Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b48c916-3858-4b00-8e15-9c902a1cc973.roa
File:                     9b48c916-3858-4b00-8e15-9c902a1cc973.roa (raw, json)
Hash identifier:          CctSzRkUcIEWrv/ZS3vkDf7WDBqxW/2VrwDv7ku8YqU=
Subject key identifier:   41:D5:8A:A3:15:8A:D5:0E:CE:B3:84:DA:E8:0E:C6:64:A6:87:75:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4CC4A84702635439F16A250DA59D69EC87265D60
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b48c916-3858-4b00-8e15-9c902a1cc973.roa
Signing time:             Fri 28 Mar 2025 00:30:22 +0000
ROA not before:           Fri 28 Mar 2025 00:30:22 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:6080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:c4:a8:47:02:63:54:39:f1:6a:25:0d:a5:9d:69:ec:87:26:5d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:30:22 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:67:2c:18:f3:cf:a2:35:21:0d:f8:a2:51:61:
                    ab:48:ce:7f:8c:80:9c:2a:cc:e2:c7:5e:80:8f:76:
                    d0:b9:ce:eb:78:8d:b7:e2:c7:39:69:54:3e:d3:d9:
                    55:56:b1:03:23:89:ad:82:91:82:b5:41:2c:9c:65:
                    b5:36:df:d4:98:4d:17:61:f9:78:4f:7b:a7:94:76:
                    82:c3:8b:bd:a1:01:f1:7a:0b:de:76:df:0c:18:b5:
                    ab:7c:fe:7e:f2:e5:4e:d2:bf:34:ec:0b:26:cb:62:
                    f7:f3:ed:80:d9:4b:09:e8:82:73:f4:cf:d5:0e:01:
                    8a:28:9a:89:bd:3c:fe:13:bd:35:3e:cb:64:ad:a4:
                    5f:34:fa:b7:86:f2:4a:20:fb:c8:6d:6c:43:f5:ff:
                    2a:47:63:7d:80:03:07:32:56:52:26:48:16:87:02:
                    b3:39:2e:44:81:42:20:b3:cb:2a:6f:be:38:fa:2b:
                    b1:5b:80:77:a0:18:5a:db:05:53:fa:93:e4:43:f4:
                    b0:e2:42:fa:f5:d6:62:50:16:d1:73:ac:ad:59:28:
                    f7:9c:c4:74:02:5d:20:fb:70:34:04:3e:7d:de:cb:
                    f8:cd:f3:84:8c:39:07:a1:c7:ef:17:4d:5f:09:af:
                    ab:00:be:3b:ae:34:51:ac:73:45:78:43:c9:32:ad:
                    b6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D5:8A:A3:15:8A:D5:0E:CE:B3:84:DA:E8:0E:C6:64:A6:87:75:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b48c916-3858-4b00-8e15-9c902a1cc973.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:6080::/48

    Signature Algorithm: sha256WithRSAEncryption
         d4:b0:cd:73:d6:92:6d:e8:c3:f2:23:ba:6b:84:fc:67:0c:03:
         c0:c3:fe:ec:7b:37:aa:5e:7b:fe:6b:dc:77:c4:19:f7:c9:fe:
         58:99:cc:5b:51:45:be:a8:46:f2:38:c0:a1:0a:16:05:8b:d6:
         ad:96:f0:75:44:09:34:ac:63:21:c3:b3:67:bd:9d:94:de:31:
         61:18:dc:9a:84:9d:d6:13:4b:2c:a5:f1:42:4e:e3:8e:ad:60:
         a4:6d:f9:b9:6e:c6:2b:8b:e5:65:fb:7d:fb:c9:57:6d:a7:c6:
         5d:1b:2b:9d:22:94:26:d8:c9:e8:23:d5:46:db:60:d8:5e:35:
         67:d1:a2:b8:8a:f6:88:c9:2d:b7:80:05:4d:fe:bd:21:a8:98:
         62:51:71:23:06:08:45:06:4f:43:92:31:92:9c:9f:78:5a:4a:
         b9:7e:d1:92:74:7e:07:34:15:bb:50:7a:99:db:51:f2:16:43:
         f1:32:75:24:95:8a:75:21:f1:f3:c5:2c:5d:2a:ab:6c:ea:d2:
         07:2a:a6:03:44:69:28:8b:54:07:dd:97:5e:98:4f:53:de:a6:
         2b:91:39:9e:68:72:39:95:ba:41:57:cc:78:ca:ef:dc:55:7d:
         03:a5:23:4f:dc:b5:a0:25:38:5e:35:aa:1c:c7:65:50:95:84:
         b4:94:7d:57
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTMSoRwJjVDnxaiUNpZ1p7IcmXWAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAzMDIyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTAxZmQ1ZWViYWM0ZjMyMGFiNTczODdmMzFiOWQ4Y2Iw
MDJiMDliYTMxOTZjNTgxM2Y0Y2E2NTYwOTdiZjA1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlZywY88+iNSEN+KJRYatIzn+MgJwqzOLHXoCPdtC5zut4
jbfixzlpVD7T2VVWsQMjia2CkYK1QSycZbU239SYTRdh+XhPe6eUdoLDi72hAfF6
C9523wwYtat8/n7y5U7SvzTsCybLYvfz7YDZSwnognP0z9UOAYoomom9PP4TvTU+
y2StpF80+reG8kog+8htbEP1/ypHY32AAwcyVlImSBaHArM5LkSBQiCzyypvvjj6
K7FbgHegGFrbBVP6k+RD9LDiQvr11mJQFtFzrK1ZKPecxHQCXSD7cDQEPn3ey/jN
84SMOQehx+8XTV8Jr6sAvjuuNFGsc0V4Q8kyrbYfAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUQdWKoxWK1Q7Os4Ta6A7GZKaHdcMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliNDhjOTE2LTM4NTgtNGIwMC04ZTE1LTljOTAyYTFjYzk3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hYIAwDQYJKoZIhvcNAQELBQADggEBANSwzXPWkm3ow/IjumuE/GcM
A8DD/ux7N6pee/5r3HfEGffJ/liZzFtRRb6oRvI4wKEKFgWL1q2W8HVECTSsYyHD
s2e9nZTeMWEY3JqEndYTSyyl8UJO446tYKRt+bluxiuL5WX7ffvJV22nxl0bK50i
lCbYyegj1UbbYNheNWfRoriK9ojJLbeABU3+vSGomGJRcSMGCEUGT0OSMZKcn3ha
Srl+0ZJ0fgc0FbtQepnbUfIWQ/EydSSVinUh8fPFLF0qq2zq0gcqpgNEaSiLVAfd
l16YT1PepiuROZ5ocjmVukFXzHjK79xVfQOlI0/ctaAlOF41qhzHZVCVhLSUfVc=
-----END CERTIFICATE-----