Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db5e928-de62-49bc-a803-dc9b3ce29b28.roa
File:                     2db5e928-de62-49bc-a803-dc9b3ce29b28.roa (raw, json)
Hash identifier:          54mhVtS87Jigo1nDcorrnMbt7thqoJyDWk9VLZdq31M=
Subject key identifier:   3D:68:31:95:F3:8C:AC:4F:0C:D6:1A:C6:53:A5:C6:BA:0B:0B:E9:1F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F349862F074447FFF68C8D4F576F04FE234510B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db5e928-de62-49bc-a803-dc9b3ce29b28.roa
Signing time:             Fri 28 Mar 2025 00:20:13 +0000
ROA not before:           Fri 28 Mar 2025 00:20:13 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:60c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:34:98:62:f0:74:44:7f:ff:68:c8:d4:f5:76:f0:4f:e2:34:51:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:20:13 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0a:f4:1c:a5:97:b2:b7:7a:d8:81:02:ba:66:
                    1c:f8:21:61:c6:71:44:ce:27:e1:a7:e2:ea:9d:66:
                    4c:5d:31:9f:9e:41:3b:90:e2:21:11:78:d1:12:e3:
                    e2:a4:54:ba:30:76:1d:35:1f:16:24:67:36:9b:fb:
                    a5:db:bb:ff:df:61:2a:ca:f7:de:1d:7a:60:5c:44:
                    18:70:78:f0:8d:39:cd:67:31:79:07:2b:d5:31:82:
                    b3:c0:d4:9f:c4:d0:5d:94:f7:8f:bd:e9:59:81:b1:
                    b8:3f:1c:7a:ae:f1:d2:2f:a9:56:ec:cb:40:77:97:
                    6c:f1:dc:21:82:25:89:04:fd:f1:1f:9f:e7:65:f8:
                    8c:9a:e3:4e:e5:cb:83:db:86:3a:44:33:d9:44:aa:
                    94:26:fc:a3:35:d2:81:4f:8b:fd:ec:62:9a:15:56:
                    f8:0e:ee:25:36:49:7f:d4:19:80:f0:7a:11:f8:2a:
                    3e:56:e5:3e:d4:c6:a7:56:4c:40:47:ad:e1:4a:e5:
                    38:22:43:55:83:ee:bd:7f:ad:de:d8:c2:7d:2e:8c:
                    77:61:4f:52:0e:fd:70:3c:4b:da:af:af:d9:c8:b5:
                    d0:3b:f9:be:e6:7a:e8:0e:85:85:5d:9c:a2:37:1f:
                    e9:2a:b3:21:dc:ce:05:8f:12:45:c2:7e:60:1c:95:
                    ba:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:68:31:95:F3:8C:AC:4F:0C:D6:1A:C6:53:A5:C6:BA:0B:0B:E9:1F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db5e928-de62-49bc-a803-dc9b3ce29b28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:60c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:7f:bb:69:02:d0:d7:41:f2:d2:b3:76:b2:68:38:5a:85:e9:
         1f:64:45:39:72:0b:29:56:7e:d4:b2:c8:2b:d4:dc:e4:17:98:
         86:cf:72:14:3f:f1:44:33:67:78:32:8d:30:1c:cc:43:6c:85:
         22:4e:32:68:4e:5a:dd:96:08:86:3b:15:8f:c3:8b:08:fe:2c:
         28:bd:0e:c8:7a:f4:07:29:53:1c:15:8f:45:f9:a1:8d:fb:a1:
         30:02:2a:3d:72:d8:ab:1f:1b:3b:88:9f:8e:94:06:5e:65:74:
         f4:a4:6a:a5:40:47:f9:ab:3d:ac:bd:40:c8:5d:c4:71:4b:eb:
         43:cc:7e:c6:d6:43:0a:7f:e7:4f:3f:08:31:54:6d:1a:8a:b2:
         33:92:d0:1b:f0:e5:42:6d:55:60:76:bd:f9:47:77:50:68:cf:
         a3:13:e4:37:dc:a7:d8:af:1f:c9:e3:5d:a6:e1:0b:73:a7:08:
         42:95:58:3c:1f:da:32:de:3a:0a:f1:b5:47:16:51:7e:f5:b7:
         a7:42:7e:b3:02:fe:8b:56:08:5f:cf:1c:86:cc:d5:65:96:c9:
         4d:f3:c2:43:1e:aa:eb:ab:9e:e6:52:df:12:8a:5a:54:fc:5b:
         9a:86:92:9b:4f:a5:c7:fa:01:fe:05:a6:37:6c:79:a7:2d:10:
         32:8f:40:6c
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUDzSYYvB0RH//aMjU9XbwT+I0UQswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAyMDEzWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxM2UyMWY3YmNkODJiNDYxODIzYTYwMGNiOWE2MjcyMTMx
ZDg4N2FmNDcxMzc4NDI0ZTFjOTkyYzA0NjFmZTE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbCvQcpZeyt3rYgQK6Zhz4IWHGcUTOJ+Gn4uqdZkxdMZ+e
QTuQ4iEReNES4+KkVLowdh01HxYkZzab+6Xbu//fYSrK994demBcRBhwePCNOc1n
MXkHK9UxgrPA1J/E0F2U94+96VmBsbg/HHqu8dIvqVbsy0B3l2zx3CGCJYkE/fEf
n+dl+Iya407ly4PbhjpEM9lEqpQm/KM10oFPi/3sYpoVVvgO7iU2SX/UGYDwehH4
Kj5W5T7UxqdWTEBHreFK5TgiQ1WD7r1/rd7Ywn0ujHdhT1IO/XA8S9qvr9nItdA7
+b7meugOhYVdnKI3H+kqsyHczgWPEkXCfmAclbrhAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUPWgxlfOMrE8M1hrGU6XGugsL6R8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkYjVlOTI4LWRlNjItNDliYy1hODAzLWRjOWIzY2UyOWIyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84YMAwDQYJKoZIhvcNAQELBQADggEBACV/u2kC0NdB8tKzdrJoOFqF
6R9kRTlyCylWftSyyCvU3OQXmIbPchQ/8UQzZ3gyjTAczENshSJOMmhOWt2WCIY7
FY/Diwj+LCi9Dsh69AcpUxwVj0X5oY37oTACKj1y2KsfGzuIn46UBl5ldPSkaqVA
R/mrPay9QMhdxHFL60PMfsbWQwp/508/CDFUbRqKsjOS0Bvw5UJtVWB2vflHd1Bo
z6MT5Dfcp9ivH8njXabhC3OnCEKVWDwf2jLeOgrxtUcWUX71t6dCfrMC/otWCF/P
HIbM1WWWyU3zwkMequurnuZS3xKKWlT8W5qGkptPpcf6Af4FpjdseactEDKPQGw=
-----END CERTIFICATE-----