9a80-84ef-4441-a61a-743e56cb5be3.roa
File:                     267d9a80-84ef-4441-a61a-743e56cb5be3.roa (raw, json)
Hash identifier:          TKLA6sU2jYIyDVVzQGf0b6iHiKYTLj5rZfh038PscJA=
Subject key identifier:   59:25:FF:82:50:6F:EC:6A:BC:4D:40:0F:37:4E:F8:77:61:62:5C:53
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5936573F1CD3A3813FC9B8DC8383AFD226441D60
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/267d9a80-84ef-4441-a61a-743e56cb5be3.roa
Signing time:             Sat 22 Mar 2025 00:01:01 +0000
ROA not before:           Sat 22 Mar 2025 00:01:01 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:3400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:36:57:3f:1c:d3:a3:81:3f:c9:b8:dc:83:83:af:d2:26:44:1d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 22 00:01:01 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:1b:12:40:cd:22:a0:ec:13:39:d8:aa:3f:63:
                    50:e6:f7:e1:7d:05:a7:c5:a9:89:50:46:d5:d9:f5:
                    95:69:88:c7:69:23:cc:38:fa:6f:49:9d:cb:a8:09:
                    74:7c:a8:21:3b:ef:c4:5a:ad:68:65:35:7c:83:79:
                    81:20:0a:dc:9a:75:4b:e8:cc:10:b1:a3:7f:ce:bf:
                    79:ca:64:08:d5:3b:d9:c3:3c:9d:9b:df:c9:c9:58:
                    d4:b9:12:da:19:3f:a4:aa:e9:2c:92:76:5d:21:fb:
                    c6:2e:44:00:44:7b:52:f7:49:35:43:26:21:b4:a0:
                    ef:a7:37:89:a9:5c:06:5f:dc:d7:01:10:6a:e8:67:
                    90:78:af:fc:3e:ef:ee:05:d0:b0:69:58:d6:eb:f6:
                    b3:36:0e:af:eb:2b:b8:92:48:24:f0:32:e1:32:45:
                    3c:14:14:84:31:42:fe:1c:ff:c6:63:70:52:8c:4c:
                    b0:65:59:07:1c:9b:23:23:8f:83:fb:a2:e0:68:d2:
                    86:84:d4:0c:bb:fc:3f:2a:9a:03:2d:1a:8d:e6:8f:
                    21:0c:a6:ea:56:e8:8b:ce:5f:e5:39:91:e1:49:50:
                    f6:fc:3a:64:60:2b:aa:f7:7c:fd:71:74:1f:bc:c3:
                    ce:a2:07:b5:a1:b5:28:c1:d9:98:b4:34:87:04:ef:
                    fc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:25:FF:82:50:6F:EC:6A:BC:4D:40:0F:37:4E:F8:77:61:62:5C:53
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/267d9a80-84ef-4441-a61a-743e56cb5be3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         4f:f0:ca:db:68:5b:ce:e0:cf:f7:b4:15:e1:eb:61:1c:f5:db:
         ce:b6:6d:38:2b:a8:16:74:25:32:88:d2:46:00:94:f0:75:0b:
         bc:9d:64:2d:1a:16:ea:c0:ca:fa:22:bf:4f:05:47:54:06:cd:
         1d:96:1a:5c:f9:d4:6d:04:dc:39:3e:9a:64:73:3d:8b:79:76:
         85:04:44:60:73:07:d2:88:fb:4f:d1:6b:32:e3:55:10:f3:9a:
         69:3a:79:d5:31:29:81:51:d6:52:9b:2a:3a:95:f2:ed:34:f8:
         3c:c6:8c:8a:88:47:94:43:b2:c0:d8:eb:0a:d6:30:bf:c4:c0:
         75:d0:68:f1:fa:2b:2f:9c:3c:78:9f:81:32:fc:67:35:67:82:
         f8:30:98:7d:3c:1f:45:90:7a:e8:fc:b5:80:86:37:b9:2a:9c:
         b8:26:86:08:e5:7c:17:64:bb:77:36:9a:89:d7:39:4d:97:20:
         d7:05:a3:2a:96:84:02:0a:c6:0d:98:a3:f3:0c:84:75:2e:de:
         72:d1:f7:52:42:27:00:0e:87:2f:fb:c3:83:27:9f:01:f2:bc:
         84:bd:84:4e:79:53:2b:32:0e:23:e6:6c:cf:5a:53:de:47:4a:
         e9:cd:a8:fa:c5:a1:67:19:8a:20:d0:0c:a3:c9:ef:96:28:d5:
         29:89:6a:d2
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUWTZXPxzTo4E/ybjcg4Ov0iZEHWAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIyMDAwMTAxWhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmODhjZWFmMzM3OTA5YTc1YTJiMWJkNjNjYmJkZjJiODcw
ZmJmMDE2YjJhMDJkNDY2YjNlMjFhZWZlZmI1OThjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpGxJAzSKg7BM52Ko/Y1Dm9+F9BafFqYlQRtXZ9ZVpiMdp
I8w4+m9JncuoCXR8qCE778RarWhlNXyDeYEgCtyadUvozBCxo3/Ov3nKZAjVO9nD
PJ2b38nJWNS5EtoZP6Sq6SySdl0h+8YuRABEe1L3STVDJiG0oO+nN4mpXAZf3NcB
EGroZ5B4r/w+7+4F0LBpWNbr9rM2Dq/rK7iSSCTwMuEyRTwUFIQxQv4c/8ZjcFKM
TLBlWQccmyMjj4P7ouBo0oaE1Ay7/D8qmgMtGo3mjyEMpupW6IvOX+U5keFJUPb8
OmRgK6r3fP1xdB+8w86iB7WhtSjB2Zi0NIcE7/yBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUWSX/glBv7Gq8TUAPN074d2FiXFMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI2N2Q5YTgwLTg0ZWYtNDQ0MS1hNjFhLTc0M2U1NmNiNWJlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/2NDANBgkqhkiG9w0BAQsFAAOCAQEAT/DK22hbzuDP97QV4ethHPXb
zrZtOCuoFnQlMojSRgCU8HULvJ1kLRoW6sDK+iK/TwVHVAbNHZYaXPnUbQTcOT6a
ZHM9i3l2hQREYHMH0oj7T9FrMuNVEPOaaTp51TEpgVHWUpsqOpXy7TT4PMaMiohH
lEOywNjrCtYwv8TAddBo8forL5w8eJ+BMvxnNWeC+DCYfTwfRZB66Py1gIY3uSqc
uCaGCOV8F2S7dzaaidc5TZcg1wWjKpaEAgrGDZij8wyEdS7ectH3UkInAA6HL/vD
gyefAfK8hL2ETnlTKzIOI+Zsz1pT3kdK6c2o+sWhZxmKINAMo8nvlijVKYlq0g==
-----END CERTIFICATE-----