Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa
File:                     65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa (raw, json)
Hash identifier:          E2PkvHo+CbdD3ZHXOXQDM36Wqxj01EopFCW2g/IU28E=
Subject key identifier:   4C:4B:F5:40:2D:87:AF:69:E5:49:1C:0E:77:29:B6:B2:99:7A:49:89
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       21EA839AC99BB9C445918440F659EEAAEBB7AFA1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa
Signing time:             Fri 28 Mar 2025 00:20:25 +0000
ROA not before:           Fri 28 Mar 2025 00:20:25 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ffd:807b::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:ea:83:9a:c9:9b:b9:c4:45:91:84:40:f6:59:ee:aa:eb:b7:af:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:20:25 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cc:ed:e4:a6:a2:25:bb:95:0c:dc:44:e8:98:
                    62:79:4f:73:ed:e6:5f:d6:97:98:1a:47:7b:d9:51:
                    5f:ed:34:73:52:27:58:01:17:86:bb:02:0a:02:15:
                    18:75:63:9d:7b:10:bd:a7:8b:4e:76:4d:e5:9d:a9:
                    ef:98:b5:14:f0:c7:95:c5:1e:45:b7:67:b2:b1:fa:
                    3a:00:0c:f8:91:59:ab:d9:c9:4a:52:30:5e:17:39:
                    cc:ca:63:c1:74:43:0a:44:26:ab:76:33:bd:9e:56:
                    67:a8:34:bc:f6:cc:f4:c8:b9:1e:50:0c:26:0b:0b:
                    73:d2:31:54:0d:e4:94:50:1f:f0:70:4e:89:a8:42:
                    cb:6d:04:79:a5:d2:d8:7b:7c:f6:9c:c2:4b:92:5e:
                    34:43:40:b1:0b:38:20:a4:7b:14:6c:c6:3a:7e:68:
                    71:25:7d:00:4c:18:a8:25:38:b6:5e:29:72:f7:bb:
                    50:d4:7c:19:17:92:91:7a:0b:ac:f1:54:26:9a:98:
                    0e:f0:26:72:da:37:c2:73:be:0c:08:d4:4c:c3:c1:
                    83:26:a5:35:c2:d3:38:d7:c0:c0:03:d2:d6:b2:cb:
                    ca:92:b9:a4:d4:45:28:aa:44:4f:48:57:5b:10:5d:
                    c0:68:fa:d1:25:49:71:f9:27:dd:f8:7f:c4:9f:bb:
                    09:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:4B:F5:40:2D:87:AF:69:E5:49:1C:0E:77:29:B6:B2:99:7A:49:89
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:807b::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:bc:6c:4e:2b:bd:b0:bf:4b:30:47:06:64:5a:77:60:16:46:
         09:bc:a5:9b:37:9a:0a:fd:db:70:9b:fa:84:f5:8f:4d:1a:84:
         6b:42:e0:e2:a6:d6:36:b6:68:92:56:53:47:cf:cf:a8:93:66:
         24:d7:dd:5b:49:a0:9b:b5:02:42:ba:fa:ca:48:81:54:63:af:
         4d:b9:6e:d8:89:d2:73:07:41:d9:ea:74:6d:ff:2f:ad:a7:6d:
         42:7a:55:b2:f4:bf:1b:1c:c2:ed:07:d1:71:8e:8b:ad:6c:c6:
         54:7e:c2:a9:e9:82:47:75:c5:6d:48:70:d3:c6:77:1d:9f:8a:
         85:b3:1c:da:68:08:1c:44:43:71:f7:b9:77:18:35:f9:71:b0:
         ea:07:5b:61:bc:f6:9f:e6:75:44:84:3a:62:7f:74:28:a4:62:
         65:50:bc:05:38:57:1b:e5:ed:a2:8d:63:f2:cd:20:cc:b7:af:
         21:53:ae:04:62:95:e2:33:28:52:94:04:7c:14:12:c8:bb:de:
         de:8d:ee:bb:a3:3b:4c:d4:33:d5:61:38:dc:5d:74:97:43:cf:
         9c:a9:fa:b7:5f:d2:1d:72:74:3b:c7:ed:05:11:61:f1:a9:58:
         72:56:9d:5c:76:fa:26:59:cf:a1:13:52:51:29:55:10:36:bc:
         6f:ab:d8:9d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUIeqDmsmbucRFkYRA9lnuquu3r6EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAyMDI1WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMmEyNDNhYjk5MmNmNDExYjYxMTYzMTRlMGY4ZGQ0ODZm
YThmNmI5MTc0NjE2OWJiZWRlODllZTMyNzhiMDIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtzO3kpqIlu5UM3ETomGJ5T3Pt5l/Wl5gaR3vZUV/tNHNS
J1gBF4a7AgoCFRh1Y517EL2ni052TeWdqe+YtRTwx5XFHkW3Z7Kx+joADPiRWavZ
yUpSMF4XOczKY8F0QwpEJqt2M72eVmeoNLz2zPTIuR5QDCYLC3PSMVQN5JRQH/Bw
TomoQsttBHml0th7fPacwkuSXjRDQLELOCCkexRsxjp+aHElfQBMGKglOLZeKXL3
u1DUfBkXkpF6C6zxVCaamA7wJnLaN8JzvgwI1EzDwYMmpTXC0zjXwMAD0tayy8qS
uaTURSiqRE9IV1sQXcBo+tElSXH5J934f8Sfuwl3AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUTEv1QC2Hr2nlSRwOdym2spl6SYkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1YzdlNDM2LTUwYTAtNGM0NS1hNmQyLWE4OTljOGY1ZTc5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gHswDQYJKoZIhvcNAQELBQADggEBAAy8bE4rvbC/SzBHBmRad2AW
Rgm8pZs3mgr923Cb+oT1j00ahGtC4OKm1ja2aJJWU0fPz6iTZiTX3VtJoJu1AkK6
+spIgVRjr025btiJ0nMHQdnqdG3/L62nbUJ6VbL0vxscwu0H0XGOi61sxlR+wqnp
gkd1xW1IcNPGdx2fioWzHNpoCBxEQ3H3uXcYNflxsOoHW2G89p/mdUSEOmJ/dCik
YmVQvAU4Vxvl7aKNY/LNIMy3ryFTrgRileIzKFKUBHwUEsi73t6N7rujO0zUM9Vh
ONxddJdDz5yp+rdf0h1ydDvH7QURYfGpWHJWnVx2+iZZz6ETUlEpVRA2vG+r2J0=
-----END CERTIFICATE-----