Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f20bab7e-fc32-4216-849f-15b0e008974a.roa
File:                     f20bab7e-fc32-4216-849f-15b0e008974a.roa (raw, json)
Hash identifier:          n4B2UYqEzKND2fGRdeMeM1ZdcUEK+11mudxLkG2D+Lc=
Subject key identifier:   6E:FC:F4:CC:C7:1C:A5:25:3A:6D:22:7F:D9:F2:63:13:E9:F1:A4:56
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       471EE616AAA730FE73FB3EF5068ECABC59F78121
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f20bab7e-fc32-4216-849f-15b0e008974a.roa
Signing time:             Fri 28 Mar 2025 16:40:18 +0000
ROA not before:           Fri 28 Mar 2025 16:40:18 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fee:8000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:1e:e6:16:aa:a7:30:fe:73:fb:3e:f5:06:8e:ca:bc:59:f7:81:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:40:18 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:bf:40:d1:a9:a7:dc:ba:a1:7d:51:2a:ec:f0:
                    3e:68:4e:d4:8f:08:69:e6:d0:75:45:f3:5e:64:f1:
                    68:37:ab:9b:a6:3b:e1:c3:ff:f8:f4:c0:ef:b4:91:
                    42:d1:67:72:bc:f6:c7:4e:93:c5:6d:a8:21:08:b8:
                    b9:be:69:b0:d6:8d:77:d7:6b:bb:cc:8f:3d:77:b1:
                    3b:f2:e6:9a:5f:e2:52:32:1b:b0:cb:3c:5b:c3:9a:
                    23:45:50:3b:df:56:85:1e:8a:a7:23:70:68:51:09:
                    79:cc:84:be:9b:14:de:3d:bc:ff:95:49:42:56:94:
                    af:51:59:84:e1:3a:2c:0b:44:6a:4f:83:d4:11:d9:
                    66:4d:1a:32:74:8d:03:be:08:d7:84:d0:91:a2:5d:
                    96:14:85:c5:15:33:4e:91:88:4f:b9:50:4a:09:c2:
                    88:da:92:85:43:6b:14:91:d9:41:6f:d1:0d:65:35:
                    c8:fb:fc:c4:5a:32:2c:c9:f3:c7:5b:c6:fb:9d:7f:
                    cf:11:45:da:7a:c4:24:e1:5a:8f:a2:1a:94:4b:00:
                    56:34:87:50:57:a4:e5:37:17:28:26:98:b3:f7:3e:
                    38:d9:47:86:8e:a8:a7:dd:6e:a1:2a:6f:6a:06:d1:
                    e1:0b:98:bb:e8:14:ca:0b:03:eb:76:a0:a0:bb:18:
                    59:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:FC:F4:CC:C7:1C:A5:25:3A:6D:22:7F:D9:F2:63:13:E9:F1:A4:56
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f20bab7e-fc32-4216-849f-15b0e008974a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fee:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         d8:d7:5d:6a:f0:8f:3b:bd:e6:57:f7:d9:68:b7:4c:1c:6a:e5:
         fb:65:00:34:f9:44:df:25:66:e0:6b:80:1d:ef:b9:40:b6:52:
         f0:37:f4:f3:5e:e1:cf:b7:e1:ab:ee:27:4f:ac:d3:9a:88:8c:
         d1:61:67:bc:8e:0c:c5:cd:b7:ab:c7:2a:a7:bb:05:c5:6e:ba:
         81:b6:ae:8f:93:10:c5:55:fc:75:3c:13:95:9a:54:64:20:13:
         98:83:eb:8b:df:bd:a6:97:8e:f9:96:23:49:a7:99:51:85:ab:
         56:ba:89:de:b7:c6:79:5e:cb:4e:69:82:15:3c:99:1c:36:2f:
         d5:35:c5:bb:8c:ff:6f:ce:b9:62:3c:94:4b:e9:7b:0d:3a:79:
         58:47:4b:40:1d:12:ad:7b:db:9d:6a:7a:1c:6f:a6:9b:b2:7a:
         75:45:3a:58:02:1f:e1:25:18:92:40:d5:0c:40:fc:6e:04:8b:
         43:bf:b2:28:d4:ea:78:b1:54:4f:a2:2f:9e:94:de:a2:44:2f:
         16:e2:94:69:d7:43:7a:02:0d:94:f7:0a:49:2a:1d:c0:15:8e:
         19:fa:e1:79:f0:5c:19:b8:15:a5:93:4b:33:46:5c:ff:a7:3a:
         b0:c1:88:a6:32:e6:7b:d8:20:91:cb:1c:38:b6:9d:71:df:26:
         f0:56:f3:f3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIURx7mFqqnMP5z+z71Bo7KvFn3gSEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTY0MDE4WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxODgyNGFjNzViNzUwZTZkMWJhYzg4Yjk3MTczNDQ0ZmNm
Mjk3ZDE5MzdiNjY2ZjZjOGVmZGMyNmI2OTcxOTE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPv0DRqafcuqF9USrs8D5oTtSPCGnm0HVF815k8Wg3q5um
O+HD//j0wO+0kULRZ3K89sdOk8VtqCEIuLm+abDWjXfXa7vMjz13sTvy5ppf4lIy
G7DLPFvDmiNFUDvfVoUeiqcjcGhRCXnMhL6bFN49vP+VSUJWlK9RWYThOiwLRGpP
g9QR2WZNGjJ0jQO+CNeE0JGiXZYUhcUVM06RiE+5UEoJwojakoVDaxSR2UFv0Q1l
Ncj7/MRaMizJ88dbxvudf88RRdp6xCThWo+iGpRLAFY0h1BXpOU3FygmmLP3PjjZ
R4aOqKfdbqEqb2oG0eELmLvoFMoLA+t2oKC7GFlfAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUbvz0zMccpSU6bSJ/2fJjE+nxpFYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyMGJhYjdlLWZjMzItNDIxNi04NDlmLTE1YjBlMDA4OTc0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/ugDANBgkqhkiG9w0BAQsFAAOCAQEA2NddavCPO73mV/fZaLdMHGrl
+2UANPlE3yVm4GuAHe+5QLZS8Df0817hz7fhq+4nT6zTmoiM0WFnvI4Mxc23q8cq
p7sFxW66gbauj5MQxVX8dTwTlZpUZCATmIPri9+9ppeO+ZYjSaeZUYWrVrqJ3rfG
eV7LTmmCFTyZHDYv1TXFu4z/b865YjyUS+l7DTp5WEdLQB0SrXvbnWp6HG+mm7J6
dUU6WAIf4SUYkkDVDED8bgSLQ7+yKNTqeLFUT6IvnpTeokQvFuKUaddDegINlPcK
SSodwBWOGfrhefBcGbgVpZNLM0Zc/6c6sMGIpjLme9ggkcscOLadcd8m8Fbz8w==
-----END CERTIFICATE-----