Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7419d2ee-2427-43b6-9ca9-28d71e26bb32.roa
File:                     7419d2ee-2427-43b6-9ca9-28d71e26bb32.roa (raw, json)
Hash identifier:          XUblx2OklNqdSsPlkUTXCHDarAfWTaFQ1WgF78CMQBc=
Subject key identifier:   7C:CA:0C:2E:1C:E9:4A:39:DA:50:2D:51:D4:35:4B:36:4B:05:B6:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2885E0A5C2A1AA9DBA4AE0CA99499432A5441868
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7419d2ee-2427-43b6-9ca9-28d71e26bb32.roa
Signing time:             Fri 28 Mar 2025 15:40:55 +0000
ROA not before:           Fri 28 Mar 2025 15:40:55 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffb:74c0::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:85:e0:a5:c2:a1:aa:9d:ba:4a:e0:ca:99:49:94:32:a5:44:18:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:40:55 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a3:30:34:59:53:d3:bb:58:e7:30:21:f8:fb:
                    96:ab:08:94:0f:94:ed:9f:d5:65:c2:0d:3f:27:72:
                    5f:8b:ef:a9:b2:1b:03:5e:1f:64:05:af:5d:db:d5:
                    cb:e9:fa:13:00:d1:5b:85:3e:87:d7:9e:6e:24:67:
                    a4:67:fa:88:1e:a1:f2:37:08:33:19:52:b5:a2:a5:
                    5a:56:52:bc:1c:f9:b7:db:45:04:26:e1:3d:9c:1f:
                    8d:ef:04:77:96:16:3e:7e:f5:c1:21:f1:cc:c2:81:
                    80:95:48:96:84:de:b4:7c:8e:48:a7:d0:ff:35:28:
                    23:ab:c0:e7:1d:d2:04:2f:d7:c2:5e:b2:90:0d:d1:
                    5e:82:6a:fc:73:8c:7e:a6:ea:9d:e3:74:ca:30:bc:
                    61:56:e4:db:a4:a0:58:dc:7a:f4:82:9d:e0:4d:ad:
                    c5:d6:82:af:df:8d:ad:b1:46:63:65:ef:d6:a1:d0:
                    4d:3c:a6:75:aa:47:55:49:f3:1c:fd:d3:f0:7c:ed:
                    60:35:27:ee:07:7f:95:7b:38:75:b3:45:fc:fa:27:
                    1c:3a:c4:0f:65:25:27:43:14:cc:fd:82:61:2b:76:
                    94:7f:0c:c2:3b:3a:62:48:8e:8a:da:7f:15:6b:9d:
                    f7:08:e6:76:f7:90:af:b7:3e:52:c9:3f:a8:a7:c1:
                    9a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:CA:0C:2E:1C:E9:4A:39:DA:50:2D:51:D4:35:4B:36:4B:05:B6:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7419d2ee-2427-43b6-9ca9-28d71e26bb32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:74c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         d9:67:50:be:98:c1:16:39:e2:6c:ee:21:cb:f4:83:94:c6:11:
         c2:91:e5:4b:ca:a7:b1:71:2b:2f:e1:85:a3:65:41:91:07:12:
         12:51:1b:03:5f:a8:88:6b:c7:07:8f:d1:2d:b8:a1:5a:6c:a1:
         95:ee:4a:f5:f4:23:36:b4:f0:30:a2:74:c0:7a:3e:48:54:d8:
         5e:c2:7b:72:c2:bc:5f:23:69:42:2f:a4:33:bf:33:a7:3f:02:
         8e:43:30:97:11:b9:67:d7:8d:20:21:64:8a:b5:9c:3d:11:a9:
         05:c1:e4:1f:0b:9f:27:91:a2:99:3c:ce:8e:be:b9:f0:2f:5c:
         5b:ef:ae:58:85:76:be:eb:c5:70:b0:7c:fc:a7:b7:02:61:e3:
         5f:0c:9d:28:66:b6:66:46:f0:cf:cd:85:71:6d:fb:f6:ee:79:
         67:6d:04:2e:a5:03:ca:ae:32:ad:36:e0:d1:5c:65:0b:a2:3b:
         0e:ff:68:e6:0c:87:8d:a8:21:a3:d6:85:5f:78:0a:64:27:88:
         c3:56:1a:d7:4e:b6:15:0d:44:86:f2:e5:f9:fb:eb:7b:5a:c7:
         1c:62:3e:f6:c3:e3:d5:1d:a4:ed:80:dd:cb:1e:e2:68:49:f3:
         e6:48:f5:f2:69:3b:24:ff:b7:e0:f5:a1:ef:0d:5a:8a:5a:ee:
         ad:cd:5f:01
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKIXgpcKhqp26SuDKmUmUMqVEGGgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTU0MDU1WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjOTExNTdjM2VkYWYwYWRmYzY4NzI2M2E2N2EwYjUxZDBh
ODA2Y2UzMjdiYTY3NjZmZTdhODUzZTYzMjgxNjY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwozA0WVPTu1jnMCH4+5arCJQPlO2f1WXCDT8ncl+L76my
GwNeH2QFr13b1cvp+hMA0VuFPofXnm4kZ6Rn+ogeofI3CDMZUrWipVpWUrwc+bfb
RQQm4T2cH43vBHeWFj5+9cEh8czCgYCVSJaE3rR8jkin0P81KCOrwOcd0gQv18Je
spAN0V6CavxzjH6m6p3jdMowvGFW5NukoFjcevSCneBNrcXWgq/fja2xRmNl79ah
0E08pnWqR1VJ8xz90/B87WA1J+4Hf5V7OHWzRfz6Jxw6xA9lJSdDFMz9gmErdpR/
DMI7OmJIjorafxVrnfcI5nb3kK+3PlLJP6inwZrVAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUfMoMLhzpSjnaUC1R1DVLNksFticwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc0MTlkMmVlLTI0MjctNDNiNi05Y2E5LTI4ZDcxZTI2YmIzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/7dMAwDQYJKoZIhvcNAQELBQADggEBANlnUL6YwRY54mzuIcv0g5TG
EcKR5UvKp7FxKy/hhaNlQZEHEhJRGwNfqIhrxweP0S24oVpsoZXuSvX0Iza08DCi
dMB6PkhU2F7Ce3LCvF8jaUIvpDO/M6c/Ao5DMJcRuWfXjSAhZIq1nD0RqQXB5B8L
nyeRopk8zo6+ufAvXFvvrliFdr7rxXCwfPyntwJh418MnShmtmZG8M/NhXFt+/bu
eWdtBC6lA8quMq024NFcZQuiOw7/aOYMh42oIaPWhV94CmQniMNWGtdOthUNRIby
5fn763taxxxiPvbD49UdpO2A3cse4mhJ8+ZI9fJpOyT/t+D1oe8NWopa7q3NXwE=
-----END CERTIFICATE-----