Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5570ed9-b388-4577-9238-0b853e9cc2f3.roa
File:                     d5570ed9-b388-4577-9238-0b853e9cc2f3.roa (raw, json)
Hash identifier:          AmcC6Gs8uXslggc7porEnCI/DhT2GlZj6OuYdYfavNY=
Subject key identifier:   9D:CB:15:B0:96:5D:0B:C3:A8:2F:03:25:26:1E:56:6B:C6:42:2B:E7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78094A5B583516598A0459E30F96E49E59BEB05F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5570ed9-b388-4577-9238-0b853e9cc2f3.roa
Signing time:             Fri 28 Mar 2025 16:00:29 +0000
ROA not before:           Fri 28 Mar 2025 16:00:29 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f69:3400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:09:4a:5b:58:35:16:59:8a:04:59:e3:0f:96:e4:9e:59:be:b0:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:00:29 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:44:e3:14:2e:e7:f6:49:98:46:f2:bf:d8:4f:
                    20:cc:83:ca:ac:39:d4:a1:6a:e5:d7:38:af:91:d6:
                    9c:4b:28:6c:c5:d4:04:5a:a8:5b:94:aa:12:46:20:
                    2b:68:9b:ef:94:ef:b7:7c:b7:d6:b6:5c:bf:d6:9d:
                    fd:0e:76:fa:43:23:9c:41:48:98:91:51:66:3a:2e:
                    a0:6e:8b:75:ac:78:cb:83:19:cc:b6:48:32:81:e7:
                    6c:13:fa:bb:c8:01:03:24:5c:14:04:84:ac:ad:95:
                    96:d0:02:35:09:b0:28:86:6b:a4:06:73:f6:16:a6:
                    fd:2b:f7:a3:7a:c4:fb:b7:6c:ed:01:0f:af:4c:2e:
                    da:ee:51:c4:ba:f6:5b:a5:7d:0f:7d:8a:8f:2a:96:
                    5b:11:34:9d:78:13:de:ad:ab:d0:60:12:af:f3:57:
                    af:dc:a3:c6:76:03:13:01:f5:66:1e:0c:23:f3:40:
                    01:dc:ad:7a:8b:b1:1f:03:ca:ac:49:d8:7a:c0:e1:
                    1a:df:8c:42:c4:72:30:e4:1d:7c:41:3f:4c:2e:18:
                    08:3c:6c:fa:71:c2:9d:f3:0b:c3:51:57:ce:69:2c:
                    f4:72:2c:c9:0e:7f:5b:f3:48:a9:59:79:ff:ec:c5:
                    e5:6e:80:a0:bf:1f:82:0c:39:82:b4:0c:2b:e4:0a:
                    f8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:CB:15:B0:96:5D:0B:C3:A8:2F:03:25:26:1E:56:6B:C6:42:2B:E7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5570ed9-b388-4577-9238-0b853e9cc2f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         82:6c:7a:19:ac:22:3b:23:a1:11:75:c7:13:74:d1:6e:ef:62:
         45:bf:2e:a4:62:80:80:ed:97:ac:bf:54:83:46:81:aa:d2:27:
         c6:6a:ce:6d:27:41:f7:8d:ad:2f:b3:5b:fc:34:33:1e:b1:c3:
         a7:d0:ff:1e:0e:cb:e4:2c:e7:88:af:93:f0:85:64:78:b2:01:
         33:b6:90:75:80:d7:3d:48:8a:0f:5c:a8:a1:be:98:2e:2c:58:
         55:8f:8a:17:7a:59:19:93:e0:2a:33:0f:c3:9d:40:e8:5e:36:
         6f:3b:2c:7b:3a:bc:2b:67:66:5f:a5:d9:97:58:7a:cc:8a:a4:
         8a:27:38:96:06:20:00:4e:44:86:b2:79:ae:4e:25:cc:d0:22:
         53:a6:a8:2a:1a:44:ae:89:e9:f4:cf:64:70:0b:57:69:0a:e4:
         d0:d5:9f:80:19:a8:82:5a:18:30:76:b8:30:61:a4:09:17:41:
         6c:0e:11:27:64:2d:a5:b1:28:fa:f1:11:3d:f3:98:6a:cd:40:
         5c:48:79:06:ef:a9:dd:66:3b:36:f8:35:4b:b7:d2:42:a7:db:
         93:bb:72:52:69:10:2b:03:f7:60:38:1c:87:f1:bc:d6:16:23:
         c2:d3:56:e0:7b:25:41:21:71:e3:8c:54:ea:7e:12:7a:03:42:
         b8:06:e1:44
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUeAlKW1g1FlmKBFnjD5bknlm+sF8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYwMDI5WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTE1YTYwMmViYjhkNzgyMTAzNGQwZTU0YWQxMmZlNDE1
ZmM5MjA5MTFjZmI5YzliZjQxYmZlMzQ5NTYwNzYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzROMULuf2SZhG8r/YTyDMg8qsOdShauXXOK+R1pxLKGzF
1ARaqFuUqhJGICtom++U77d8t9a2XL/Wnf0OdvpDI5xBSJiRUWY6LqBui3WseMuD
Gcy2SDKB52wT+rvIAQMkXBQEhKytlZbQAjUJsCiGa6QGc/YWpv0r96N6xPu3bO0B
D69MLtruUcS69lulfQ99io8qllsRNJ14E96tq9BgEq/zV6/co8Z2AxMB9WYeDCPz
QAHcrXqLsR8DyqxJ2HrA4RrfjELEcjDkHXxBP0wuGAg8bPpxwp3zC8NRV85pLPRy
LMkOf1vzSKlZef/sxeVugKC/H4IMOYK0DCvkCvidAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUncsVsJZdC8OoLwMlJh5Wa8ZCK+cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q1NTcwZWQ5LWIzODgtNDU3Ny05MjM4LTBiODUzZTljYzJmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9pNDANBgkqhkiG9w0BAQsFAAOCAQEAgmx6GawiOyOhEXXHE3TRbu9i
Rb8upGKAgO2XrL9Ug0aBqtInxmrObSdB942tL7Nb/DQzHrHDp9D/Hg7L5CzniK+T
8IVkeLIBM7aQdYDXPUiKD1yoob6YLixYVY+KF3pZGZPgKjMPw51A6F42bzssezq8
K2dmX6XZl1h6zIqkiic4lgYgAE5EhrJ5rk4lzNAiU6aoKhpEronp9M9kcAtXaQrk
0NWfgBmogloYMHa4MGGkCRdBbA4RJ2QtpbEo+vERPfOYas1AXEh5Bu+p3WY7Nvg1
S7fSQqfbk7tyUmkQKwP3YDgch/G81hYjwtNW4HslQSFx44xU6n4SegNCuAbhRA==
-----END CERTIFICATE-----