Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2360110-885d-4b32-b87d-dc39fd9d8c91.roa
File:                     a2360110-885d-4b32-b87d-dc39fd9d8c91.roa (raw, json)
Hash identifier:          RwxLIjXbNcAiYX1HWeTU6eLISTdzBJFymkZ7aUxEB9A=
Subject key identifier:   BF:A5:DF:BE:0F:D4:DF:CF:4B:3E:D3:44:DA:D6:3A:05:82:8A:4D:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       052706B8A09796F9C50A29378F2C078A29CBAE77
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2360110-885d-4b32-b87d-dc39fd9d8c91.roa
Signing time:             Fri 28 Mar 2025 16:10:27 +0000
ROA not before:           Fri 28 Mar 2025 16:10:27 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffb:a4c0::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:27:06:b8:a0:97:96:f9:c5:0a:29:37:8f:2c:07:8a:29:cb:ae:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:10:27 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5a:72:f0:82:b7:c2:ec:e5:99:e3:21:9c:94:
                    e0:a7:c5:68:b2:80:c7:bc:c7:39:cc:4a:4c:eb:cf:
                    9b:16:2b:c7:de:95:cd:4d:a1:5a:f4:a6:2d:a6:b6:
                    95:1f:79:c4:b0:3f:a7:90:12:c8:49:bb:ca:a3:2b:
                    03:de:65:2d:ee:a3:73:b9:84:0c:76:91:d5:1b:36:
                    78:20:9c:24:cd:bb:c3:29:63:84:f1:95:e7:85:c8:
                    0a:1d:23:17:01:21:29:4a:bc:a9:da:7f:69:4b:e7:
                    5d:de:0d:90:40:16:ac:66:bc:83:c9:00:69:81:7d:
                    19:c1:43:4f:81:e2:42:f9:73:8d:63:c0:6e:a0:54:
                    6f:44:65:47:99:cb:73:35:b2:30:c8:5a:8c:ab:98:
                    e8:4d:40:c0:6f:04:28:7f:f1:07:5b:69:62:01:9a:
                    b2:d9:8f:02:1e:72:a2:1e:c6:63:2e:a0:c5:99:19:
                    7e:24:91:ef:ce:6a:b1:7e:59:ef:65:e0:cb:e7:97:
                    88:a8:1d:86:80:df:b6:18:c5:d8:35:19:7a:cb:33:
                    17:7c:71:a1:72:17:54:d9:69:d2:bc:60:74:7b:53:
                    d2:16:85:8f:be:39:54:49:9b:0c:e1:28:2a:2b:6b:
                    1e:e6:fd:95:e8:a1:b5:78:c9:f9:76:56:bb:8e:a3:
                    5b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A5:DF:BE:0F:D4:DF:CF:4B:3E:D3:44:DA:D6:3A:05:82:8A:4D:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2360110-885d-4b32-b87d-dc39fd9d8c91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:a4c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         10:7f:e2:de:ad:6b:27:11:ec:a0:4a:b9:5f:aa:91:eb:c0:fb:
         11:0e:63:88:dd:78:4e:6b:6d:ee:6d:2d:93:94:ad:d3:38:d0:
         9a:f2:96:86:7b:e3:2f:37:6e:46:1f:7a:c2:7d:27:ce:eb:a7:
         df:83:b0:0b:df:12:40:2c:80:1f:aa:a0:f0:6c:9c:c3:50:70:
         07:24:b0:7c:fd:5b:ef:8e:a3:2d:cf:06:23:6b:e6:1b:55:2b:
         6d:ad:32:86:c1:98:e4:24:29:d0:3c:f4:81:52:e1:59:83:23:
         08:4a:7d:ff:5e:40:de:11:eb:41:25:27:0e:b5:d2:2a:03:aa:
         cc:c4:2e:5a:3e:99:d8:0b:33:70:cf:a2:62:df:0b:3c:a5:ac:
         1e:8c:77:53:2e:f1:ee:8f:bb:d1:ef:a1:dc:b1:12:68:d7:bb:
         ef:9c:ca:a3:a2:89:74:d3:bb:f1:14:da:b7:5f:fc:94:e2:0b:
         60:a4:c2:9e:1b:1f:56:de:27:ea:bc:f8:72:2d:21:c2:40:06:
         d4:26:5f:a1:1e:22:86:98:6d:72:7a:33:c3:0d:8c:1d:55:ea:
         fb:86:90:ec:ea:14:9b:be:82:6e:80:96:9c:c8:d3:7b:a9:c2:
         51:26:8c:da:a1:44:be:7d:ef:37:45:33:4e:5d:b8:7e:ff:6f:
         c1:4a:37:ae
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUBScGuKCXlvnFCik3jywHiinLrncwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYxMDI3WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NWI4NGFiZGI5NWE0NzVlM2JjNDA5OGIyMDMzMjgyNTg0
ODI1MGY1NmVjMmE3NGZjODhhZmRhZDUzN2Y2ZWJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDWnLwgrfC7OWZ4yGclOCnxWiygMe8xznMSkzrz5sWK8fe
lc1NoVr0pi2mtpUfecSwP6eQEshJu8qjKwPeZS3uo3O5hAx2kdUbNnggnCTNu8Mp
Y4TxleeFyAodIxcBISlKvKnaf2lL513eDZBAFqxmvIPJAGmBfRnBQ0+B4kL5c41j
wG6gVG9EZUeZy3M1sjDIWoyrmOhNQMBvBCh/8QdbaWIBmrLZjwIecqIexmMuoMWZ
GX4kke/OarF+We9l4Mvnl4ioHYaA37YYxdg1GXrLMxd8caFyF1TZadK8YHR7U9IW
hY++OVRJmwzhKCorax7m/ZXoobV4yfl2VruOo1unAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUv6Xfvg/U389LPtNE2tY6BYKKTd8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyMzYwMTEwLTg4NWQtNGIzMi1iODdkLWRjMzlmZDlkOGM5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/7pMAwDQYJKoZIhvcNAQELBQADggEBABB/4t6taycR7KBKuV+qkevA
+xEOY4jdeE5rbe5tLZOUrdM40JryloZ74y83bkYfesJ9J87rp9+DsAvfEkAsgB+q
oPBsnMNQcAcksHz9W++Ooy3PBiNr5htVK22tMobBmOQkKdA89IFS4VmDIwhKff9e
QN4R60ElJw610ioDqszELlo+mdgLM3DPomLfCzylrB6Md1Mu8e6Pu9HvodyxEmjX
u++cyqOiiXTTu/EU2rdf/JTiC2Ckwp4bH1beJ+q8+HItIcJABtQmX6EeIoaYbXJ6
M8MNjB1V6vuGkOzqFJu+gm6AlpzI03upwlEmjNqhRL597zdFM05duH7/b8FKN64=
-----END CERTIFICATE-----