Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6429146-b7e1-47bb-8574-eacbd68eba9f.roa
File:                     b6429146-b7e1-47bb-8574-eacbd68eba9f.roa (raw, json)
Hash identifier:          8AP+5rBBmHhIQ4s3Nf8UlM0451dFY/niDlEZV5/JK0M=
Subject key identifier:   49:A5:C5:E7:84:C2:DE:90:62:E6:CC:80:8C:4F:C1:B6:F6:5E:FF:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24D1A57566D271CBD8B0F9C0DE7454F3258B605B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6429146-b7e1-47bb-8574-eacbd68eba9f.roa
Signing time:             Fri 28 Mar 2025 16:10:16 +0000
ROA not before:           Fri 28 Mar 2025 16:10:16 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffb:7400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:d1:a5:75:66:d2:71:cb:d8:b0:f9:c0:de:74:54:f3:25:8b:60:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:10:16 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7f:3d:f6:40:24:a0:74:03:f4:91:60:e0:df:
                    1c:0c:94:60:15:58:72:38:4d:ac:1b:65:56:44:eb:
                    29:1c:16:dd:2a:6d:a0:56:03:45:78:77:b5:24:b1:
                    86:70:00:4f:22:b6:c3:71:1b:bd:49:5c:0c:cf:ae:
                    17:48:b8:e3:ef:4c:7d:39:37:47:1a:68:84:75:e1:
                    41:78:03:98:f8:88:5b:46:fa:4f:b5:cd:6b:a0:5e:
                    5d:ae:fa:9f:58:f4:19:0b:43:f0:d9:44:d7:65:a4:
                    a7:b0:58:fc:be:f5:aa:5f:dc:79:78:4b:e2:a4:f8:
                    db:69:4d:63:f2:69:d2:d3:1b:c0:c9:5a:eb:29:80:
                    95:25:d7:8c:5f:cf:9b:3f:e2:fe:32:ca:11:77:1e:
                    15:83:c7:91:cf:05:14:95:59:97:1f:7b:1f:30:5e:
                    1a:17:8c:ae:ac:8e:32:ed:da:cc:43:f3:88:a4:3e:
                    35:10:f9:29:5e:48:5d:8a:c3:b0:d2:f6:85:f6:e2:
                    b6:9e:f5:2d:22:fa:56:90:7e:4c:08:0c:5d:70:0f:
                    89:7d:f3:00:14:a7:99:aa:af:1c:d9:91:6c:29:81:
                    c3:82:ca:14:0b:86:ab:4e:95:be:0a:a7:a5:72:f1:
                    bc:41:ea:7f:24:1b:60:3c:eb:1b:ce:c1:42:7a:e1:
                    05:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:A5:C5:E7:84:C2:DE:90:62:E6:CC:80:8C:4F:C1:B6:F6:5E:FF:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6429146-b7e1-47bb-8574-eacbd68eba9f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         c7:96:40:1c:d1:df:16:a1:3d:7e:55:8e:79:c5:96:1d:a7:9e:
         43:f3:1e:11:14:73:c4:32:bc:c0:ef:2a:29:11:7e:a1:60:3e:
         51:b5:e4:41:c6:a3:9a:db:bf:d4:9a:0e:b0:7b:5a:9e:64:6b:
         63:0f:16:08:64:d5:3d:bb:b6:95:31:1f:84:e8:15:c1:d9:d7:
         c1:0b:05:8f:6b:6d:37:25:6f:02:76:b1:0b:1e:30:38:d6:74:
         30:50:27:e5:70:aa:07:29:75:26:6f:94:ee:d9:e3:75:5b:8d:
         9a:9b:09:b8:09:d7:ae:81:f9:6a:22:36:34:18:8d:85:a6:c3:
         2b:bc:14:37:52:33:0c:b0:b9:46:3d:cf:80:fd:dc:39:97:aa:
         e5:8b:c8:de:67:a5:1f:f3:b2:f2:00:0f:54:0d:2d:a5:be:04:
         83:7f:b6:fd:ba:01:09:d3:98:39:ee:12:1c:b1:16:8f:96:50:
         3a:da:3f:be:02:3c:e4:5f:f7:b6:1a:9c:e3:b7:47:6e:35:2b:
         9a:49:7a:40:67:06:70:c4:02:cc:44:ee:05:68:df:9a:37:e6:
         eb:51:4b:83:4d:d7:f9:f5:d4:0e:99:d4:e2:77:1b:9b:4b:64:
         58:d4:70:4a:56:54:6c:7c:4b:b6:88:b1:73:f8:8f:6f:75:80:
         6a:43:87:ab
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJNGldWbSccvYsPnA3nRU8yWLYFswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYxMDE2WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDA4NTlhNmIyYmVlZWY2NTY1NmM1ZGU3NGFhNThlODIz
MGNiMDA4ODdjYzgzODhmYmVkYWFkNGFhODZmMGUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClfz32QCSgdAP0kWDg3xwMlGAVWHI4TawbZVZE6ykcFt0q
baBWA0V4d7UksYZwAE8itsNxG71JXAzPrhdIuOPvTH05N0caaIR14UF4A5j4iFtG
+k+1zWugXl2u+p9Y9BkLQ/DZRNdlpKewWPy+9apf3Hl4S+Kk+NtpTWPyadLTG8DJ
WuspgJUl14xfz5s/4v4yyhF3HhWDx5HPBRSVWZcfex8wXhoXjK6sjjLt2sxD84ik
PjUQ+SleSF2Kw7DS9oX24rae9S0i+laQfkwIDF1wD4l98wAUp5mqrxzZkWwpgcOC
yhQLhqtOlb4Kp6Vy8bxB6n8kG2A86xvOwUJ64QWXAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUSaXF54TC3pBi5syAjE/BtvZe/2owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2NDI5MTQ2LWI3ZTEtNDdiYi04NTc0LWVhY2JkNjhlYmE5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/7dDANBgkqhkiG9w0BAQsFAAOCAQEAx5ZAHNHfFqE9flWOecWWHaee
Q/MeERRzxDK8wO8qKRF+oWA+UbXkQcajmtu/1JoOsHtanmRrYw8WCGTVPbu2lTEf
hOgVwdnXwQsFj2ttNyVvAnaxCx4wONZ0MFAn5XCqByl1Jm+U7tnjdVuNmpsJuAnX
roH5aiI2NBiNhabDK7wUN1IzDLC5Rj3PgP3cOZeq5YvI3melH/Oy8gAPVA0tpb4E
g3+2/boBCdOYOe4SHLEWj5ZQOto/vgI85F/3thqc47dHbjUrmkl6QGcGcMQCzETu
BWjfmjfm61FLg03X+fXUDpnU4ncbm0tkWNRwSlZUbHxLtoixc/iPb3WAakOHqw==
-----END CERTIFICATE-----