Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efe6f6cf-4796-46a7-9acc-01904c6ad2b9.roa
File:                     efe6f6cf-4796-46a7-9acc-01904c6ad2b9.roa (raw, json)
Hash identifier:          nwuPA1KvT4AD3pKXSSFq2Snerc8H/M//+mKAM2GvEgs=
Subject key identifier:   14:ED:45:9F:CC:21:70:F8:11:23:3B:FA:67:CB:E8:C7:0B:81:8D:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       43BA33D822F7CBEFE3BC834BD1AFB657B6DF7BC3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efe6f6cf-4796-46a7-9acc-01904c6ad2b9.roa
Signing time:             Tue 18 Mar 2025 00:00:30 +0000
ROA not before:           Tue 18 Mar 2025 00:00:30 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff5:4000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:ba:33:d8:22:f7:cb:ef:e3:bc:83:4b:d1:af:b6:57:b6:df:7b:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:00:30 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b3:08:4f:80:58:3b:29:54:df:f9:04:ec:6e:
                    27:69:43:cd:30:36:ed:9f:ff:61:5b:79:f1:a7:95:
                    b8:1c:0d:da:c6:9d:a3:b3:b5:62:02:39:9a:66:c4:
                    96:18:18:00:d9:68:ee:5a:c9:28:54:da:3c:aa:70:
                    fc:82:9f:23:ab:82:ef:46:cd:06:7c:c7:31:fc:9f:
                    a9:bd:6c:7e:8c:33:52:5f:7a:54:c7:11:cf:71:70:
                    53:11:64:cf:54:ae:84:c0:40:b4:e6:ab:b0:ba:0a:
                    4f:a2:33:96:71:14:b4:d6:72:58:a8:f9:cd:11:9c:
                    64:f8:d3:f2:a1:a0:65:68:f6:96:1a:2e:c1:49:fc:
                    2a:18:1b:18:76:76:c6:b4:e2:9a:d5:ff:11:b9:35:
                    e1:da:41:a1:ae:0c:4e:5e:3e:7e:d3:e4:c8:27:56:
                    7b:6c:f1:f6:3a:87:c3:b7:36:a1:f0:28:f7:99:54:
                    af:cd:58:27:71:5c:2d:ba:f1:2c:71:8f:05:25:3c:
                    a2:6d:a6:48:8e:1a:a9:45:38:34:fd:3a:b2:be:b1:
                    e0:0a:88:78:19:67:99:5d:04:69:59:67:89:11:c0:
                    53:93:bf:81:56:75:5b:dc:5b:9d:18:ce:04:a7:29:
                    20:15:a2:a0:47:de:f2:b6:6d:06:b4:78:ed:d9:57:
                    45:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:ED:45:9F:CC:21:70:F8:11:23:3B:FA:67:CB:E8:C7:0B:81:8D:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efe6f6cf-4796-46a7-9acc-01904c6ad2b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         21:e4:92:ab:41:55:53:0c:10:dc:3d:51:d8:2f:a8:ac:3b:2b:
         07:de:5c:8e:06:49:d9:69:f2:3b:72:52:14:08:8d:57:38:fe:
         6f:00:1d:5e:01:5d:dd:af:3a:39:95:07:d0:0c:58:dc:2f:2c:
         62:bf:6a:75:ec:b2:b4:61:1c:f5:49:df:37:79:f6:d2:e1:e9:
         3d:fb:ae:72:96:61:41:a4:f7:fa:66:3a:4a:c1:64:6a:8b:3a:
         6f:f0:3e:6f:71:c4:cc:b0:e3:29:43:06:25:46:bd:5f:71:b5:
         9f:7c:0d:0b:75:4c:7b:46:d3:b6:49:e3:cb:25:14:84:e0:f1:
         67:e2:b8:88:9e:e8:39:1c:6f:e0:ee:0e:93:91:98:ed:ff:e8:
         3c:5c:43:8a:e4:ed:41:84:f6:21:1a:3f:81:db:cc:0b:10:7a:
         d0:e8:82:01:98:bd:83:81:af:35:86:e4:5d:e7:11:c6:7a:6e:
         47:3a:f8:c7:a0:61:aa:6e:95:d6:ea:df:bf:93:62:6d:84:9c:
         c1:2f:a2:94:a7:8d:c6:b9:ad:7c:92:0a:47:bd:1a:56:a4:7f:
         0e:8c:15:61:3b:31:49:b4:e5:cc:97:83:6c:e7:92:d2:ef:60:
         06:6c:f2:34:29:3b:86:0a:ef:4d:11:1e:c0:3c:f9:48:0e:c0:
         8f:ba:e7:8e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQ7oz2CL3y+/jvINL0a+2V7bfe8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDAwMDMwWhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiODk5Njc1YmFmNmM2ZTUxNDAxMDE3ZmI2MzVlOTExOTgx
N2ZhZDU3M2ZmMWM3ZTUxODNiNjYzYjZkN2ViMmQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/swhPgFg7KVTf+QTsbidpQ80wNu2f/2FbefGnlbgcDdrG
naOztWICOZpmxJYYGADZaO5ayShU2jyqcPyCnyOrgu9GzQZ8xzH8n6m9bH6MM1Jf
elTHEc9xcFMRZM9UroTAQLTmq7C6Ck+iM5ZxFLTWclio+c0RnGT40/KhoGVo9pYa
LsFJ/CoYGxh2dsa04prV/xG5NeHaQaGuDE5ePn7T5MgnVnts8fY6h8O3NqHwKPeZ
VK/NWCdxXC268SxxjwUlPKJtpkiOGqlFODT9OrK+seAKiHgZZ5ldBGlZZ4kRwFOT
v4FWdVvcW50YzgSnKSAVoqBH3vK2bQa0eO3ZV0VZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUFO1Fn8whcPgRIzv6Z8voxwuBjWEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmZTZmNmNmLTQ3OTYtNDZhNy05YWNjLTAxOTA0YzZhZDJiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/1QDANBgkqhkiG9w0BAQsFAAOCAQEAIeSSq0FVUwwQ3D1R2C+orDsr
B95cjgZJ2WnyO3JSFAiNVzj+bwAdXgFd3a86OZUH0AxY3C8sYr9qdeyytGEc9Unf
N3n20uHpPfuucpZhQaT3+mY6SsFkaos6b/A+b3HEzLDjKUMGJUa9X3G1n3wNC3VM
e0bTtknjyyUUhODxZ+K4iJ7oORxv4O4Ok5GY7f/oPFxDiuTtQYT2IRo/gdvMCxB6
0OiCAZi9g4GvNYbkXecRxnpuRzr4x6Bhqm6V1urfv5NibYScwS+ilKeNxrmtfJIK
R70aVqR/DowVYTsxSbTlzJeDbOeS0u9gBmzyNCk7hgrvTREewDz5SA7Aj7rnjg==
-----END CERTIFICATE-----