Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/402c7a3a-8627-4d6d-9145-42e2b1f544cb.roa
File:                     402c7a3a-8627-4d6d-9145-42e2b1f544cb.roa (raw, json)
Hash identifier:          I65YVwTzdTp2Dtup1ZpGclVG1/BbYFVxBy4/JHVwDmo=
Subject key identifier:   5F:62:85:B3:1B:C6:DB:5A:C2:BF:31:F4:76:C4:42:3C:EC:AA:C2:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B58C1BB01D3B45A9F7A6A6013B09D8941AC1C89
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/402c7a3a-8627-4d6d-9145-42e2b1f544cb.roa
Signing time:             Fri 28 Mar 2025 15:01:59 +0000
ROA not before:           Fri 28 Mar 2025 15:01:59 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:7400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:58:c1:bb:01:d3:b4:5a:9f:7a:6a:60:13:b0:9d:89:41:ac:1c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:01:59 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:60:49:00:16:bb:78:dd:22:8c:da:d6:e2:92:
                    ec:63:9a:dc:03:25:a5:7d:42:15:2f:64:79:8a:11:
                    f3:6a:a9:1b:99:2f:34:1f:47:cb:8b:a0:af:89:81:
                    da:09:f4:85:83:48:ae:b4:54:12:ac:98:ef:af:79:
                    62:6d:ed:df:fc:c9:48:01:7c:f8:7c:cd:81:d3:e7:
                    80:56:44:f9:6f:3f:f6:a4:01:0c:c7:73:a1:d7:00:
                    c1:4f:94:3b:f3:2b:70:83:cc:ac:74:54:55:01:0f:
                    98:4c:97:3b:f2:1f:f7:77:89:60:28:81:ef:00:b0:
                    80:b7:01:af:f8:d1:89:d9:2c:6d:e9:59:f8:f4:53:
                    76:f2:e2:3f:24:5b:d5:8f:8c:84:17:27:8d:fd:3a:
                    28:dc:04:7e:ce:88:3b:fb:e7:40:15:d7:0a:ad:16:
                    a0:31:87:ed:ed:8f:b4:04:46:8a:c3:8e:ac:b0:5a:
                    a4:f4:01:52:e1:91:07:a7:f4:bb:6a:7a:25:d9:69:
                    71:62:be:1e:09:c5:b9:56:cb:01:fb:ce:e2:30:b3:
                    ab:34:22:82:ae:9a:02:df:7e:7f:83:df:7a:14:62:
                    6c:c3:e1:72:9f:50:84:a9:63:40:7f:59:36:18:e4:
                    71:7c:74:7c:66:b9:d3:e1:db:bc:e1:73:40:a2:8a:
                    2b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:62:85:B3:1B:C6:DB:5A:C2:BF:31:F4:76:C4:42:3C:EC:AA:C2:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/402c7a3a-8627-4d6d-9145-42e2b1f544cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         5f:70:6d:93:b4:a4:1f:e6:c3:0b:cb:a6:b6:a9:48:0d:ec:4e:
         9e:61:02:d6:ac:81:66:6f:53:a3:35:f2:0f:fc:2b:44:00:c8:
         fa:2c:94:2f:6c:98:52:36:de:50:0f:92:01:4a:e0:41:48:77:
         8b:19:26:5b:e4:be:9f:ae:f0:3f:08:94:e5:3f:3b:4c:c6:a5:
         04:59:7e:0b:2b:70:39:0e:b5:e8:55:3b:c9:83:7d:e8:a0:3f:
         00:50:5d:4a:70:02:c6:e1:75:d7:76:f7:1f:75:5e:5e:50:01:
         6d:81:bf:8c:ca:ee:3a:17:f5:fa:67:fc:cf:31:e0:55:d0:bf:
         f8:a4:67:d2:b5:86:83:ef:c3:2c:6e:f7:81:f5:b1:32:25:41:
         d5:5c:b7:e8:87:9b:0c:a1:63:6b:cc:5c:be:9f:54:29:e2:4d:
         e2:b0:50:61:79:49:ec:d0:a7:4a:db:91:36:e7:55:85:3c:6e:
         2c:a8:b5:28:f2:ff:79:be:70:c7:3b:18:88:27:42:40:3a:f7:
         79:40:68:87:db:dc:3e:2e:cb:66:12:41:71:71:df:78:93:d9:
         33:63:ef:4d:01:c3:b4:40:92:ea:4a:08:7e:75:a0:c8:fa:03:
         e7:9f:28:e0:b4:68:cf:8a:f9:46:20:82:c2:f5:b1:32:30:e3:
         0f:64:14:84
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUW1jBuwHTtFqfempgE7CdiUGsHIkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTUwMTU5WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjY2NTZhMmQ2YjIyYTViOTY3ZjJmMTg0NWZjZmI3MGM1
N2RjMDM2MTNmYzUxOWRkNzJhZjFmZmI4ZTY3ZWQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLYEkAFrt43SKM2tbikuxjmtwDJaV9QhUvZHmKEfNqqRuZ
LzQfR8uLoK+JgdoJ9IWDSK60VBKsmO+veWJt7d/8yUgBfPh8zYHT54BWRPlvP/ak
AQzHc6HXAMFPlDvzK3CDzKx0VFUBD5hMlzvyH/d3iWAoge8AsIC3Aa/40YnZLG3p
Wfj0U3by4j8kW9WPjIQXJ439OijcBH7OiDv750AV1wqtFqAxh+3tj7QERorDjqyw
WqT0AVLhkQen9LtqeiXZaXFivh4JxblWywH7zuIws6s0IoKumgLffn+D33oUYmzD
4XKfUISpY0B/WTYY5HF8dHxmudPh27zhc0CiiiurAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUX2KFsxvG21rCvzH0dsRCPOyqwkMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQwMmM3YTNhLTg2MjctNGQ2ZC05MTQ1LTQyZTJiMWY1NDRjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/ydDANBgkqhkiG9w0BAQsFAAOCAQEAX3Btk7SkH+bDC8umtqlIDexO
nmEC1qyBZm9TozXyD/wrRADI+iyUL2yYUjbeUA+SAUrgQUh3ixkmW+S+n67wPwiU
5T87TMalBFl+CytwOQ616FU7yYN96KA/AFBdSnACxuF113b3H3VeXlABbYG/jMru
Ohf1+mf8zzHgVdC/+KRn0rWGg+/DLG73gfWxMiVB1Vy36IebDKFja8xcvp9UKeJN
4rBQYXlJ7NCnStuRNudVhTxuLKi1KPL/eb5wxzsYiCdCQDr3eUBoh9vcPi7LZhJB
cXHfeJPZM2PvTQHDtECS6koIfnWgyPoD558o4LRoz4r5RiCCwvWxMjDjD2QUhA==
-----END CERTIFICATE-----