Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34dc4c52-43f8-48b7-973b-e597eb697f23.roa
File:                     34dc4c52-43f8-48b7-973b-e597eb697f23.roa (raw, json)
Hash identifier:          lS2uoGH96bBXSFckQZbcTfDoorF+E0yhhhiQQB3WjpA=
Subject key identifier:   9C:34:4A:D3:81:81:52:34:21:81:11:6C:F1:11:63:12:19:73:3E:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B7F18E2590F237E4316BEF37E4BDEC824F9AA93
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34dc4c52-43f8-48b7-973b-e597eb697f23.roa
Signing time:             Tue 25 Mar 2025 17:00:17 +0000
ROA not before:           Tue 25 Mar 2025 17:00:17 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:8080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:7f:18:e2:59:0f:23:7e:43:16:be:f3:7e:4b:de:c8:24:f9:aa:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 25 17:00:17 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bd:df:c1:4d:4e:06:e6:24:01:be:c2:eb:b6:
                    10:72:d3:f0:04:14:b0:d3:95:c8:ea:9a:8c:bd:5f:
                    41:30:8a:e6:dd:9b:e1:a0:50:91:e9:5f:79:d9:89:
                    b2:a0:91:d1:a7:41:a9:ae:20:ea:a2:e3:98:81:d8:
                    56:31:7c:80:88:0f:16:d7:a8:9b:05:18:ca:5d:34:
                    cb:9a:2c:16:9c:1d:8f:37:ab:26:da:ea:1d:b0:aa:
                    fd:03:bb:93:f0:bb:f4:04:29:95:38:a5:1f:7c:b0:
                    b5:72:8a:5c:de:4c:d7:8f:6d:f1:74:31:fb:04:ea:
                    45:51:33:3b:af:f8:c8:40:d2:f7:8f:21:7a:af:5c:
                    4b:93:98:d8:8e:32:ba:48:68:e2:9a:92:ca:ba:19:
                    b2:08:36:45:63:7b:5f:a4:71:c9:48:46:7f:21:49:
                    56:76:ad:97:a5:09:43:c1:ed:c0:3d:d4:b8:f4:6d:
                    0e:5b:5c:c2:9b:ee:6e:6b:9b:a7:37:71:b4:f2:15:
                    ad:22:d2:93:d2:f5:cb:22:56:1a:b5:7b:0f:ba:de:
                    90:e0:10:aa:52:ae:8b:a1:8f:e3:59:2d:13:b3:2a:
                    4e:42:f6:1e:7b:f1:88:b0:cc:53:f6:54:35:68:2c:
                    bd:87:de:ba:48:a2:d5:32:61:dd:2c:e7:b2:ff:26:
                    3c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:34:4A:D3:81:81:52:34:21:81:11:6C:F1:11:63:12:19:73:3E:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34dc4c52-43f8-48b7-973b-e597eb697f23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:8080::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:d6:42:08:5d:4a:55:6d:4c:bf:dd:47:bc:8e:b9:6e:7a:38:
         99:52:93:d2:97:da:64:24:fb:04:44:59:cd:fc:ca:f4:49:cf:
         c0:52:c1:80:eb:fc:b8:90:b2:b3:dc:95:fb:ef:67:43:89:b0:
         50:86:a6:d3:50:99:ca:6b:80:e9:e8:e6:68:27:53:97:1e:79:
         8b:09:35:82:54:62:4a:e0:5c:8d:51:d4:08:45:df:0e:00:1a:
         42:38:41:3f:12:ee:32:7a:f8:3f:ae:d6:3a:ac:c8:53:b8:1c:
         24:19:bc:b5:89:15:e2:c0:57:f6:cc:50:50:87:9e:5e:8f:3c:
         d3:90:bb:47:e0:4d:50:5c:9a:f5:d0:40:87:9c:b8:9f:67:50:
         6e:f4:90:fd:47:68:5d:96:ff:d3:b2:48:b8:06:c4:2c:0f:42:
         61:25:db:b5:38:38:6b:7b:46:08:9c:1b:b5:9a:5b:ca:02:62:
         9b:d0:4a:0f:46:a5:69:b1:34:76:48:20:9d:40:ff:af:e7:5d:
         e5:90:e2:84:17:d9:b0:87:d9:6f:5e:19:c3:b8:06:a3:da:59:
         45:4e:53:53:0e:f6:dd:34:de:68:c3:08:2e:33:37:c9:ef:be:
         81:cd:34:98:4e:8e:53:fd:61:eb:23:22:6a:db:e7:bb:b4:2c:
         c9:ae:b3:65
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUG38Y4lkPI35DFr7zfkveyCT5qpMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI1MTcwMDE3WhcNMjUwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YWMzNzhhYzJkYTUxNGQwMjhjNjE4NjYxNWUxMTMzNzU2
NWNkZGU2OGMwZmNmZDA1NDAzMTY3MzU3ZmJjYzU1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCovd/BTU4G5iQBvsLrthBy0/AEFLDTlcjqmoy9X0Ewiubd
m+GgUJHpX3nZibKgkdGnQamuIOqi45iB2FYxfICIDxbXqJsFGMpdNMuaLBacHY83
qyba6h2wqv0Du5Pwu/QEKZU4pR98sLVyilzeTNePbfF0MfsE6kVRMzuv+MhA0veP
IXqvXEuTmNiOMrpIaOKaksq6GbIINkVje1+kcclIRn8hSVZ2rZelCUPB7cA91Lj0
bQ5bXMKb7m5rm6c3cbTyFa0i0pPS9csiVhq1ew+63pDgEKpSrouhj+NZLROzKk5C
9h578YiwzFP2VDVoLL2H3rpIotUyYd0s57L/JjwNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUnDRK04GBUjQhgRFs8RFjEhlzPnswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0ZGM0YzUyLTQzZjgtNDhiNy05NzNiLWU1OTdlYjY5N2YyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84gIAwDQYJKoZIhvcNAQELBQADggEBAFnWQghdSlVtTL/dR7yOuW56
OJlSk9KX2mQk+wREWc38yvRJz8BSwYDr/LiQsrPclfvvZ0OJsFCGptNQmcprgOno
5mgnU5ceeYsJNYJUYkrgXI1R1AhF3w4AGkI4QT8S7jJ6+D+u1jqsyFO4HCQZvLWJ
FeLAV/bMUFCHnl6PPNOQu0fgTVBcmvXQQIecuJ9nUG70kP1HaF2W/9OySLgGxCwP
QmEl27U4OGt7RgicG7WaW8oCYpvQSg9GpWmxNHZIIJ1A/6/nXeWQ4oQX2bCH2W9e
GcO4BqPaWUVOU1MO9t003mjDCC4zN8nvvoHNNJhOjlP9YesjImrb57u0LMmus2U=
-----END CERTIFICATE-----