Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0e339ba4-36b5-44fd-a893-6219bedac76d.roa
File:                     0e339ba4-36b5-44fd-a893-6219bedac76d.roa (raw, json)
Hash identifier:          anVcmQFZUBA+aBvFgn9752ZZ7fHyFsziS4D1bN86OX0=
Subject key identifier:   66:FE:C3:78:89:66:55:0D:E0:29:79:6C:F2:3B:3B:04:65:ED:69:06
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A68C22A4EF36F5E36E22B7990FB44CD7C63339B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0e339ba4-36b5-44fd-a893-6219bedac76d.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:74c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:68:c2:2a:4e:f3:6f:5e:36:e2:2b:79:90:fb:44:cd:7c:63:33:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=22b96f72fd3e50a5591d62a32150202e26593e1c206d1c68a9d839311303ed38, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:12:ed:46:49:26:b5:b1:cc:30:93:a7:00:7d:
                    5e:a4:ca:22:46:6f:cd:65:d5:3d:5a:b6:d3:2b:09:
                    0e:69:bb:cf:14:3c:2b:ce:60:62:d4:bc:e3:b0:8c:
                    3d:60:33:a9:ab:33:75:f3:29:40:83:3e:ae:09:f9:
                    a5:b4:3c:19:a5:15:b0:b9:d3:0c:0d:36:5b:71:83:
                    29:98:77:46:20:26:46:95:a5:d2:5b:4b:08:0d:93:
                    d4:65:fc:9b:c2:b7:bf:b3:b1:de:1f:a8:00:4a:ad:
                    59:c3:17:35:56:6e:12:cf:b5:2a:7c:15:74:9e:5e:
                    48:05:b0:0e:e8:32:fc:f7:25:15:99:09:91:9e:d2:
                    ce:ae:3c:8c:ff:a0:1d:00:23:55:ea:81:68:6b:0c:
                    e3:69:26:e7:96:7b:09:09:5f:d8:96:a4:01:09:82:
                    42:9e:67:a4:51:8f:83:50:cd:6e:65:00:fa:5a:12:
                    9f:6a:3e:42:05:2b:a3:40:58:0c:4d:ad:b4:22:50:
                    f8:6d:29:79:e9:3e:2f:fc:ae:75:63:f3:51:42:9f:
                    c2:48:ea:86:92:f8:59:95:b0:92:45:42:45:a6:d4:
                    ad:57:52:ff:5d:82:7c:a3:4d:9b:d0:09:c2:b3:80:
                    b6:c4:3c:fc:b9:74:ba:16:ef:b2:5c:c9:cb:f9:3d:
                    60:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FE:C3:78:89:66:55:0D:E0:29:79:6C:F2:3B:3B:04:65:ED:69:06
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0e339ba4-36b5-44fd-a893-6219bedac76d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:74c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:91:9b:82:09:6a:4a:51:51:3a:eb:7b:51:4f:db:8d:30:89:
         7d:bb:2b:8c:56:f3:fc:f0:01:4f:57:ee:28:d7:b1:f8:81:11:
         90:95:fe:6a:ad:8b:e1:12:c6:dc:53:1b:95:f2:89:d7:f4:73:
         41:ce:18:98:d8:58:a3:89:05:7c:2e:f3:3e:16:fa:3f:32:60:
         03:e5:04:f9:ca:4e:f7:39:0e:08:25:3d:a1:cd:36:d4:7f:c9:
         49:51:e7:e3:ea:63:30:21:29:e7:55:21:45:e6:da:87:a3:88:
         3b:0d:9a:42:96:82:9a:5c:89:17:32:69:da:cb:71:be:bb:00:
         65:f2:b9:91:a9:78:cb:ca:ef:4f:08:eb:9a:df:ef:a1:d3:79:
         c8:3c:fb:0b:29:0a:9b:37:08:55:13:46:d2:6e:1c:36:7e:10:
         1b:13:7f:94:2f:f1:c4:17:23:3a:0c:f5:b6:b3:f5:9d:38:20:
         ca:b7:e2:d5:45:2a:fb:de:01:32:09:d2:8d:d6:bc:f0:a4:05:
         18:6f:67:47:89:82:ec:97:8b:76:81:b9:5b:33:01:de:de:30:
         80:e5:5d:1a:4d:0d:3c:3b:77:ce:51:b3:c8:bf:da:47:56:82:
         88:85:a0:21:2b:07:bf:ef:ab:a6:6e:af:22:af:f0:e6:d0:8a:
         00:1b:68:18
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUSmjCKk7zb1424it5kPtEzXxjM5swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMmI5NmY3MmZkM2U1MGE1NTkxZDYyYTMyMTUwMjAyZTI2
NTkzZTFjMjA2ZDFjNjhhOWQ4MzkzMTEzMDNlZDM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9Eu1GSSa1scwwk6cAfV6kyiJGb81l1T1attMrCQ5pu88U
PCvOYGLUvOOwjD1gM6mrM3XzKUCDPq4J+aW0PBmlFbC50wwNNltxgymYd0YgJkaV
pdJbSwgNk9Rl/JvCt7+zsd4fqABKrVnDFzVWbhLPtSp8FXSeXkgFsA7oMvz3JRWZ
CZGe0s6uPIz/oB0AI1XqgWhrDONpJueWewkJX9iWpAEJgkKeZ6RRj4NQzW5lAPpa
Ep9qPkIFK6NAWAxNrbQiUPhtKXnpPi/8rnVj81FCn8JI6oaS+FmVsJJFQkWm1K1X
Uv9dgnyjTZvQCcKzgLbEPPy5dLoW77Jcycv5PWCNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUZv7DeIlmVQ3gKXls8js7BGXtaQYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBlMzM5YmE0LTM2YjUtNDRmZC1hODkzLTYyMTliZWRhYzc2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84dMAwDQYJKoZIhvcNAQELBQADggEBADORm4IJakpRUTrre1FP240w
iX27K4xW8/zwAU9X7ijXsfiBEZCV/mqti+ESxtxTG5Xyidf0c0HOGJjYWKOJBXwu
8z4W+j8yYAPlBPnKTvc5DgglPaHNNtR/yUlR5+PqYzAhKedVIUXm2oejiDsNmkKW
gppciRcyadrLcb67AGXyuZGpeMvK708I65rf76HTecg8+wspCps3CFUTRtJuHDZ+
EBsTf5Qv8cQXIzoM9baz9Z04IMq34tVFKvveATIJ0o3WvPCkBRhvZ0eJguyXi3aB
uVszAd7eMIDlXRpNDTw7d85Rs8i/2kdWgoiFoCErB7/vq6ZuryKv8ObQigAbaBg=
-----END CERTIFICATE-----