Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9be70d8-4469-4777-9d26-b4cb918733a8.roa
File:                     f9be70d8-4469-4777-9d26-b4cb918733a8.roa (raw, json)
Hash identifier:          r1HO8PTzKzW2xHrhaoCm7TxuBrWQtRBBTABczcIL74o=
Subject key identifier:   22:1C:04:61:1D:0D:A8:D8:99:81:EB:5C:32:A3:71:BC:99:6A:BC:89
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6FE8167B0DD5392DC34888863F9E6C048E206DFE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9be70d8-4469-4777-9d26-b4cb918733a8.roa
Signing time:             Fri 28 Mar 2025 15:40:31 +0000
ROA not before:           Fri 28 Mar 2025 15:40:31 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffb:8080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:e8:16:7b:0d:d5:39:2d:c3:48:88:86:3f:9e:6c:04:8e:20:6d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:40:31 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:bd:68:dd:50:3a:dd:58:05:b7:ea:90:c7:ab:
                    99:b2:37:ef:bc:d0:d6:7b:c7:88:85:16:29:4f:6d:
                    a9:fd:f8:7b:06:11:61:8f:1b:be:9c:24:81:fb:bd:
                    a1:6e:3f:6c:71:9f:a5:f5:d8:62:13:42:6c:45:5f:
                    ac:48:26:82:54:16:6c:30:ce:fd:c8:af:c6:0c:5a:
                    2e:30:31:86:af:8b:43:f1:58:1b:22:0e:3b:ce:76:
                    4d:f1:d1:9a:fa:bb:1b:2a:54:df:c0:5b:c5:9b:40:
                    2a:94:89:eb:91:59:b8:b5:c2:0b:fd:c1:a8:1f:f7:
                    df:d6:ca:a7:20:c2:0a:db:71:48:28:af:b1:29:bc:
                    58:41:7f:24:27:69:e0:1b:a5:a7:7a:e8:be:9c:9f:
                    86:64:af:c7:7f:b1:62:4e:2e:d5:54:fe:d4:2c:c0:
                    8e:6e:38:72:8d:0b:2e:12:b8:db:96:27:e4:70:21:
                    ff:08:34:40:21:3c:fd:3a:ca:42:4e:8c:7a:d9:0e:
                    f9:2a:6f:bf:63:54:69:3b:94:ed:26:60:39:4a:6f:
                    b0:de:ce:ef:15:fd:df:ce:47:57:8c:d9:3e:a2:ff:
                    b0:19:a7:ce:21:e1:71:ea:9e:74:6d:79:33:d5:32:
                    68:63:e1:d2:e2:fc:14:18:ea:4c:dc:cb:cd:71:8c:
                    b5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:1C:04:61:1D:0D:A8:D8:99:81:EB:5C:32:A3:71:BC:99:6A:BC:89
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9be70d8-4469-4777-9d26-b4cb918733a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:8080::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:a7:5e:92:e7:6d:c7:90:a8:fc:8a:d0:96:a6:ec:55:cd:35:
         bc:b0:fe:bb:f6:35:bd:8c:8f:67:64:e6:40:5a:e5:c7:5b:d0:
         96:d4:bf:48:0b:3c:f7:18:fb:5d:b5:a5:78:a8:ba:62:5e:6c:
         e3:95:b3:0b:e6:56:09:b5:57:e9:17:cd:82:47:9e:b2:e6:20:
         3c:c8:4e:80:5d:ae:f2:c4:be:86:63:75:64:2b:5e:48:aa:74:
         2f:08:44:2f:7a:a2:79:e3:1c:22:7b:04:19:6b:bd:9c:b1:49:
         f0:5f:cf:91:96:e2:89:c5:f1:cd:5e:e6:4d:dd:63:59:85:ae:
         f4:0f:33:44:f8:27:d3:3c:ef:02:75:10:e3:89:d8:78:6e:f9:
         97:fc:39:f8:9a:57:10:dc:d4:6c:40:22:40:65:95:5c:bf:8f:
         3a:f6:87:33:8c:6a:3d:76:18:3d:f7:6c:ae:8f:2d:98:58:e6:
         68:80:34:7d:64:f8:1c:90:a2:73:f8:a6:c5:4c:85:44:39:f2:
         a9:eb:a8:98:8c:c7:dc:7b:7b:5f:53:68:35:f0:84:d6:cf:ee:
         fd:9b:c5:cc:c3:a0:6a:43:16:a0:34:b5:10:fe:78:a0:5b:23:
         41:8a:08:16:0f:61:d0:8a:51:d4:d5:7b:42:59:54:e2:dd:be:
         cd:ec:7d:16
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUb+gWew3VOS3DSIiGP55sBI4gbf4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTU0MDMxWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTE1M2Q4NDFlMjg5YWE0MDY2NTFmN2JhN2JhZmY1YjZh
MDBlYTI5YzVhMzc3MDgxOTg4NmU0ZWEzNmE3ODZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdvWjdUDrdWAW36pDHq5myN++80NZ7x4iFFilPban9+HsG
EWGPG76cJIH7vaFuP2xxn6X12GITQmxFX6xIJoJUFmwwzv3Ir8YMWi4wMYavi0Px
WBsiDjvOdk3x0Zr6uxsqVN/AW8WbQCqUieuRWbi1wgv9wagf99/WyqcgwgrbcUgo
r7EpvFhBfyQnaeAbpad66L6cn4Zkr8d/sWJOLtVU/tQswI5uOHKNCy4SuNuWJ+Rw
If8INEAhPP06ykJOjHrZDvkqb79jVGk7lO0mYDlKb7Dezu8V/d/OR1eM2T6i/7AZ
p84h4XHqnnRteTPVMmhj4dLi/BQY6kzcy81xjLW1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUIhwEYR0NqNiZgetcMqNxvJlqvIkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5YmU3MGQ4LTQ0NjktNDc3Ny05ZDI2LWI0Y2I5MTg3MzNhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/7gIAwDQYJKoZIhvcNAQELBQADggEBAAKnXpLnbceQqPyK0Jam7FXN
Nbyw/rv2Nb2Mj2dk5kBa5cdb0JbUv0gLPPcY+121pXioumJebOOVswvmVgm1V+kX
zYJHnrLmIDzIToBdrvLEvoZjdWQrXkiqdC8IRC96onnjHCJ7BBlrvZyxSfBfz5GW
4onF8c1e5k3dY1mFrvQPM0T4J9M87wJ1EOOJ2Hhu+Zf8OfiaVxDc1GxAIkBllVy/
jzr2hzOMaj12GD33bK6PLZhY5miANH1k+ByQonP4psVMhUQ58qnrqJiMx9x7e19T
aDXwhNbP7v2bxczDoGpDFqA0tRD+eKBbI0GKCBYPYdCKUdTVe0JZVOLdvs3sfRY=
-----END CERTIFICATE-----