Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5988892c-5d54-4e98-a5b0-3a2691a42a24.roa
File:                     5988892c-5d54-4e98-a5b0-3a2691a42a24.roa (raw, json)
Hash identifier:          /C/6amiKmiaQMUZMeW10B8hGwPyoGMbyLr6Snvq6InI=
Subject key identifier:   61:B1:67:89:9C:3B:EE:A5:6D:78:7F:DC:7F:BC:BB:7D:5A:F8:4E:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6644AFF3050A393FB3219E2E3C52D579AD437D3A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5988892c-5d54-4e98-a5b0-3a2691a42a24.roa
Signing time:             Fri 28 Mar 2025 00:41:55 +0000
ROA not before:           Fri 28 Mar 2025 00:41:55 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:74c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:44:af:f3:05:0a:39:3f:b3:21:9e:2e:3c:52:d5:79:ad:43:7d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:41:55 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ef:18:1b:de:a6:57:ff:22:3c:e7:07:55:29:
                    d1:e8:16:7b:48:de:2c:75:05:75:38:b9:24:4f:ca:
                    d5:39:8f:bd:91:1a:99:58:21:d3:f3:2c:47:ae:77:
                    37:8f:ea:5a:cb:51:74:5f:d6:dd:4b:f2:14:0c:22:
                    a2:b8:9e:c5:f5:7a:52:45:a6:28:31:52:99:6d:1a:
                    ec:0c:63:eb:6f:a5:fb:58:7c:f4:12:13:82:d7:32:
                    db:2d:d2:84:ab:96:46:5d:cd:f8:26:f6:44:0d:ae:
                    d7:5e:7d:f1:46:73:23:10:d2:64:fc:81:ae:ed:b8:
                    b0:a5:c7:98:fc:f0:00:26:3d:fe:57:2f:37:e6:5e:
                    90:be:81:1b:70:28:6e:89:16:e5:3c:24:c4:49:5e:
                    ad:0e:68:b2:b4:be:5d:3c:df:3f:b9:a2:60:d1:31:
                    7c:ce:0a:bd:5b:44:d0:17:72:4f:4f:60:3b:d6:c4:
                    70:39:83:9f:44:e5:24:b8:a0:21:32:b8:59:5f:e7:
                    a5:9f:fc:b8:6f:8a:6f:40:61:00:19:48:f4:b2:57:
                    84:36:09:90:bb:26:81:58:1a:4b:0f:c2:a5:da:ef:
                    bc:40:45:8e:44:b5:78:2a:9d:1d:67:aa:ad:cf:18:
                    c2:01:bd:2b:9b:f4:56:c1:a3:1c:d6:8c:c0:22:1d:
                    cc:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B1:67:89:9C:3B:EE:A5:6D:78:7F:DC:7F:BC:BB:7D:5A:F8:4E:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5988892c-5d54-4e98-a5b0-3a2691a42a24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:74c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:39:46:4a:76:e9:74:50:13:27:6a:23:9c:97:64:40:a8:11:
         36:b7:21:cc:94:b7:08:2a:76:d5:17:06:c6:88:70:d4:cc:f5:
         ba:57:79:f2:a9:f7:14:45:d1:43:69:ec:d9:54:b3:c5:ca:19:
         fc:f2:0a:9e:fe:d5:36:8e:ee:d2:f3:d8:e5:96:77:9c:ae:34:
         55:02:07:59:3f:d5:6f:7a:0d:3e:f6:f4:51:e3:5b:13:e7:26:
         15:f9:61:05:1c:73:a9:c5:05:83:a9:e6:e9:8f:45:0f:da:42:
         62:76:18:59:8c:92:39:ee:b2:a1:8b:a0:6b:14:68:99:ff:b8:
         70:35:49:e2:8e:f2:36:49:6d:44:fa:f6:2d:d7:fa:19:4d:61:
         27:7a:c3:92:22:d7:b8:2f:d4:b5:b0:52:94:e8:c4:19:b9:7d:
         eb:e8:63:a3:8e:fb:4d:4f:00:e4:bf:83:8a:83:bb:c9:66:c0:
         c9:c3:19:c0:77:af:53:2b:48:3b:47:83:b3:01:d0:d2:cc:58:
         aa:46:1a:87:44:12:06:2d:9e:87:b9:9d:1c:35:30:e8:9e:c6:
         44:d6:ad:ca:13:2c:03:27:96:98:c7:3f:9e:43:a1:d7:d3:6e:
         c2:0e:98:8b:76:91:d3:22:f1:3f:3e:45:3d:37:fa:43:17:17:
         7c:5d:0a:3a
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUZkSv8wUKOT+zIZ4uPFLVea1DfTowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDA0MTU1WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2M2E3MTcyZDc4NTAzZjkzMDA3MmJjMmI4ZTU4ZjY1NTUw
YTBiZDA2N2YyZDkzZmQxZGRkYjczYTNhOWE3ODljMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDN7xgb3qZX/yI85wdVKdHoFntI3ix1BXU4uSRPytU5j72R
GplYIdPzLEeudzeP6lrLUXRf1t1L8hQMIqK4nsX1elJFpigxUpltGuwMY+tvpftY
fPQSE4LXMtst0oSrlkZdzfgm9kQNrtdeffFGcyMQ0mT8ga7tuLClx5j88AAmPf5X
LzfmXpC+gRtwKG6JFuU8JMRJXq0OaLK0vl083z+5omDRMXzOCr1bRNAXck9PYDvW
xHA5g59E5SS4oCEyuFlf56Wf/Lhvim9AYQAZSPSyV4Q2CZC7JoFYGksPwqXa77xA
RY5EtXgqnR1nqq3PGMIBvSub9FbBoxzWjMAiHcxpAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUYbFniZw77qVteH/cf7y7fVr4TgwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5ODg4OTJjLTVkNTQtNGU5OC1hNWIwLTNhMjY5MWE0MmEyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AdMAwDQYJKoZIhvcNAQELBQADggEBADw5Rkp26XRQEydqI5yXZECo
ETa3IcyUtwgqdtUXBsaIcNTM9bpXefKp9xRF0UNp7NlUs8XKGfzyCp7+1TaO7tLz
2OWWd5yuNFUCB1k/1W96DT729FHjWxPnJhX5YQUcc6nFBYOp5umPRQ/aQmJ2GFmM
kjnusqGLoGsUaJn/uHA1SeKO8jZJbUT69i3X+hlNYSd6w5Ii17gv1LWwUpToxBm5
fevoY6OO+01PAOS/g4qDu8lmwMnDGcB3r1MrSDtHg7MB0NLMWKpGGodEEgYtnoe5
nRw1MOiexkTWrcoTLAMnlpjHP55DodfTbsIOmIt2kdMi8T8+RT03+kMXF3xdCjo=
-----END CERTIFICATE-----