Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d14c8507-ad9e-4584-b3b9-30f61d046c4a.roa
File:                     d14c8507-ad9e-4584-b3b9-30f61d046c4a.roa (raw, json)
Hash identifier:          iIUjl2oWFMJ8PW75rNnDyUgxmGTZe8YXjfRrnZmu2OQ=
Subject key identifier:   C8:48:56:F5:D1:80:80:AD:E3:D7:07:FA:28:53:1F:A3:0A:A0:C7:0B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B1409D7875198D07DBA8C60BA0A97B9E0E8BD65
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d14c8507-ad9e-4584-b3b9-30f61d046c4a.roa
Signing time:             Fri 28 Mar 2025 16:20:15 +0000
ROA not before:           Fri 28 Mar 2025 16:20:15 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff7:34c0::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:14:09:d7:87:51:98:d0:7d:ba:8c:60:ba:0a:97:b9:e0:e8:bd:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:20:15 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:64:d4:73:81:73:6d:32:2c:03:35:8f:82:93:
                    2e:8c:21:45:f5:00:32:a2:e8:18:04:c1:5b:93:55:
                    9b:02:59:e6:18:62:c5:75:60:a0:b5:43:fd:67:73:
                    52:dd:58:bf:49:b4:f6:3f:20:e3:16:a5:cd:96:81:
                    f3:3b:4e:d3:f9:44:c0:05:4d:81:46:e4:8f:88:10:
                    71:e5:48:ba:f6:e7:5c:9d:7d:05:7d:dc:5d:cf:af:
                    9f:69:b0:c7:e7:a5:8e:e3:d7:87:eb:98:b7:1b:09:
                    55:f1:2e:58:22:56:73:2c:1c:e4:2d:40:4d:92:6f:
                    16:96:3d:da:4e:8c:1f:8a:16:89:08:61:65:94:53:
                    ab:7c:df:2a:15:c5:a5:00:a1:04:5d:5e:5a:94:77:
                    67:cf:b8:16:11:cb:34:6f:0a:f5:92:e5:b8:bb:66:
                    55:30:55:7f:fd:d0:85:4a:e8:00:22:ac:bd:eb:34:
                    41:e4:05:1a:b9:bb:90:5b:c2:54:ae:7b:0a:31:0d:
                    a1:fb:80:5e:46:01:c6:c8:25:b6:1f:bf:3a:84:f4:
                    a0:e5:b7:96:31:59:b7:50:fb:11:76:8b:0b:57:c0:
                    56:f0:ed:ac:8c:1e:98:59:a9:d6:e6:72:b5:58:f9:
                    83:2e:5a:4a:3a:80:ba:d7:7f:e0:33:0b:60:62:ef:
                    5f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:48:56:F5:D1:80:80:AD:E3:D7:07:FA:28:53:1F:A3:0A:A0:C7:0B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d14c8507-ad9e-4584-b3b9-30f61d046c4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:34c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         84:aa:ff:48:4b:19:5e:fe:58:fc:5e:06:a4:a0:ee:66:25:21:
         4a:a0:9b:8c:47:55:0b:3b:7e:0b:62:b1:d5:57:ec:fa:a0:0c:
         4e:65:28:14:6d:c4:4e:92:9d:2c:d3:00:47:e7:27:2c:4d:f5:
         f4:f1:cd:c6:27:f2:49:47:59:e1:2b:dd:6f:e2:90:5e:e9:90:
         66:32:55:90:cb:7b:1f:db:28:28:09:f4:67:bf:e6:1f:22:fc:
         31:94:b0:60:da:5d:9b:66:3c:9b:bb:90:33:d7:c0:7b:6f:67:
         f0:77:58:be:ec:04:a3:4f:7f:c0:84:89:a8:78:83:29:a0:17:
         bf:2a:c9:30:23:48:de:d1:57:3c:a8:05:43:7a:5e:ab:14:79:
         8f:e9:35:a9:4b:7a:59:e1:ac:c0:79:5e:43:2d:b0:bc:b4:33:
         74:cc:21:32:07:c1:bd:1d:80:1f:a1:7a:70:88:0a:50:ef:54:
         7c:79:a2:63:f7:da:a6:a2:93:4a:ae:7f:df:40:cf:de:b7:cb:
         dd:a8:a1:25:7a:79:b9:e3:31:23:aa:73:b1:da:84:5f:42:65:
         63:3d:c4:13:3a:62:59:f4:a2:ce:68:53:32:ee:e9:b4:cf:04:
         b2:3b:a4:d3:d7:ce:48:d0:89:bf:f1:3f:63:62:1b:6c:86:f2:
         67:d6:cc:09
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUWxQJ14dRmNB9uoxgugqXueDovWUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYyMDE1WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMDJjNGUxYmQ0ZDc4ZDg1Y2JkMWMzODAwZTQ5MWI3N2Y5
N2RlMDNlMTcyYjljYmU0ZGIxMzhlMzQ5ZmIxOTk0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5ZNRzgXNtMiwDNY+Cky6MIUX1ADKi6BgEwVuTVZsCWeYY
YsV1YKC1Q/1nc1LdWL9JtPY/IOMWpc2WgfM7TtP5RMAFTYFG5I+IEHHlSLr251yd
fQV93F3Pr59psMfnpY7j14frmLcbCVXxLlgiVnMsHOQtQE2SbxaWPdpOjB+KFokI
YWWUU6t83yoVxaUAoQRdXlqUd2fPuBYRyzRvCvWS5bi7ZlUwVX/90IVK6AAirL3r
NEHkBRq5u5BbwlSuewoxDaH7gF5GAcbIJbYfvzqE9KDlt5YxWbdQ+xF2iwtXwFbw
7ayMHphZqdbmcrVY+YMuWko6gLrXf+AzC2Bi71/jAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUyEhW9dGAgK3j1wf6KFMfowqgxwswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QxNGM4NTA3LWFkOWUtNDU4NC1iM2I5LTMwZjYxZDA0NmM0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/3NMAwDQYJKoZIhvcNAQELBQADggEBAISq/0hLGV7+WPxeBqSg7mYl
IUqgm4xHVQs7fgtisdVX7PqgDE5lKBRtxE6SnSzTAEfnJyxN9fTxzcYn8klHWeEr
3W/ikF7pkGYyVZDLex/bKCgJ9Ge/5h8i/DGUsGDaXZtmPJu7kDPXwHtvZ/B3WL7s
BKNPf8CEiah4gymgF78qyTAjSN7RVzyoBUN6XqsUeY/pNalLelnhrMB5XkMtsLy0
M3TMITIHwb0dgB+henCIClDvVHx5omP32qaik0quf99Az963y92ooSV6ebnjMSOq
c7HahF9CZWM9xBM6Yln0os5oUzLu6bTPBLI7pNPXzkjQib/xP2NiG2yG8mfWzAk=
-----END CERTIFICATE-----