Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f7e061b-ce73-4723-ae0d-5ea7afa3bea5.roa
File:                     9f7e061b-ce73-4723-ae0d-5ea7afa3bea5.roa (raw, json)
Hash identifier:          Cq1mEEKDQDEUc3Dyrcv5JzCSHdhBYTqX8+eeJkb5JUI=
Subject key identifier:   8B:49:6B:EC:4E:E3:AD:94:EA:7C:CC:98:C4:49:EC:9E:0F:0C:D3:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4BF1DA2B0454EAFC880DA8473EEEDF1299947DD0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f7e061b-ce73-4723-ae0d-5ea7afa3bea5.roa
Signing time:             Tue 25 Mar 2025 18:01:04 +0000
ROA not before:           Tue 25 Mar 2025 18:01:04 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:4040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:f1:da:2b:04:54:ea:fc:88:0d:a8:47:3e:ee:df:12:99:94:7d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 25 18:01:04 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5b:8b:ad:62:18:d8:ec:a7:1a:6d:c8:77:f1:
                    4b:c5:49:3e:a6:8a:cc:ff:89:e9:25:a3:b4:a0:a4:
                    b3:ae:36:d8:eb:15:60:ad:b1:eb:9b:da:cb:91:56:
                    f6:aa:d8:bc:9f:ef:73:ca:e2:a6:91:a2:c5:d9:61:
                    78:ea:fa:1e:41:42:12:5d:d5:96:07:d0:43:eb:8b:
                    ea:f6:c7:57:34:1b:da:00:54:a1:95:7e:79:54:e7:
                    95:80:97:46:6f:8a:84:30:b9:7e:1a:56:56:a9:a2:
                    15:c0:4e:9e:b9:11:c8:92:51:9c:16:d7:a4:38:52:
                    c8:17:58:a3:c0:68:a9:d5:df:04:96:ac:ea:28:e0:
                    64:73:c8:77:3e:ab:f9:45:58:c2:ab:aa:42:b4:66:
                    0e:59:5b:5f:3e:bf:a7:66:90:ea:74:98:07:d8:ae:
                    85:60:9f:55:32:f0:1b:d5:83:03:7e:b1:6b:d2:ef:
                    e9:a1:8e:57:a9:ee:7f:a8:c3:7b:86:32:ff:cb:5e:
                    49:fa:43:6d:1e:52:a4:c2:f4:a5:26:db:85:1f:95:
                    bf:e7:8b:25:cc:8f:82:d2:16:ab:3a:6c:1f:67:db:
                    69:76:07:43:da:90:a4:cd:fb:79:f6:30:87:e5:80:
                    05:66:95:99:46:be:52:79:5a:73:b7:b2:2e:0b:98:
                    c0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:49:6B:EC:4E:E3:AD:94:EA:7C:CC:98:C4:49:EC:9E:0F:0C:D3:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f7e061b-ce73-4723-ae0d-5ea7afa3bea5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:4040::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:8f:a7:fa:64:10:a5:fb:7e:d8:10:6e:95:85:66:b3:b4:37:
         38:e4:95:69:05:e1:4e:0e:01:11:6b:49:e0:0d:8b:df:82:a5:
         22:95:01:90:49:c2:4c:70:82:ba:87:1b:85:6f:6d:3d:f9:fd:
         a5:07:38:cb:90:36:0e:cb:cd:7b:3b:d2:54:d8:ec:ef:3a:53:
         5a:0c:65:61:65:31:42:90:92:3d:9e:38:ad:b3:f1:d3:ae:90:
         22:88:09:3a:e9:da:0f:1f:57:c4:75:28:25:69:a1:71:ea:d2:
         71:db:37:f6:87:71:1b:f5:51:ae:18:15:a3:a7:6b:f1:8a:d6:
         23:ff:61:5e:08:bc:1b:12:5b:1d:79:51:64:86:df:ca:61:5b:
         cc:50:7a:fa:51:ba:25:91:ab:31:a4:fa:75:c8:53:2c:33:dc:
         b4:ae:fa:19:59:4c:7c:b7:97:27:82:2b:8a:7a:ed:ac:e6:b0:
         fc:d2:d3:b2:44:52:59:7a:f5:3a:29:32:3b:02:30:a3:cc:30:
         88:23:70:05:93:b0:8e:f8:de:e7:72:ed:e1:91:3e:b8:42:f9:
         a9:5d:93:5b:23:c7:a5:93:78:dc:ec:89:02:b1:0e:b4:51:33:
         54:a6:67:53:25:0e:3c:42:dd:5b:5c:b2:5f:04:a6:7c:6a:b0:
         9f:6b:95:66
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUS/HaKwRU6vyIDahHPu7fEpmUfdAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI1MTgwMTA0WhcNMjUwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzgxNmM3MzljZDJjOTUzMjY4ZGMwNThjNTcyNjQ5Y2I1
YWFmNDIwZjZiN2E2OTFhM2NlZDBhYTQzOTc4M2Q5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6W4utYhjY7Kcabch38UvFST6misz/ieklo7SgpLOuNtjr
FWCtseub2suRVvaq2Lyf73PK4qaRosXZYXjq+h5BQhJd1ZYH0EPri+r2x1c0G9oA
VKGVfnlU55WAl0ZvioQwuX4aVlapohXATp65EciSUZwW16Q4UsgXWKPAaKnV3wSW
rOoo4GRzyHc+q/lFWMKrqkK0Zg5ZW18+v6dmkOp0mAfYroVgn1Uy8BvVgwN+sWvS
7+mhjlep7n+ow3uGMv/LXkn6Q20eUqTC9KUm24Uflb/niyXMj4LSFqs6bB9n22l2
B0PakKTN+3n2MIflgAVmlZlGvlJ5WnO3si4LmMC5AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUi0lr7E7jrZTqfMyYxEnsng8M05AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmN2UwNjFiLWNlNzMtNDcyMy1hZTBkLTVlYTdhZmEzYmVhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84QEAwDQYJKoZIhvcNAQELBQADggEBAI6Pp/pkEKX7ftgQbpWFZrO0
NzjklWkF4U4OARFrSeANi9+CpSKVAZBJwkxwgrqHG4VvbT35/aUHOMuQNg7LzXs7
0lTY7O86U1oMZWFlMUKQkj2eOK2z8dOukCKICTrp2g8fV8R1KCVpoXHq0nHbN/aH
cRv1Ua4YFaOna/GK1iP/YV4IvBsSWx15UWSG38phW8xQevpRuiWRqzGk+nXIUywz
3LSu+hlZTHy3lyeCK4p67azmsPzS07JEUll69TopMjsCMKPMMIgjcAWTsI743udy
7eGRPrhC+aldk1sjx6WTeNzsiQKxDrRRM1SmZ1MlDjxC3Vtcsl8EpnxqsJ9rlWY=
-----END CERTIFICATE-----