Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c8ec433-58d1-4ff2-8444-25e303ae721c.roa
File:                     2c8ec433-58d1-4ff2-8444-25e303ae721c.roa (raw, json)
Hash identifier:          5X55pbjUqYMoLYJaWUdpDIXUM7+82RcN2knBLJZML3w=
Subject key identifier:   30:3B:46:C0:B3:22:37:7D:CF:B1:DE:68:DC:66:7E:F6:A1:0A:DF:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FFC066AE88677197C60F8C819CE8A38B1EBF4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c8ec433-58d1-4ff2-8444-25e303ae721c.roa
Signing time:             Fri 28 Mar 2025 00:50:16 +0000
ROA not before:           Fri 28 Mar 2025 00:50:16 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:4060::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:fc:06:6a:e8:86:77:19:7c:60:f8:c8:19:ce:8a:38:b1:eb:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:50:16 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3f:e3:31:4c:10:17:5d:93:c5:cf:91:36:be:
                    b4:ca:9e:6e:d9:ea:d9:ec:39:51:c4:2c:b8:37:65:
                    3f:2c:f7:c6:ed:b7:53:0e:ff:01:1d:87:de:76:2f:
                    b0:96:c6:67:12:54:12:74:e7:a3:92:44:83:83:ae:
                    b7:0f:5d:b8:00:63:f7:3c:31:ed:ea:53:4d:3d:c2:
                    0d:15:82:8f:33:17:79:62:f2:39:a7:f4:75:34:2b:
                    e6:b4:32:95:be:95:f4:d5:30:d8:3e:f5:82:af:98:
                    be:79:c9:fb:a2:4e:34:a6:8f:18:7e:e2:c6:0d:2c:
                    5e:08:38:fb:ce:f0:d9:77:5e:f5:77:42:3a:0a:c3:
                    84:3d:9b:d7:78:79:15:e8:ac:7d:3c:07:5c:a3:90:
                    15:f7:5f:d7:8c:83:d6:c0:7c:59:72:73:66:ef:3d:
                    f8:f5:4f:e9:81:f7:64:aa:cf:39:df:12:1d:42:dc:
                    0a:44:04:76:c3:c9:b8:ba:51:e1:a2:16:4f:f2:3a:
                    ea:be:81:3f:95:6d:b6:9a:ab:9d:f0:82:34:7b:a1:
                    2c:2a:0b:02:e7:0e:76:be:67:34:2c:71:bb:12:bb:
                    4f:1c:92:5b:62:0a:04:92:7e:ba:c3:b4:54:51:75:
                    a3:1e:c2:05:36:e4:d3:17:08:9b:e5:ee:6f:d4:cc:
                    38:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3B:46:C0:B3:22:37:7D:CF:B1:DE:68:DC:66:7E:F6:A1:0A:DF:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c8ec433-58d1-4ff2-8444-25e303ae721c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:4060::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:75:2d:b2:f3:4d:38:e9:db:6a:c9:4d:4d:57:bb:de:f5:24:
         15:01:d3:82:10:62:a8:c7:b6:55:7e:41:14:53:67:aa:f3:03:
         0d:b5:0d:e3:00:1d:96:73:d2:ba:15:71:da:86:91:b2:7c:64:
         7d:ce:67:fa:20:85:1c:bc:c6:51:ca:9b:9a:87:79:a4:bf:3b:
         1c:15:48:bc:43:28:9e:e0:5f:9e:00:ef:db:ad:8e:38:12:4b:
         83:7d:73:68:f3:62:dc:28:7f:88:c3:03:08:a7:45:3a:f2:31:
         ee:80:7f:49:76:7f:60:71:86:ce:48:85:f8:1e:9f:37:0c:aa:
         6a:1a:5b:04:af:42:db:58:04:2c:4f:bf:29:ac:10:4c:a4:5d:
         58:fd:19:b5:10:34:0f:a1:1b:07:d2:95:15:2c:d6:b4:75:63:
         1b:1a:14:28:a8:09:b9:20:36:51:6b:d4:e7:85:d0:a8:04:21:
         e6:14:a8:6e:f5:06:f3:d3:ff:23:23:e2:fe:a1:27:32:dc:39:
         16:f0:c4:1f:5e:5c:e6:f3:c6:26:e4:19:3d:a3:89:51:56:1c:
         37:fc:f0:19:c5:da:8e:f1:8c:f9:56:99:a1:3a:a8:01:ab:ac:
         ad:d4:2e:a2:be:52:c4:a0:17:2b:89:41:3e:9d:24:1a:e8:01:
         b1:bc:55:31
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgITL/wGauiGdxl8YPjIGc6KOLHr9DANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTAzMjgwMDUwMTZaFw0yNTA1MDIyMzU5NTla
MHoxSTBHBgNVBAUTQDFhNzJlZGUzZTRiYzE5N2JjYTJkM2E0MzM1MjkzMDY3Yjdi
YjE5OWE1ZGVhNThjM2RiZGIyOTQ1ODg4NDVkMDUxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKM/4zFMEBddk8XPkTa+tMqebtnq2ew5UcQsuDdlPyz3xu23
Uw7/AR2H3nYvsJbGZxJUEnTno5JEg4Outw9duABj9zwx7epTTT3CDRWCjzMXeWLy
Oaf0dTQr5rQylb6V9NUw2D71gq+YvnnJ+6JONKaPGH7ixg0sXgg4+87w2Xde9XdC
OgrDhD2b13h5FeisfTwHXKOQFfdf14yD1sB8WXJzZu89+PVP6YH3ZKrPOd8SHULc
CkQEdsPJuLpR4aIWT/I66r6BP5VttpqrnfCCNHuhLCoLAucOdr5nNCxxuxK7TxyS
W2IKBJJ+usO0VFF1ox7CBTbk0xcIm+Xub9TMOOsCAwEAAaOCArQwggKwMB0GA1Ud
DgQWBBQwO0bAsyI3fc+x3mjcZn72oQrf9jAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvMmM4ZWM0MzMtNThkMS00ZmYyLTg0NDQtMjVlMzAzYWU3MjFjLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACYAHwBAYDANBgkqhkiG9w0BAQsFAAOCAQEAS3UtsvNNOOnbaslNTVe73vUk
FQHTghBiqMe2VX5BFFNnqvMDDbUN4wAdlnPSuhVx2oaRsnxkfc5n+iCFHLzGUcqb
mod5pL87HBVIvEMonuBfngDv262OOBJLg31zaPNi3Ch/iMMDCKdFOvIx7oB/SXZ/
YHGGzkiF+B6fNwyqahpbBK9C21gELE+/KawQTKRdWP0ZtRA0D6EbB9KVFSzWtHVj
GxoUKKgJuSA2UWvU54XQqAQh5hSobvUG89P/IyPi/qEnMtw5FvDEH15c5vPGJuQZ
PaOJUVYcN/zwGcXajvGM+VaZoTqoAausrdQuor5SxKAXK4lBPp0kGugBsbxVMQ==
-----END CERTIFICATE-----