Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa784511-9eda-424b-996e-5ad4556ee606.roa
File:                     fa784511-9eda-424b-996e-5ad4556ee606.roa (raw, json)
Hash identifier:          zbhcpeuBpeqwUpReDKXVhNnN1lDhJ7744v8tE5WVvSI=
Subject key identifier:   DD:57:F9:E8:17:17:96:A3:4B:61:E9:3D:3A:F5:E6:50:60:98:57:2C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5D1B97B5C8371FF0BEFB45F72F0C5A6F87DCBC23
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa784511-9eda-424b-996e-5ad4556ee606.roa
Signing time:             Fri 28 Mar 2025 16:51:17 +0000
ROA not before:           Fri 28 Mar 2025 16:51:17 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1e:4800::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:1b:97:b5:c8:37:1f:f0:be:fb:45:f7:2f:0c:5a:6f:87:dc:bc:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:51:17 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:8c:35:99:76:5d:21:d8:af:db:72:42:bc:e9:
                    b1:50:29:f3:e6:c5:07:4c:43:0b:99:e9:9a:81:41:
                    ca:6c:6d:97:f9:c0:c2:54:26:d2:d8:33:ac:34:c7:
                    d6:d6:98:04:2d:30:8b:50:26:93:e1:2d:6a:0c:f5:
                    8f:37:88:57:20:44:e5:e7:f6:4b:58:e6:a6:24:13:
                    30:b2:b0:57:a4:fd:65:52:b5:a5:0d:f3:40:ef:0b:
                    93:33:b3:b5:79:93:12:09:ab:38:e3:84:17:5a:4d:
                    0b:c5:07:34:0f:0d:0a:61:4e:56:d2:8e:27:2a:32:
                    3e:45:3a:cf:bb:a5:e5:40:d0:d9:ed:d9:e6:28:ec:
                    2b:89:ec:5e:0e:de:82:2c:04:8c:43:a2:44:20:2a:
                    01:a9:a4:1e:c2:34:fe:19:34:35:d5:5f:4b:80:74:
                    98:b0:c2:ff:62:d4:87:0a:65:80:6f:1d:29:5f:46:
                    14:1b:9b:fc:f2:82:c9:e1:92:3e:86:3d:68:2e:ee:
                    80:9f:72:b6:40:41:fb:b9:49:4e:82:35:66:bf:90:
                    e2:c5:60:ac:08:93:f3:49:ab:28:fb:fe:aa:f7:18:
                    54:b8:f6:5f:9d:dd:7e:b0:f4:89:82:d6:1a:fa:d9:
                    45:62:d7:d2:f1:5b:15:96:e4:14:c6:1b:07:3e:6e:
                    00:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:57:F9:E8:17:17:96:A3:4B:61:E9:3D:3A:F5:E6:50:60:98:57:2C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa784511-9eda-424b-996e-5ad4556ee606.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1e:4800::/37

    Signature Algorithm: sha256WithRSAEncryption
         4e:53:53:43:86:bb:90:57:0a:ae:73:7a:7f:65:66:94:e1:e1:
         6d:6a:18:f0:70:df:5f:04:78:2c:d0:a5:0a:49:62:54:26:d9:
         0d:de:ef:55:c3:3c:b4:0d:0f:35:0d:7a:a5:00:7f:21:f2:e1:
         86:b5:97:d0:5b:0c:60:37:63:f5:56:30:e7:1e:3b:2d:5a:33:
         c5:89:02:b4:42:16:5b:0c:81:25:23:b3:bb:f6:ca:40:90:a2:
         ac:4d:06:c2:02:41:f9:40:6a:71:d9:f1:97:7f:8b:51:0d:85:
         8a:b0:af:e5:b5:d3:f6:f1:2b:a1:28:a9:25:36:80:51:af:fe:
         07:fe:f4:bd:43:ac:62:9d:83:b6:bf:c6:51:50:54:9e:a9:08:
         b5:9d:70:33:a3:fc:d3:e5:f3:35:77:51:c1:ec:bd:67:51:ce:
         b6:70:73:38:2e:d5:54:51:ed:f9:ca:e8:0d:00:04:7f:e2:1c:
         33:48:10:41:14:e9:23:d6:9a:cf:0f:eb:36:e7:eb:a9:b8:f1:
         09:d7:40:24:8b:86:66:85:d2:c7:35:15:dd:f1:03:e2:5f:8d:
         eb:5f:41:19:d4:12:e9:4e:93:89:0e:ac:24:67:e8:dc:d6:15:
         72:b9:ff:7d:8a:bb:62:79:03:25:fd:a2:73:2a:80:e4:3f:67:
         ae:2a:ee:9c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUXRuXtcg3H/C++0X3Lwxab4fcvCMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTY1MTE3WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MzRiMDAzODlmZTIwNjUwNDEyNGE1MmZiYWE1NGVkYWFh
ZjU3NzQ2MDdhOGM5YjAwZjZkYzg4YjU3ODYxNmU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDljDWZdl0h2K/bckK86bFQKfPmxQdMQwuZ6ZqBQcpsbZf5
wMJUJtLYM6w0x9bWmAQtMItQJpPhLWoM9Y83iFcgROXn9ktY5qYkEzCysFek/WVS
taUN80DvC5Mzs7V5kxIJqzjjhBdaTQvFBzQPDQphTlbSjicqMj5FOs+7peVA0Nnt
2eYo7CuJ7F4O3oIsBIxDokQgKgGppB7CNP4ZNDXVX0uAdJiwwv9i1IcKZYBvHSlf
RhQbm/zygsnhkj6GPWgu7oCfcrZAQfu5SU6CNWa/kOLFYKwIk/NJqyj7/qr3GFS4
9l+d3X6w9ImC1hr62UVi19LxWxWW5BTGGwc+bgAHAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU3Vf56BcXlqNLYek9OvXmUGCYVywwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZhNzg0NTExLTllZGEtNDI0Yi05OTZlLTVhZDQ1NTZlZTYwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8eSDANBgkqhkiG9w0BAQsFAAOCAQEATlNTQ4a7kFcKrnN6f2VmlOHh
bWoY8HDfXwR4LNClCkliVCbZDd7vVcM8tA0PNQ16pQB/IfLhhrWX0FsMYDdj9VYw
5x47LVozxYkCtEIWWwyBJSOzu/bKQJCirE0GwgJB+UBqcdnxl3+LUQ2FirCv5bXT
9vEroSipJTaAUa/+B/70vUOsYp2Dtr/GUVBUnqkItZ1wM6P80+XzNXdRwey9Z1HO
tnBzOC7VVFHt+croDQAEf+IcM0gQQRTpI9aazw/rNufrqbjxCddAJIuGZoXSxzUV
3fED4l+N619BGdQS6U6TiQ6sJGfo3NYVcrn/fYq7YnkDJf2icyqA5D9nrirunA==
-----END CERTIFICATE-----