Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa
File:                     a86c8ffa-34ab-4a01-8f63-86207fe44159.roa (raw, json)
Hash identifier:          SbF1f3A3i5Z7RYXIP/kK48G5gparoh9sNBG0wXfp1JA=
Subject key identifier:   7B:1C:48:92:06:10:10:6C:38:87:04:F9:DC:26:9A:51:97:89:1C:87
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       662E4389E1A2E50090AE7E8BE388889E58793A71
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa
Signing time:             Sat 22 Mar 2025 00:10:10 +0000
ROA not before:           Sat 22 Mar 2025 00:10:10 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:f40::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:2e:43:89:e1:a2:e5:00:90:ae:7e:8b:e3:88:88:9e:58:79:3a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Mar 22 00:10:10 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:0a:76:08:b7:c6:26:ba:1f:e7:b6:bd:a7:a4:
                    c2:0b:05:5c:cf:7e:8c:d6:24:22:1e:a7:90:c4:99:
                    b0:ab:3e:eb:f8:0e:58:2d:1f:0b:0a:52:ce:c9:2f:
                    d3:13:36:97:f6:c3:f2:d6:fc:f3:12:c6:8f:65:c8:
                    db:e1:be:4a:04:42:2d:4d:61:48:79:f7:e7:8e:ed:
                    46:d6:e8:ea:3c:b2:64:3a:05:0b:74:57:25:9b:e4:
                    de:34:3c:ae:49:d6:be:5e:e4:80:9d:24:2c:81:7f:
                    f7:cf:59:5e:32:4d:eb:53:ae:dc:21:ab:16:ca:7b:
                    3d:c2:ad:7a:80:00:53:d7:ae:37:73:11:c4:c4:b7:
                    30:cc:81:73:c1:c4:c4:5f:26:de:be:eb:1c:1e:10:
                    a2:bc:ee:64:a7:0e:81:c2:24:66:bb:67:10:cc:64:
                    13:7b:b1:65:91:93:80:93:c1:3d:8c:ef:75:80:52:
                    d3:83:e0:40:6a:64:2c:f1:e6:62:de:18:2f:ac:cb:
                    cd:67:f1:67:2d:5c:06:65:57:28:3a:70:a3:cf:5f:
                    ad:be:b1:7b:9d:49:b1:e2:c1:d0:88:98:0d:44:c7:
                    d8:d5:d0:4f:30:23:f5:39:95:19:21:2f:51:d5:65:
                    04:0c:e9:12:73:8a:6a:21:0c:82:c7:60:ab:36:6f:
                    b7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1C:48:92:06:10:10:6C:38:87:04:F9:DC:26:9A:51:97:89:1C:87
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/a86c8ffa-34ab-4a01-8f63-86207fe44159.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40::/39

    Signature Algorithm: sha256WithRSAEncryption
         2a:11:79:32:90:39:eb:a2:be:94:da:b4:73:7e:ba:a0:2e:ab:
         64:99:87:50:a6:0d:f3:5b:d5:bf:22:4b:e6:0d:15:01:d0:6e:
         80:32:0d:8a:fe:72:77:e2:2a:b2:c7:da:7a:61:cf:49:d5:2b:
         62:5b:53:99:f9:5b:94:32:93:c8:69:df:4c:d8:45:d4:91:81:
         3e:6d:a0:85:10:e2:8a:89:51:88:c1:58:0e:ba:ab:96:91:37:
         70:56:a4:a7:a5:b8:05:39:a0:7b:5c:41:55:ba:12:70:d3:f2:
         dc:f6:05:78:14:79:d8:97:68:b4:7d:98:96:d4:c1:30:ea:b2:
         e8:4c:80:67:d1:c3:9b:26:ef:19:d5:2b:3b:de:ee:4a:1e:6a:
         79:14:ed:9c:eb:15:56:72:e4:7e:a9:ea:60:ac:fe:a8:95:d5:
         90:1a:cb:7b:ec:0d:41:39:c9:e3:1e:00:d4:ee:ae:70:fa:4c:
         e5:b2:80:b8:51:ca:89:27:41:b1:2a:5f:73:4e:74:a7:93:e0:
         a8:f1:b1:40:3e:7b:eb:4a:77:d7:e6:e4:51:81:59:a3:13:9d:
         0c:34:4a:1d:af:04:a6:3a:3e:7c:f6:1b:36:85:5b:92:d2:f7:
         b0:69:78:e4:4f:0e:a3:e6:4f:00:bc:be:0a:73:ea:44:ee:96:
         36:04:8c:69
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZi5DieGi5QCQrn6L44iInlh5OnEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUwMzIyMDAxMDEwWhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NWEwM2Y3Y2UxNWNmN2RmZmM2ZmNiMzc2Y2RhM2FkNzZk
OGU1YTVkNTViY2VkNDhiNTU0MmUxYmVhMmU1MWYzMS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD2CnYIt8Ymuh/ntr2npMILBVzPfozWJCIep5DEmbCrPuv4
DlgtHwsKUs7JL9MTNpf2w/LW/PMSxo9lyNvhvkoEQi1NYUh59+eO7UbW6Oo8smQ6
BQt0VyWb5N40PK5J1r5e5ICdJCyBf/fPWV4yTetTrtwhqxbKez3CrXqAAFPXrjdz
EcTEtzDMgXPBxMRfJt6+6xweEKK87mSnDoHCJGa7ZxDMZBN7sWWRk4CTwT2M73WA
UtOD4EBqZCzx5mLeGC+sy81n8WctXAZlVyg6cKPPX62+sXudSbHiwdCImA1Ex9jV
0E8wI/U5lRkhL1HVZQQM6RJzimohDILHYKs2b7c9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUexxIkgYQEGw4hwT53CaaUZeJHIcwHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjL2E4NmM4ZmZhLTM0YWItNGEwMS04ZjYzLTg2MjA3ZmU0NDE1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9AADANBgkqhkiG9w0BAQsFAAOCAQEAKhF5MpA566K+lNq0c366oC6r
ZJmHUKYN81vVvyJL5g0VAdBugDINiv5yd+IqssfaemHPSdUrYltTmflblDKTyGnf
TNhF1JGBPm2ghRDiiolRiMFYDrqrlpE3cFakp6W4BTmge1xBVboScNPy3PYFeBR5
2JdotH2YltTBMOqy6EyAZ9HDmybvGdUrO97uSh5qeRTtnOsVVnLkfqnqYKz+qJXV
kBrLe+wNQTnJ4x4A1O6ucPpM5bKAuFHKiSdBsSpfc050p5PgqPGxQD5760p31+bk
UYFZoxOdDDRKHa8Epjo+fPYbNoVbktL3sGl45E8Oo+ZPALy+CnPqRO6WNgSMaQ==
-----END CERTIFICATE-----