Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a99936ff-2397-4c4c-a8d6-95ecf5ad9244.roa
File:                     a99936ff-2397-4c4c-a8d6-95ecf5ad9244.roa (raw, json)
Hash identifier:          xhlB8a6u9K+XWGff/KNtVaea8jMURDXbQ6xBuS/8Vvc=
Subject key identifier:   C3:94:F1:4B:CD:37:A8:E0:27:01:C8:0C:43:1C:9A:03:67:E8:CE:15
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A8B1DC47D8A10A3FB8A3AE3201CD55616808890
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a99936ff-2397-4c4c-a8d6-95ecf5ad9244.roa
Signing time:             Fri 28 Mar 2025 00:41:06 +0000
ROA not before:           Fri 28 Mar 2025 00:41:06 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:40c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:8b:1d:c4:7d:8a:10:a3:fb:8a:3a:e3:20:1c:d5:56:16:80:88:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:41:06 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7a:a0:79:af:9d:bd:2e:8c:fd:7b:1e:59:d2:
                    c5:a8:7b:41:20:50:c9:16:28:b1:98:e5:62:8d:98:
                    6f:2c:e4:65:74:ab:e1:7a:61:6f:0a:57:c0:25:ee:
                    2e:d4:ad:6b:84:65:ab:72:2d:13:b9:a4:0b:95:a9:
                    fd:b1:54:50:06:32:57:96:e5:a5:8b:09:72:21:e7:
                    eb:c3:f9:62:47:12:ab:48:07:b2:8d:ff:a4:6b:b7:
                    71:69:c8:ad:7a:cb:af:41:61:e4:13:87:57:7b:f3:
                    9f:eb:5a:80:bd:3f:f7:81:65:aa:2b:fb:b2:10:90:
                    b3:70:cb:88:dc:a0:b4:c2:7e:c6:40:6a:12:d1:fe:
                    68:c4:f6:51:1a:d6:14:30:11:8e:df:48:59:b0:f0:
                    d5:99:b1:f7:2e:9b:ac:f5:16:d5:14:cb:6f:3e:92:
                    fd:7f:18:23:68:0f:f3:97:52:84:97:af:28:bc:7c:
                    9d:9a:5a:2f:04:cb:10:54:a9:f4:b7:21:3c:56:b0:
                    98:7d:7c:4c:04:05:f7:19:61:04:9e:6a:fd:bc:42:
                    c1:1f:47:cd:25:94:45:c0:e0:ff:d0:7c:29:87:fd:
                    41:96:3c:37:81:9c:0b:ce:c2:a1:a3:b3:be:d6:89:
                    6e:9e:fe:98:0b:67:ff:b1:d0:b0:33:c6:d4:15:16:
                    18:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:94:F1:4B:CD:37:A8:E0:27:01:C8:0C:43:1C:9A:03:67:E8:CE:15
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a99936ff-2397-4c4c-a8d6-95ecf5ad9244.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:40c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:2d:dd:9e:f5:58:48:f0:a5:63:08:9f:99:3e:dd:80:ec:8b:
         15:05:e6:97:21:36:b9:b9:48:52:d7:db:ca:c8:2a:92:6d:4c:
         dc:c4:a6:81:24:fe:ba:23:5c:02:49:d1:d0:a3:78:3f:e1:80:
         0c:b1:00:70:70:6c:1a:ec:88:5f:bf:a6:2c:71:b6:7b:e1:ea:
         2a:05:d0:cd:7f:72:95:d3:d0:33:4c:b1:3a:88:ca:b6:55:74:
         68:c1:54:33:e7:b5:2d:73:df:b7:92:3b:55:82:15:57:50:00:
         1c:93:ca:83:71:00:d0:2a:61:53:9a:bd:70:f0:e2:92:5d:f3:
         f6:26:5f:0d:47:d5:12:01:f5:14:d4:b6:31:f4:7c:e0:d2:3a:
         15:1a:aa:34:a1:47:a2:92:e8:8c:07:1f:ef:cb:b6:1c:90:42:
         dc:d2:6f:98:d8:0f:0d:87:cb:0c:74:dd:83:16:2b:e9:4d:81:
         6a:29:7d:1f:a0:93:c0:33:2b:0a:b5:40:ca:25:59:48:07:f5:
         d7:9d:51:f6:6d:46:8c:86:ed:fd:e6:68:9a:11:1c:5c:d3:2d:
         f0:80:e6:83:cf:73:bf:85:a2:e9:28:2a:6d:fc:60:27:7c:28:
         69:d2:b7:e6:7d:24:ed:b7:69:ca:ad:d5:f5:4e:4e:ec:fc:ea:
         a9:7f:1e:9b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUWosdxH2KEKP7ijrjIBzVVhaAiJAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDA0MTA2WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDJlN2RhNTIxMzZlYzc5NzNmYzM0NGVhYzk4ZmIxZDkw
Y2YxOWJiZTIyNTQxMTg2MzhkZjFlODE0OTBmNWM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDleqB5r529Loz9ex5Z0sWoe0EgUMkWKLGY5WKNmG8s5GV0
q+F6YW8KV8Al7i7UrWuEZatyLRO5pAuVqf2xVFAGMleW5aWLCXIh5+vD+WJHEqtI
B7KN/6Rrt3FpyK16y69BYeQTh1d785/rWoC9P/eBZaor+7IQkLNwy4jcoLTCfsZA
ahLR/mjE9lEa1hQwEY7fSFmw8NWZsfcum6z1FtUUy28+kv1/GCNoD/OXUoSXryi8
fJ2aWi8EyxBUqfS3ITxWsJh9fEwEBfcZYQSeav28QsEfR80llEXA4P/QfCmH/UGW
PDeBnAvOwqGjs77WiW6e/pgLZ/+x0LAzxtQVFhiVAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUw5TxS803qOAnAcgMQxyaA2fozhUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E5OTkzNmZmLTIzOTctNGM0Yy1hOGQ2LTk1ZWNmNWFkOTI0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hQMAwDQYJKoZIhvcNAQELBQADggEBAIAt3Z71WEjwpWMIn5k+3YDs
ixUF5pchNrm5SFLX28rIKpJtTNzEpoEk/rojXAJJ0dCjeD/hgAyxAHBwbBrsiF+/
pixxtnvh6ioF0M1/cpXT0DNMsTqIyrZVdGjBVDPntS1z37eSO1WCFVdQAByTyoNx
ANAqYVOavXDw4pJd8/YmXw1H1RIB9RTUtjH0fODSOhUaqjShR6KS6IwHH+/LthyQ
QtzSb5jYDw2Hywx03YMWK+lNgWopfR+gk8AzKwq1QMolWUgH9dedUfZtRoyG7f3m
aJoRHFzTLfCA5oPPc7+FoukoKm38YCd8KGnSt+Z9JO23acqt1fVOTuz86ql/Hps=
-----END CERTIFICATE-----