Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c8f71b7e-9974-4779-8c24-e352d24c707e.roa
File:                     c8f71b7e-9974-4779-8c24-e352d24c707e.roa (raw, json)
Hash identifier:          12agExA1NIejbLodICDklM84i7IiRw1r7NsPC655RKI=
Subject key identifier:   E0:BB:44:C1:03:2A:19:5D:B5:D8:86:B9:02:D5:89:F0:F9:EA:A7:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A6407110E09109641D130B6D4FC04D53C660654
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c8f71b7e-9974-4779-8c24-e352d24c707e.roa
Signing time:             Fri 14 Mar 2025 00:21:42 +0000
ROA not before:           Fri 14 Mar 2025 00:21:42 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff8:5000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:64:07:11:0e:09:10:96:41:d1:30:b6:d4:fc:04:d5:3c:66:06:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:21:42 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3e:99:30:28:3f:d1:a2:a4:b6:e4:15:17:37:
                    c9:2b:2e:34:19:02:50:1a:46:5f:0f:26:8d:04:82:
                    83:ff:f6:73:e4:58:55:d1:37:f3:3e:79:38:b5:d6:
                    94:0b:f6:1a:57:e7:85:12:d0:24:d8:ef:fe:af:de:
                    4a:15:81:3f:ea:a7:dd:38:57:27:1c:78:39:5e:37:
                    42:55:7e:3e:91:af:62:32:dc:61:a6:df:d7:5b:0a:
                    f8:8d:b1:57:01:44:bb:ac:40:8b:92:4a:b4:c5:d5:
                    18:ba:87:cc:b8:bd:b1:84:ed:0a:2d:59:6c:93:38:
                    7a:fb:d4:9f:40:fa:0e:20:c0:7c:68:ec:85:39:d1:
                    c9:80:51:e7:37:0f:83:1c:24:87:3e:1c:7d:b6:27:
                    96:5c:fe:48:48:f1:d6:bc:47:26:cb:35:8a:9a:e6:
                    7b:75:56:27:9b:c0:b3:06:36:c3:29:f4:e7:a0:b3:
                    62:92:aa:23:b8:06:c8:85:6f:c7:06:1b:d9:76:32:
                    10:03:32:83:2e:7c:d2:83:33:83:ed:aa:ae:b8:c4:
                    48:df:6b:35:ac:29:5f:04:31:07:4e:dc:a9:c3:6b:
                    ad:09:e2:e4:c6:ce:54:2d:d5:15:69:35:d9:6c:5c:
                    dc:ef:a6:24:48:aa:a4:0c:13:d8:06:ee:5e:bf:09:
                    35:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BB:44:C1:03:2A:19:5D:B5:D8:86:B9:02:D5:89:F0:F9:EA:A7:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c8f71b7e-9974-4779-8c24-e352d24c707e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff8:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         b0:2f:84:ad:82:d4:fe:59:67:e5:78:f3:77:73:90:f9:20:d3:
         52:04:46:53:a3:64:5d:4a:7a:d5:61:51:c6:70:e9:b2:1d:0b:
         66:2c:7f:70:54:eb:fc:80:ec:84:7d:0d:e2:d5:85:19:17:ce:
         f4:ed:35:63:d9:da:00:5b:2c:3f:cb:a3:e8:2d:38:f3:52:a4:
         0a:c9:1c:fc:1e:20:aa:f6:4d:dc:56:ab:be:2c:95:1b:1c:64:
         87:26:32:af:97:bf:52:89:eb:1a:b4:17:67:08:0e:b1:ec:90:
         7c:e7:8c:86:90:53:c3:eb:45:c7:84:9a:f3:57:32:d0:be:60:
         73:ee:c3:1b:a6:4d:b7:30:d8:98:5d:f3:bb:a2:00:7e:f4:66:
         57:c8:0c:7f:c9:a9:75:b3:61:88:09:85:2c:6d:8f:4f:c5:10:
         f7:94:aa:20:88:3a:b3:d0:84:43:ec:ed:05:b3:3f:bb:49:57:
         ea:36:a4:00:fc:8d:6e:70:81:ce:4d:fa:fc:2f:31:7d:7a:a8:
         b5:3a:dd:38:50:61:e3:09:49:1a:c7:45:45:df:9c:06:1d:8f:
         89:83:2c:d7:3a:af:b2:d8:4a:43:36:28:83:cf:3b:5e:1f:dc:
         e6:65:e5:a1:35:05:b8:b3:7b:ca:31:7a:7d:b4:4d:62:16:c1:
         fe:64:6c:69
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGmQHEQ4JEJZB0TC21PwE1TxmBlQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDAyMTQyWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZGNlOTA0NDQwZWU5MWNkNWFiNWRjOGY0OTQ0OTllNDZi
OWRhZmEyYzU4MWVjNTBlMjY5NTc2ZWNlZTQxMWY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbPpkwKD/RoqS25BUXN8krLjQZAlAaRl8PJo0EgoP/9nPk
WFXRN/M+eTi11pQL9hpX54US0CTY7/6v3koVgT/qp904VycceDleN0JVfj6Rr2Iy
3GGm39dbCviNsVcBRLusQIuSSrTF1Ri6h8y4vbGE7QotWWyTOHr71J9A+g4gwHxo
7IU50cmAUec3D4McJIc+HH22J5Zc/khI8da8RybLNYqa5nt1ViebwLMGNsMp9Oeg
s2KSqiO4BsiFb8cGG9l2MhADMoMufNKDM4Ptqq64xEjfazWsKV8EMQdO3KnDa60J
4uTGzlQt1RVpNdlsXNzvpiRIqqQME9gG7l6/CTW5AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU4LtEwQMqGV212Ia5AtWJ8Pnqp0IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M4ZjcxYjdlLTk5NzQtNDc3OS04YzI0LWUzNTJkMjRjNzA3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB/4UDANBgkqhkiG9w0BAQsFAAOCAQEAsC+ErYLU/lln5Xjzd3OQ+SDT
UgRGU6NkXUp61WFRxnDpsh0LZix/cFTr/IDshH0N4tWFGRfO9O01Y9naAFssP8uj
6C0481KkCskc/B4gqvZN3FarviyVGxxkhyYyr5e/UonrGrQXZwgOseyQfOeMhpBT
w+tFx4Sa81cy0L5gc+7DG6ZNtzDYmF3zu6IAfvRmV8gMf8mpdbNhiAmFLG2PT8UQ
95SqIIg6s9CEQ+ztBbM/u0lX6jakAPyNbnCBzk36/C8xfXqotTrdOFBh4wlJGsdF
Rd+cBh2PiYMs1zqvsthKQzYog887Xh/c5mXloTUFuLN7yjF6fbRNYhbB/mRsaQ==
-----END CERTIFICATE-----