Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f54affd9-b3ba-4e9d-8e7a-48d2787e25c9.roa
File:                     f54affd9-b3ba-4e9d-8e7a-48d2787e25c9.roa (raw, json)
Hash identifier:          uYHrl6S0pyxb+NpndhTke18mXbtgXf2m60UCfrMVTLE=
Subject key identifier:   C9:42:DE:76:F9:44:6A:17:9F:7F:9A:A8:83:5A:B2:AE:CF:E4:FF:AE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0497F97F8367D7BB41A1640A1500961CC75F7D6F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f54affd9-b3ba-4e9d-8e7a-48d2787e25c9.roa
Signing time:             Fri 28 Mar 2025 15:10:22 +0000
ROA not before:           Fri 28 Mar 2025 15:10:22 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:e020::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:97:f9:7f:83:67:d7:bb:41:a1:64:0a:15:00:96:1c:c7:5f:7d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:10:22 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:16:d6:e2:bd:b8:3f:6d:20:15:19:6c:05:4a:
                    3d:57:7a:36:ae:9b:e3:7d:bc:7b:e2:c7:42:bc:c3:
                    51:69:61:cd:57:b1:61:b9:77:d7:28:14:e4:27:de:
                    8d:b8:e9:db:3d:84:e1:6b:6d:0a:80:9c:e8:f0:05:
                    d3:bd:7b:90:f8:cf:f3:5c:e2:ce:5a:27:5a:b9:62:
                    8f:a7:5f:c3:fe:23:9f:f9:0b:3b:ee:23:f2:49:40:
                    57:29:dd:e6:cf:3c:82:06:97:a7:91:42:57:b1:6c:
                    3b:c1:2f:2b:1f:02:6c:4e:d1:28:eb:69:5e:f1:56:
                    b7:02:ad:64:a4:dd:15:eb:23:65:d6:4e:db:29:6d:
                    9d:28:7b:b9:d7:e0:70:30:cf:69:db:ce:a4:a5:dd:
                    b2:df:6b:8d:59:cb:6a:a8:33:c2:fa:65:7c:5b:cd:
                    00:22:49:8a:0a:15:72:c3:49:79:b9:d7:54:a0:35:
                    0e:67:cf:f5:ec:20:3f:b5:e0:d5:93:c5:14:6c:0a:
                    28:e7:f3:6a:0b:13:86:77:66:0a:25:f1:07:6d:c0:
                    c7:3c:98:23:fa:d8:4f:f4:c6:c9:cb:f5:d6:46:db:
                    c3:7a:d8:b1:1f:2d:90:82:9d:8c:4b:ee:ab:0f:28:
                    aa:3a:0d:b4:dc:b8:66:ec:b5:88:2c:00:bc:2c:c2:
                    3d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:42:DE:76:F9:44:6A:17:9F:7F:9A:A8:83:5A:B2:AE:CF:E4:FF:AE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f54affd9-b3ba-4e9d-8e7a-48d2787e25c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:e020::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:8e:9e:56:21:31:c5:ea:ec:d5:ac:36:41:f6:c2:fe:c0:f8:
         b4:f0:58:ad:a1:95:a9:2b:ba:74:b1:b7:4b:a8:4b:1a:b4:b4:
         db:68:01:a6:f2:82:d6:99:60:e8:70:78:76:e7:cf:90:d2:87:
         40:02:07:a1:ea:07:59:c4:9b:87:ad:a0:d5:c4:65:60:12:1b:
         0a:e8:21:f1:6a:56:ae:5c:1e:be:66:79:15:e7:17:43:cf:c7:
         73:63:a9:d5:ea:1b:ef:d1:f2:0d:5c:c9:1c:37:8a:17:80:20:
         cd:e0:54:6e:87:95:aa:46:7b:b2:75:ba:7d:24:f3:02:6b:ef:
         9e:9a:e8:d0:ff:37:96:c5:7b:3a:a2:78:6b:44:05:1c:05:a4:
         bd:c4:22:05:96:56:76:3c:b1:aa:55:e1:75:02:7c:ae:bb:e9:
         44:cf:55:0b:9f:6a:3d:5b:20:89:80:b3:57:ef:02:af:a4:5d:
         67:f3:67:56:d0:6e:75:3e:4a:23:87:ac:4b:ae:4b:7c:75:00:
         5a:09:8b:79:f1:9d:b8:6b:14:de:95:70:f5:fc:de:b7:3b:f8:
         04:10:58:e3:9c:6e:3e:d9:f0:3e:14:70:e0:fd:39:07:8a:30:
         1d:79:3f:0e:c7:7c:5a:80:63:e0:03:08:3e:57:76:20:93:2c:
         1a:af:43:ee
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUBJf5f4Nn17tBoWQKFQCWHMdffW8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTUxMDIyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMDQ5MDMzOTZlZmEwMTM1ZTliMTFhZDIzOTI1NDdhMDM4
YjkyYmMxYTE5NjY3NDM0NjAwY2U0ZDg3MTVhMTY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyFtbivbg/bSAVGWwFSj1Xejaum+N9vHvix0K8w1FpYc1X
sWG5d9coFOQn3o246ds9hOFrbQqAnOjwBdO9e5D4z/Nc4s5aJ1q5Yo+nX8P+I5/5
CzvuI/JJQFcp3ebPPIIGl6eRQlexbDvBLysfAmxO0SjraV7xVrcCrWSk3RXrI2XW
TtspbZ0oe7nX4HAwz2nbzqSl3bLfa41Zy2qoM8L6ZXxbzQAiSYoKFXLDSXm511Sg
NQ5nz/XsID+14NWTxRRsCijn82oLE4Z3Zgol8QdtwMc8mCP62E/0xsnL9dZG28N6
2LEfLZCCnYxL7qsPKKo6DbTcuGbstYgsALwswj2FAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUyULedvlEaheff5qog1qyrs/k/64wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y1NGFmZmQ5LWIzYmEtNGU5ZC04ZTdhLTQ4ZDI3ODdlMjVjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8A4CAwDQYJKoZIhvcNAQELBQADggEBABmOnlYhMcXq7NWsNkH2wv7A
+LTwWK2hlakrunSxt0uoSxq0tNtoAabygtaZYOhweHbnz5DSh0ACB6HqB1nEm4et
oNXEZWASGwroIfFqVq5cHr5meRXnF0PPx3NjqdXqG+/R8g1cyRw3iheAIM3gVG6H
lapGe7J1un0k8wJr756a6ND/N5bFezqieGtEBRwFpL3EIgWWVnY8sapV4XUCfK67
6UTPVQufaj1bIImAs1fvAq+kXWfzZ1bQbnU+SiOHrEuuS3x1AFoJi3nxnbhrFN6V
cPX83rc7+AQQWOOcbj7Z8D4UcOD9OQeKMB15Pw7HfFqAY+ADCD5XdiCTLBqvQ+4=
-----END CERTIFICATE-----