Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3737c628-e3b0-419b-8657-cac0cb71b30e.roa
File:                     3737c628-e3b0-419b-8657-cac0cb71b30e.roa (raw, json)
Hash identifier:          NPLe8De6YnAeUJdkJOSxjZKkvGbygoRnRB6Y0+M4gzk=
Subject key identifier:   7F:1A:6A:EE:2B:93:90:C8:B8:48:EB:4F:DC:EE:2B:76:80:D1:29:7C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6AFCA7E29358AB267D534FE4B04A58640B18A4BB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3737c628-e3b0-419b-8657-cac0cb71b30e.roa
Signing time:             Fri 28 Mar 2025 00:01:45 +0000
ROA not before:           Fri 28 Mar 2025 00:01:45 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:807f::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:fc:a7:e2:93:58:ab:26:7d:53:4f:e4:b0:4a:58:64:0b:18:a4:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:01:45 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:a8:e4:cb:4a:e6:85:9b:79:b6:a6:d0:79:
                    6a:2b:5b:f7:06:ea:32:75:93:17:c7:60:13:28:31:
                    6b:73:6c:c9:0f:29:55:48:49:99:eb:8e:f1:5e:6a:
                    07:4d:3d:07:c7:51:6f:c8:de:86:f6:aa:48:3e:5a:
                    6c:4c:26:7c:7a:6e:28:cc:57:5a:83:bd:e8:d5:df:
                    7a:9d:9f:6d:91:15:86:7d:1e:8b:cf:dc:c4:f4:08:
                    24:b0:e0:e6:ba:44:3f:f7:b3:5a:d1:75:49:84:3b:
                    47:58:6d:20:e5:e3:32:fe:cf:a5:4b:30:25:13:91:
                    ac:93:cc:cd:70:10:30:7d:c7:29:1d:a8:b0:76:c8:
                    b4:34:71:00:95:8a:9a:9c:c2:3d:9e:e7:e1:4f:2b:
                    48:d9:b8:cf:1d:28:8e:f6:eb:88:8e:f7:2b:42:0a:
                    e5:e7:a5:a2:0f:26:6c:c2:8f:da:bc:dd:95:07:b6:
                    4d:7d:e8:b9:83:39:70:b9:1d:88:7e:da:4e:58:b0:
                    a7:79:8c:27:eb:7c:1a:1d:ca:df:37:8b:f9:64:61:
                    79:79:e7:eb:8a:dd:e5:5a:a6:43:ba:d9:0e:18:1a:
                    e4:19:1d:3d:d6:c6:13:d8:ed:b8:48:ed:53:c6:af:
                    9e:1a:54:fd:a9:06:45:a6:00:6c:2c:b0:f8:5a:37:
                    ef:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:1A:6A:EE:2B:93:90:C8:B8:48:EB:4F:DC:EE:2B:76:80:D1:29:7C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3737c628-e3b0-419b-8657-cac0cb71b30e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:807f::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:6b:0f:67:1c:ca:3d:0a:91:9f:b9:3c:81:50:a8:2b:7b:2e:
         dc:dd:de:9f:d2:48:7e:25:f0:9f:b8:fa:69:53:f8:3a:8e:be:
         cc:17:9c:3a:62:ae:74:ca:01:bf:be:18:72:09:66:14:61:b8:
         95:eb:40:c8:c9:d5:a7:90:20:09:32:00:8e:1d:6a:a8:4f:b0:
         57:a4:bf:01:aa:4b:d7:ff:a3:26:6b:13:91:39:bb:6d:c2:ba:
         eb:88:9a:6a:af:8a:20:f9:94:25:7f:ae:36:ea:20:06:dc:41:
         8f:25:ce:26:a9:6a:b8:7e:ae:55:22:a0:fe:5a:cc:45:69:f4:
         3b:ba:d4:e3:cc:22:bd:5f:eb:98:31:90:44:12:43:97:59:23:
         c5:b2:6f:ce:83:ff:5b:bf:09:5c:c4:b8:d8:2b:0d:76:f4:22:
         58:44:08:f3:eb:bb:17:61:98:0c:20:86:87:0b:1a:a9:dc:00:
         59:87:d2:70:67:ae:1b:f2:56:89:52:ff:c6:43:62:05:82:ba:
         5c:87:fa:98:6d:ee:a6:39:0f:ed:26:2f:33:e9:4f:7c:e9:95:
         27:d9:a8:ef:44:9b:c0:cc:72:fc:68:5d:d7:5d:c9:67:ca:57:
         35:41:df:bf:11:c0:11:e4:22:24:6b:4e:e0:73:49:a5:c2:cc:
         1f:c6:97:75
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUavyn4pNYqyZ9U0/ksEpYZAsYpLswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAwMTQ1WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmRjNzkzYWUxNzQzOGVlMDc4NmViNjc2ZDMwZjVkZmEx
YzEwYWNlM2ZiYjUxMTM0NjI4ODVhN2ExODg5NjgzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7Cajky0rmhZt5tqbQeWorW/cG6jJ1kxfHYBMoMWtzbMkP
KVVISZnrjvFeagdNPQfHUW/I3ob2qkg+WmxMJnx6bijMV1qDvejV33qdn22RFYZ9
HovP3MT0CCSw4Oa6RD/3s1rRdUmEO0dYbSDl4zL+z6VLMCUTkayTzM1wEDB9xykd
qLB2yLQ0cQCVipqcwj2e5+FPK0jZuM8dKI7264iO9ytCCuXnpaIPJmzCj9q83ZUH
tk196LmDOXC5HYh+2k5YsKd5jCfrfBodyt83i/lkYXl55+uK3eVapkO62Q4YGuQZ
HT3WxhPY7bhI7VPGr54aVP2pBkWmAGwssPhaN+/vAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUfxpq7iuTkMi4SOtP3O4rdoDRKXwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM3MzdjNjI4LWUzYjAtNDE5Yi04NjU3LWNhYzBjYjcxYjMwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gH8wDQYJKoZIhvcNAQELBQADggEBAJhrD2ccyj0KkZ+5PIFQqCt7
Ltzd3p/SSH4l8J+4+mlT+DqOvswXnDpirnTKAb++GHIJZhRhuJXrQMjJ1aeQIAky
AI4daqhPsFekvwGqS9f/oyZrE5E5u23CuuuImmqviiD5lCV/rjbqIAbcQY8lziap
arh+rlUioP5azEVp9Du61OPMIr1f65gxkEQSQ5dZI8Wyb86D/1u/CVzEuNgrDXb0
IlhECPPruxdhmAwghocLGqncAFmH0nBnrhvyVolS/8ZDYgWCulyH+pht7qY5D+0m
LzPpT3zplSfZqO9Em8DMcvxoXdddyWfKVzVB378RwBHkIiRrTuBzSaXCzB/Gl3U=
-----END CERTIFICATE-----