Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c636934a-c7cc-4c0f-acb1-a74b2500994d.roa
File:                     c636934a-c7cc-4c0f-acb1-a74b2500994d.roa (raw, json)
Hash identifier:          jPhJ1PY3nv/l6yYsPR8nFpGE0E5JW2FnP+eEeaxglxw=
Subject key identifier:   71:99:9C:1F:55:E8:58:AA:30:70:40:EE:4B:18:12:51:42:A8:01:62
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3AC084161CB2502D6307803A541AC58D4DEB4B61
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c636934a-c7cc-4c0f-acb1-a74b2500994d.roa
Signing time:             Tue 25 Mar 2025 17:42:13 +0000
ROA not before:           Tue 25 Mar 2025 17:42:13 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:3480::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:c0:84:16:1c:b2:50:2d:63:07:80:3a:54:1a:c5:8d:4d:eb:4b:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 25 17:42:13 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:91:39:ab:21:c3:9f:27:8a:d2:bf:c3:3a:7b:
                    7b:8e:e9:ff:84:95:95:d5:e0:13:4f:fa:b5:6b:c8:
                    05:14:2b:79:dc:eb:c9:41:c9:4c:e5:d4:67:b3:c5:
                    0e:cf:73:25:f0:26:75:af:9d:db:d6:56:70:9e:73:
                    5c:51:f0:a2:24:51:80:89:c3:18:08:e4:7f:d7:1f:
                    35:06:1e:68:7e:e6:a6:03:b0:5a:f9:18:35:76:d8:
                    c3:e0:b7:17:00:27:e7:40:8b:65:e6:e2:c5:ec:6f:
                    06:9e:70:81:b3:2c:1e:cd:66:d7:28:0d:7b:33:34:
                    f7:13:79:6c:63:8e:0a:aa:93:a3:65:3b:d3:a1:c0:
                    83:6b:34:eb:7d:94:01:5f:70:d2:f4:c5:fb:8c:13:
                    6b:64:fa:42:91:32:c6:cd:f1:3a:e5:19:2d:bc:7a:
                    74:20:5b:54:80:db:72:e4:73:ea:9f:73:17:68:a2:
                    98:28:b4:15:06:a1:5b:0b:7d:bc:c8:6b:41:53:5f:
                    f7:6b:ca:d9:12:c9:b1:c5:bd:f6:d0:b2:13:a0:f8:
                    48:92:2b:fd:32:8a:72:2c:d2:ec:d6:1b:7f:91:70:
                    54:13:09:9d:a8:93:4d:85:80:d6:7c:a6:77:c8:30:
                    c2:4c:5d:c2:58:93:46:73:54:74:91:7f:91:e0:b0:
                    5a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:99:9C:1F:55:E8:58:AA:30:70:40:EE:4B:18:12:51:42:A8:01:62
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c636934a-c7cc-4c0f-acb1-a74b2500994d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:3480::/48

    Signature Algorithm: sha256WithRSAEncryption
         cf:64:9b:09:f6:f8:db:49:e3:f9:27:31:fa:ce:f1:62:b2:1e:
         51:38:7d:be:88:6a:ad:9d:0a:a7:44:b0:b4:2f:ec:92:71:de:
         bf:df:f1:89:37:31:cb:c9:3f:77:5e:d5:4f:53:cf:bf:50:b1:
         4a:29:7a:29:6e:7b:5d:77:58:cd:4d:a1:79:66:1d:e1:fe:a0:
         1d:6b:f3:02:8b:4b:4c:d4:b1:15:aa:67:8b:56:48:39:92:28:
         64:9f:4d:9f:b9:9f:3c:fd:2a:f2:fa:20:7f:c7:fa:f7:94:a8:
         d0:20:d6:44:75:3e:c2:a4:db:48:3d:a3:45:f5:1e:f4:14:ab:
         39:d1:c4:f0:61:55:41:89:c2:7b:27:03:ff:e2:08:4c:66:e4:
         87:11:8c:8b:57:f3:e7:d3:0e:8f:29:a6:c8:e4:42:12:aa:e8:
         06:08:5b:03:6a:93:37:e7:b5:ed:7d:8d:b1:70:37:51:12:4e:
         bf:f1:9d:16:79:d8:8e:e8:ed:50:75:54:9e:b7:6f:2d:e2:80:
         c4:62:9b:73:be:dc:33:da:5a:95:6f:05:d9:73:24:e4:41:78:
         b3:bf:af:a1:1b:aa:53:87:e9:02:03:8b:37:0d:65:1d:42:96:
         4a:ee:09:7a:7a:3e:95:ef:d0:db:d5:ee:86:df:ff:9c:1f:68:
         6e:3e:4e:f6
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUOsCEFhyyUC1jB4A6VBrFjU3rS2EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI1MTc0MjEzWhcNMjUwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTFkNWViYjQwNDM5MmExYmNiZWRmNmU2YjMyNDhiNzY4
ZjZiMGMyMjI4NzJiMTY0NzMyOTFlOGEzMGRmODc2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJkTmrIcOfJ4rSv8M6e3uO6f+ElZXV4BNP+rVryAUUK3nc
68lByUzl1GezxQ7PcyXwJnWvndvWVnCec1xR8KIkUYCJwxgI5H/XHzUGHmh+5qYD
sFr5GDV22MPgtxcAJ+dAi2Xm4sXsbwaecIGzLB7NZtcoDXszNPcTeWxjjgqqk6Nl
O9OhwINrNOt9lAFfcNL0xfuME2tk+kKRMsbN8TrlGS28enQgW1SA23Lkc+qfcxdo
opgotBUGoVsLfbzIa0FTX/drytkSybHFvfbQshOg+EiSK/0yinIs0uzWG3+RcFQT
CZ2ok02FgNZ8pnfIMMJMXcJYk0ZzVHSRf5HgsFpDAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUcZmcH1XoWKowcEDuSxgSUUKoAWIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M2MzY5MzRhLWM3Y2MtNGMwZi1hY2IxLWE3NGIyNTAwOTk0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84NIAwDQYJKoZIhvcNAQELBQADggEBAM9kmwn2+NtJ4/knMfrO8WKy
HlE4fb6Iaq2dCqdEsLQv7JJx3r/f8Yk3McvJP3de1U9Tz79QsUopeilue113WM1N
oXlmHeH+oB1r8wKLS0zUsRWqZ4tWSDmSKGSfTZ+5nzz9KvL6IH/H+veUqNAg1kR1
PsKk20g9o0X1HvQUqznRxPBhVUGJwnsnA//iCExm5IcRjItX8+fTDo8ppsjkQhKq
6AYIWwNqkzfnte19jbFwN1ESTr/xnRZ52I7o7VB1VJ63by3igMRim3O+3DPaWpVv
BdlzJORBeLO/r6EbqlOH6QIDizcNZR1ClkruCXp6PpXv0NvV7obf/5wfaG4+TvY=
-----END CERTIFICATE-----