Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47f6cffb-2076-405b-a4f0-644d56b8ae91.roa
File:                     47f6cffb-2076-405b-a4f0-644d56b8ae91.roa (raw, json)
Hash identifier:          +v9V0RAcAuermHPxjsU6os2utrsB+Wh0HXXHsxOoU9A=
Subject key identifier:   B9:BB:61:A1:8A:98:09:C4:C8:A5:3F:59:28:CB:C3:EE:D7:AB:8F:5E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       61ED249CB03CED72FF273DC47962AE6E2AE94A76
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47f6cffb-2076-405b-a4f0-644d56b8ae91.roa
Signing time:             Fri 28 Mar 2025 16:51:44 +0000
ROA not before:           Fri 28 Mar 2025 16:51:44 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1c::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:ed:24:9c:b0:3c:ed:72:ff:27:3d:c4:79:62:ae:6e:2a:e9:4a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:51:44 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d1:ec:78:52:6c:fb:31:78:c6:18:0d:cc:a6:
                    6e:b9:8f:f0:1a:7a:a2:a7:32:9a:85:8e:db:4f:b2:
                    a0:0a:3b:0e:43:28:4d:b0:04:aa:8e:f2:c3:4d:61:
                    b4:6a:20:b1:9f:68:c9:66:7e:cf:00:47:e9:67:7d:
                    ef:64:ae:89:29:a6:91:94:fc:1d:3d:77:63:08:aa:
                    63:f1:6e:12:35:91:1b:0f:af:71:ea:d0:76:f2:47:
                    cd:a0:f1:2b:5e:b4:e8:f8:af:cd:d5:8f:8f:41:fb:
                    53:ee:b7:01:b4:c3:d6:1c:6e:fd:96:75:c6:42:e7:
                    ae:77:80:80:03:fb:49:50:74:00:ed:d3:e2:dc:f0:
                    cb:3f:7e:d0:c8:7f:fb:fd:a5:c1:ba:84:74:87:02:
                    75:3a:7d:0f:c6:66:21:0f:6b:19:81:9c:bb:d3:f6:
                    b2:b1:ef:55:62:80:01:5d:58:2a:a6:a2:25:09:28:
                    79:a2:e3:c1:19:30:aa:b1:90:f2:b3:1e:f8:3d:4f:
                    4c:56:41:c6:76:1c:47:a7:af:1a:75:5b:d4:3a:d7:
                    26:52:3f:6e:89:78:50:55:3b:d0:cd:bf:fd:09:19:
                    cb:98:a0:08:d3:8c:e7:05:84:32:79:d4:51:d5:ad:
                    bd:94:d6:3c:6b:68:46:f6:c2:74:fd:be:14:ed:be:
                    b0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:BB:61:A1:8A:98:09:C4:C8:A5:3F:59:28:CB:C3:EE:D7:AB:8F:5E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47f6cffb-2076-405b-a4f0-644d56b8ae91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1c::/36

    Signature Algorithm: sha256WithRSAEncryption
         66:bd:bc:60:af:9a:43:b9:2a:45:c7:0d:c4:83:72:a7:b9:b7:
         6a:11:5f:75:04:55:03:6a:dc:34:cb:e0:df:b0:8f:86:61:9e:
         8b:76:1c:06:9b:e3:23:88:31:aa:33:7d:c2:7a:f6:b3:ed:c7:
         20:2d:1f:29:e6:9a:d6:f0:1b:87:49:e3:1f:84:44:67:28:2f:
         3f:5c:10:d0:7f:e5:86:cf:4f:d4:56:d1:b5:33:e3:08:2a:52:
         5b:d0:30:14:30:1e:f3:3b:d7:a6:a3:04:53:64:73:55:52:a4:
         eb:43:62:7e:41:ba:49:85:d8:cc:35:50:67:e2:48:41:7d:0f:
         97:ac:aa:cb:fc:6a:c6:ce:10:5a:8d:b4:67:2a:1d:d4:f2:ff:
         4e:95:16:27:3d:fe:6c:59:f3:59:54:a2:33:af:7f:66:df:93:
         a1:d4:d6:fa:28:91:24:1c:8c:95:12:74:da:fa:5f:38:06:bd:
         4b:17:8f:f4:08:30:b7:53:82:91:8f:2c:aa:32:1c:14:3f:e5:
         1c:af:26:bc:d8:ea:63:83:ae:6e:03:bd:9e:ba:85:3e:0d:c4:
         a1:99:67:77:74:39:45:bd:f6:ce:b4:ac:9b:da:6f:2b:ed:46:
         c4:9b:9f:56:fb:ea:50:fb:d3:cb:0f:a7:42:86:f6:82:45:34:
         e9:03:01:af
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUYe0knLA87XL/Jz3EeWKubirpSnYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTY1MTQ0WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNmI3NTUyNzg5ZmRmNDA4MmY3YzMyNjJmOTI4OWU3Njdj
ZjM5ODFkZjFkYzIzMWY2ZTVmNjFlZmQyZmZjYjdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC20ex4Umz7MXjGGA3Mpm65j/AaeqKnMpqFjttPsqAKOw5D
KE2wBKqO8sNNYbRqILGfaMlmfs8AR+lnfe9krokpppGU/B09d2MIqmPxbhI1kRsP
r3Hq0HbyR82g8StetOj4r83Vj49B+1PutwG0w9Ycbv2WdcZC5653gIAD+0lQdADt
0+Lc8Ms/ftDIf/v9pcG6hHSHAnU6fQ/GZiEPaxmBnLvT9rKx71VigAFdWCqmoiUJ
KHmi48EZMKqxkPKzHvg9T0xWQcZ2HEenrxp1W9Q61yZSP26JeFBVO9DNv/0JGcuY
oAjTjOcFhDJ51FHVrb2U1jxraEb2wnT9vhTtvrBvAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUubthoYqYCcTIpT9ZKMvD7terj14wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ3ZjZjZmZiLTIwNzYtNDA1Yi1hNGYwLTY0NGQ1NmI4YWU5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8cADANBgkqhkiG9w0BAQsFAAOCAQEAZr28YK+aQ7kqRccNxINyp7m3
ahFfdQRVA2rcNMvg37CPhmGei3YcBpvjI4gxqjN9wnr2s+3HIC0fKeaa1vAbh0nj
H4REZygvP1wQ0H/lhs9P1FbRtTPjCCpSW9AwFDAe8zvXpqMEU2RzVVKk60NifkG6
SYXYzDVQZ+JIQX0Pl6yqy/xqxs4QWo20Zyod1PL/TpUWJz3+bFnzWVSiM69/Zt+T
odTW+iiRJByMlRJ02vpfOAa9SxeP9Agwt1OCkY8sqjIcFD/lHK8mvNjqY4OubgO9
nrqFPg3EoZlnd3Q5Rb32zrSsm9pvK+1GxJufVvvqUPvTyw+nQob2gkU06QMBrw==
-----END CERTIFICATE-----