Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ce31dd6-63e9-43c4-84fd-4bfdad505bc1.roa
File:                     3ce31dd6-63e9-43c4-84fd-4bfdad505bc1.roa (raw, json)
Hash identifier:          7RzaNpvWG0CZZ6Pg0S1fSXcFy/P4n4fMHjKVCzZKJIE=
Subject key identifier:   2C:C1:21:9F:35:0E:F3:04:00:D9:3F:D2:E5:E5:7D:B4:70:29:D9:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       372D180F3E1020C78C006CF152FE018C276B57EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ce31dd6-63e9-43c4-84fd-4bfdad505bc1.roa
Signing time:             Fri 21 Mar 2025 00:11:42 +0000
ROA not before:           Fri 21 Mar 2025 00:11:42 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:2d:18:0f:3e:10:20:c7:8c:00:6c:f1:52:fe:01:8c:27:6b:57:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 21 00:11:42 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1c:8e:6e:4c:a2:1b:7d:f9:74:a6:4b:67:b6:
                    26:f8:08:8d:6c:a4:c2:6b:e8:54:59:a7:48:10:a9:
                    69:de:d3:39:d6:06:b6:97:4c:be:6c:28:83:c1:6f:
                    39:07:cc:5c:1c:df:81:87:f0:5d:bf:31:6e:8f:7c:
                    98:67:f4:fd:9f:f9:27:89:0f:d6:63:8c:4d:26:e7:
                    79:40:cf:16:b2:64:b4:12:05:0d:88:e8:89:07:35:
                    e4:2c:d2:cd:d1:e6:d0:52:c0:28:b5:52:73:de:dd:
                    15:73:3a:b2:6a:d1:94:10:55:eb:49:71:25:41:f9:
                    71:17:4a:bf:91:2d:84:73:2e:da:51:77:56:52:d4:
                    0b:22:59:04:49:16:b0:f2:15:53:15:9a:5e:70:df:
                    80:5c:8d:fa:7d:b9:ea:d1:67:00:0b:cf:06:24:6d:
                    f3:60:39:36:74:20:c4:3c:7d:02:7c:fe:51:b2:f1:
                    7d:2e:5a:3c:b4:bd:e3:a5:3b:3b:ec:eb:f6:48:36:
                    a4:a0:e7:e0:49:8b:a3:b3:d3:e7:5f:8b:e9:c1:b0:
                    a3:fd:d7:15:73:f2:aa:f4:11:34:20:a8:cd:4a:c6:
                    6b:9a:c9:bc:24:04:fa:3c:db:43:2e:9b:7a:37:e7:
                    94:71:71:0e:f3:c5:df:12:01:20:d4:eb:99:0a:dd:
                    5d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C1:21:9F:35:0E:F3:04:00:D9:3F:D2:E5:E5:7D:B4:70:29:D9:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ce31dd6-63e9-43c4-84fd-4bfdad505bc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:42:f4:1f:ea:17:d3:7e:14:46:50:22:13:05:a2:42:12:6e:
         71:b7:6f:df:54:4e:41:20:cc:2d:9d:b5:7b:00:ff:c4:b0:3f:
         0f:6a:ad:8c:07:8a:9e:82:42:90:11:ba:ab:63:79:2b:a2:79:
         e2:43:10:f5:7b:66:44:23:92:d8:56:f8:24:f7:b9:a8:10:c2:
         15:6c:f9:c3:2f:75:cc:a7:bd:ce:bf:41:d7:4d:f5:7c:a5:80:
         f8:2f:34:44:ef:ad:9d:94:c4:48:79:61:12:ed:d4:cf:a4:0e:
         5b:4b:a2:5e:66:3c:0f:c6:23:af:39:de:bc:85:6c:a9:a5:7f:
         11:c3:7a:1f:39:47:e9:25:e0:2c:3b:1e:63:28:6b:32:ff:cd:
         46:9d:42:57:6f:87:d1:0e:76:3e:6f:68:5e:18:0c:b4:61:27:
         57:3b:e8:0b:fa:91:cc:bd:24:ff:20:32:53:83:25:b5:fb:ba:
         46:11:b4:88:50:94:68:1d:ca:3d:09:b0:73:f4:f3:38:67:ab:
         77:f0:73:f7:aa:a3:bd:de:97:dd:f6:7b:b6:26:90:96:ec:1a:
         ff:b9:c4:23:44:97:19:1b:c7:9d:45:4f:9a:2c:6a:f8:f9:9d:
         e3:fe:8b:0f:f9:df:e1:9d:99:73:76:12:e9:bf:a3:30:6b:e2:
         7d:36:9e:04
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUNy0YDz4QIMeMAGzxUv4BjCdrV+owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzIxMDAxMTQyWhcNMjUwNDI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYTQ5YTAzNTY3NDVmMWE3MWJjM2JkZGRiNTJmNzU3ZGFh
Zjk2MjA4ZDJhMDFhYzM1ZjVjZGIzMGFhYjNmYWI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGHI5uTKIbffl0pktntib4CI1spMJr6FRZp0gQqWne0znW
BraXTL5sKIPBbzkHzFwc34GH8F2/MW6PfJhn9P2f+SeJD9ZjjE0m53lAzxayZLQS
BQ2I6IkHNeQs0s3R5tBSwCi1UnPe3RVzOrJq0ZQQVetJcSVB+XEXSr+RLYRzLtpR
d1ZS1AsiWQRJFrDyFVMVml5w34Bcjfp9uerRZwALzwYkbfNgOTZ0IMQ8fQJ8/lGy
8X0uWjy0veOlOzvs6/ZINqSg5+BJi6Oz0+dfi+nBsKP91xVz8qr0ETQgqM1Kxmua
ybwkBPo820Mum3o355RxcQ7zxd8SASDU65kK3V35AgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQULMEhnzUO8wQA2T/S5eV9tHAp2UYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjZTMxZGQ2LTYzZTktNDNjNC04NGZkLTRiZmRhZDUwNWJjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB9gMA0GCSqGSIb3DQEBCwUAA4IBAQA7QvQf6hfTfhRGUCITBaJCEm5x
t2/fVE5BIMwtnbV7AP/EsD8Paq2MB4qegkKQEbqrY3kronniQxD1e2ZEI5LYVvgk
97moEMIVbPnDL3XMp73Ov0HXTfV8pYD4LzRE762dlMRIeWES7dTPpA5bS6JeZjwP
xiOvOd68hWyppX8Rw3ofOUfpJeAsOx5jKGsy/81GnUJXb4fRDnY+b2heGAy0YSdX
O+gL+pHMvST/IDJTgyW1+7pGEbSIUJRoHco9CbBz9PM4Z6t38HP3qqO93pfd9nu2
JpCW7Br/ucQjRJcZG8edRU+aLGr4+Z3j/osP+d/hnZlzdhLpv6Mwa+J9Np4E
-----END CERTIFICATE-----