Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c225948-4cbc-4292-a9e7-f8ad88042cfe.roa
File:                     4c225948-4cbc-4292-a9e7-f8ad88042cfe.roa (raw, json)
Hash identifier:          ndsVZHfmVD3UM3ijtYIz+s0zi9dNLfYTMg1WgIx7s5k=
Subject key identifier:   8D:EE:27:90:A0:7D:C4:27:43:2B:FE:09:C7:73:17:85:E3:15:55:E0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       214D390E5CB2188CFA82454D565A41651B978DA6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c225948-4cbc-4292-a9e7-f8ad88042cfe.roa
Signing time:             Fri 28 Mar 2025 15:11:22 +0000
ROA not before:           Fri 28 Mar 2025 15:11:22 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f69:7440::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:4d:39:0e:5c:b2:18:8c:fa:82:45:4d:56:5a:41:65:1b:97:8d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:11:22 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7c:07:df:b0:41:b8:1b:da:cf:21:91:f2:c2:
                    f8:d2:4e:5f:6b:29:f1:0b:c2:5d:0d:e7:3a:4e:a7:
                    df:d6:37:f5:24:1d:39:81:eb:49:14:5f:66:24:e5:
                    d2:89:b8:22:bc:75:b1:8c:bf:df:68:bd:36:e1:c0:
                    aa:92:d4:68:90:ad:e8:1c:05:47:44:4d:7a:ee:a8:
                    c3:90:78:1c:86:80:b9:82:da:ed:26:29:96:c8:e3:
                    29:63:50:94:ec:7e:42:ba:a0:da:56:2e:06:5c:22:
                    df:3a:13:1a:8d:1b:68:6d:47:ee:61:f8:02:ab:9e:
                    ea:b6:94:3b:b0:61:79:61:4d:48:b2:b1:2e:8c:2d:
                    5c:2f:27:df:ed:a5:00:d6:21:4a:ca:90:fa:d7:fc:
                    92:64:29:0e:a2:cf:6c:e5:e1:11:ae:7f:2d:74:0c:
                    2e:89:e1:78:de:e3:6a:b4:f2:fb:0d:83:ac:2b:24:
                    2d:04:f7:33:b1:cc:c6:8e:85:05:7c:e6:63:fa:6c:
                    d2:d1:a1:7c:a5:ee:95:67:9f:59:a0:cc:30:84:35:
                    af:f9:47:d3:3d:8b:23:ab:26:5c:25:66:7f:be:4d:
                    f7:6c:48:9c:45:f3:61:7f:e3:9b:ad:b4:a2:f8:77:
                    5c:34:8c:37:54:e5:2b:85:09:e5:ac:f1:0a:08:3f:
                    7f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:EE:27:90:A0:7D:C4:27:43:2B:FE:09:C7:73:17:85:E3:15:55:E0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c225948-4cbc-4292-a9e7-f8ad88042cfe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:7440::/46

    Signature Algorithm: sha256WithRSAEncryption
         a6:1d:fb:fd:4c:80:7e:35:33:16:7f:b5:63:e7:d5:c9:6b:83:
         1f:31:f6:28:2a:ad:6e:32:d2:f4:de:aa:49:f9:17:7f:88:2f:
         c8:23:44:b9:eb:ec:7d:f7:a6:34:19:3e:88:9b:62:40:c2:2b:
         a6:a9:16:1c:16:dd:5b:e1:79:00:45:79:f0:63:98:8c:c3:1c:
         d2:66:76:8f:b1:53:e2:2e:77:2d:16:56:23:3b:e5:26:80:24:
         d8:53:5e:dd:e6:f2:82:55:de:40:98:14:8e:0e:55:ff:e3:ca:
         ee:ce:c0:76:ae:3b:91:8c:cf:14:ec:0e:b3:08:fa:10:b9:1d:
         f0:a6:ac:0c:b2:85:5d:d7:54:d5:11:a0:e0:03:a6:6d:e3:66:
         36:af:c0:47:db:b2:c8:57:5e:86:e4:0e:31:10:7c:f5:91:ea:
         5f:b6:1c:39:92:8d:4c:f5:5f:72:d5:c8:f0:94:51:19:39:dd:
         3a:82:88:86:93:c8:12:b7:de:72:04:f8:84:cc:d1:03:54:b4:
         27:b0:be:da:04:66:dd:6c:1e:40:f2:86:58:0d:b7:c1:26:d9:
         41:df:f8:4e:0d:e8:d2:5a:99:5a:39:c4:03:5b:6a:ff:47:a3:
         a9:63:86:ae:80:0d:c1:67:f9:d8:df:73:14:39:75:4a:83:fc:
         37:7d:cc:ec
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUIU05DlyyGIz6gkVNVlpBZRuXjaYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTUxMTIyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDYwOWQ1MzYwZWIzZmIwMWFmZmNkZGQxNjRiNTk3NWU3
ZGZkNzNjMmI5ZWVhNTBkOTYwZGFjMGQyN2E2YjZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+fAffsEG4G9rPIZHywvjSTl9rKfELwl0N5zpOp9/WN/Uk
HTmB60kUX2Yk5dKJuCK8dbGMv99ovTbhwKqS1GiQregcBUdETXruqMOQeByGgLmC
2u0mKZbI4yljUJTsfkK6oNpWLgZcIt86ExqNG2htR+5h+AKrnuq2lDuwYXlhTUiy
sS6MLVwvJ9/tpQDWIUrKkPrX/JJkKQ6iz2zl4RGufy10DC6J4Xje42q08vsNg6wr
JC0E9zOxzMaOhQV85mP6bNLRoXyl7pVnn1mgzDCENa/5R9M9iyOrJlwlZn++Tfds
SJxF82F/45uttKL4d1w0jDdU5SuFCeWs8QoIP3+FAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUje4nkKB9xCdDK/4Jx3MXheMVVeAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjMjI1OTQ4LTRjYmMtNDI5Mi1hOWU3LWY4YWQ4ODA0MmNmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB9pdEAwDQYJKoZIhvcNAQELBQADggEBAKYd+/1MgH41MxZ/tWPn1clr
gx8x9igqrW4y0vTeqkn5F3+IL8gjRLnr7H33pjQZPoibYkDCK6apFhwW3VvheQBF
efBjmIzDHNJmdo+xU+Iudy0WViM75SaAJNhTXt3m8oJV3kCYFI4OVf/jyu7OwHau
O5GMzxTsDrMI+hC5HfCmrAyyhV3XVNURoOADpm3jZjavwEfbsshXXobkDjEQfPWR
6l+2HDmSjUz1X3LVyPCUURk53TqCiIaTyBK33nIE+ITM0QNUtCewvtoEZt1sHkDy
hlgNt8Em2UHf+E4N6NJamVo5xANbav9Ho6ljhq6ADcFn+djfcxQ5dUqD/Dd9zOw=
-----END CERTIFICATE-----