Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/108d085e-526f-4fe5-98e5-3f2d0043cc64.roa
File:                     108d085e-526f-4fe5-98e5-3f2d0043cc64.roa (raw, json)
Hash identifier:          0G7uYhnprmNC39aemcD5hN0ssw7ay3/QMIjFO/cAawY=
Subject key identifier:   7C:D7:E4:95:21:4D:44:69:08:25:47:E3:E1:D5:E8:DF:74:EE:05:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3987EDD0BA3ACF2C29F5C852CB18CEA520CD6637
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/108d085e-526f-4fe5-98e5-3f2d0043cc64.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ffb:8080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:87:ed:d0:ba:3a:cf:2c:29:f5:c8:52:cb:18:ce:a5:20:cd:66:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=82b0e7baf27e5f540b373359b56b45022de83c3e06d6eebe4eacc669ec2e158d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:95:2f:33:b0:e5:e2:63:26:7f:48:46:30:6f:
                    f4:8f:13:6d:70:de:88:59:5b:20:a0:97:49:ae:ba:
                    78:97:fd:44:0d:0c:e8:97:69:af:b4:b9:86:50:c4:
                    3a:9c:ff:2d:8d:b9:84:bd:02:b9:ac:8d:a4:33:34:
                    03:d8:ba:76:d8:79:87:5d:53:6d:5b:79:33:52:e1:
                    6d:0b:76:cd:3a:b6:4e:50:31:02:36:a3:6d:26:5f:
                    98:10:31:d9:af:88:1a:9a:61:47:8d:fa:15:8d:f1:
                    9f:0c:c5:95:fc:c8:f4:9d:98:66:8e:85:6f:74:5e:
                    8b:fa:13:6c:34:90:23:61:f4:00:ad:7d:3f:cc:d5:
                    60:8b:58:2d:ae:05:bf:64:74:3f:4e:49:50:43:de:
                    86:ec:37:87:00:84:48:27:1c:dd:52:0c:9f:f0:03:
                    e1:22:dd:b2:b5:64:4a:80:82:13:1c:46:56:0f:ef:
                    ee:6f:ad:da:cd:2d:05:e8:a8:6b:9b:af:1f:20:f9:
                    f6:aa:d2:1b:e4:76:86:49:cf:66:66:e4:b2:cb:8c:
                    d0:23:1d:08:e3:d1:eb:00:99:5b:d7:e6:be:eb:b1:
                    13:45:1f:6a:65:51:fe:3a:a6:28:8a:6a:8f:08:cb:
                    1d:a7:f8:67:21:fb:34:07:a0:9b:e7:50:4a:82:91:
                    01:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D7:E4:95:21:4D:44:69:08:25:47:E3:E1:D5:E8:DF:74:EE:05:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/108d085e-526f-4fe5-98e5-3f2d0043cc64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:8080::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:dc:29:1c:34:fb:2c:73:02:ca:df:73:c0:ab:a4:3d:68:d7:
         fb:a9:90:be:3d:5a:63:c9:45:8c:ed:a2:60:8c:9b:ae:3e:d2:
         3f:bf:59:94:32:45:f4:43:8e:63:dc:d7:24:27:6a:40:9a:d9:
         aa:1d:d1:24:f0:de:fc:45:2c:a3:59:08:c7:d7:6a:77:c2:7a:
         87:ce:73:c9:b2:c6:1d:10:76:ba:ec:ec:70:4a:f6:e1:e2:be:
         a3:10:9f:71:c9:6e:db:e7:61:ec:1c:71:a9:53:68:c2:67:e4:
         1d:c9:66:95:05:01:7e:42:d5:58:af:8e:9e:7d:72:80:fa:9b:
         1c:14:4f:17:9b:2b:44:2d:22:ec:94:d8:57:f8:3a:85:3d:08:
         1a:99:72:5c:06:80:9f:11:e9:18:d4:db:1f:cd:df:59:4a:7b:
         4c:1d:4d:63:90:94:2d:fd:86:77:bf:b6:8d:8f:ea:c5:99:e6:
         7a:81:4d:a6:10:e4:bf:87:c0:bb:90:d5:c1:87:d0:d7:17:97:
         c8:d2:94:53:bc:d1:76:20:99:63:40:a1:db:3b:17:aa:54:da:
         d8:6a:c7:78:b6:ef:c6:26:1a:57:d9:de:f7:15:f5:e1:d5:48:
         80:a6:dd:af:b3:4c:e6:09:26:1f:b9:96:0d:e2:73:2d:b6:29:
         7f:4d:3b:f1
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUOYft0Lo6zywp9chSyxjOpSDNZjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MmIwZTdiYWYyN2U1ZjU0MGIzNzMzNTliNTZiNDUwMjJk
ZTgzYzNlMDZkNmVlYmU0ZWFjYzY2OWVjMmUxNThkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwlS8zsOXiYyZ/SEYwb/SPE21w3ohZWyCgl0muuniX/UQN
DOiXaa+0uYZQxDqc/y2NuYS9ArmsjaQzNAPYunbYeYddU21beTNS4W0Lds06tk5Q
MQI2o20mX5gQMdmviBqaYUeN+hWN8Z8MxZX8yPSdmGaOhW90Xov6E2w0kCNh9ACt
fT/M1WCLWC2uBb9kdD9OSVBD3obsN4cAhEgnHN1SDJ/wA+Ei3bK1ZEqAghMcRlYP
7+5vrdrNLQXoqGubrx8g+faq0hvkdoZJz2Zm5LLLjNAjHQjj0esAmVvX5r7rsRNF
H2plUf46piiKao8Iyx2n+Gch+zQHoJvnUEqCkQGRAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUfNfklSFNRGkIJUfj4dXo33TuBacwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwOGQwODVlLTUyNmYtNGZlNS05OGU1LTNmMmQwMDQzY2M2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/7gIAwDQYJKoZIhvcNAQELBQADggEBAIjcKRw0+yxzAsrfc8CrpD1o
1/upkL49WmPJRYztomCMm64+0j+/WZQyRfRDjmPc1yQnakCa2aod0STw3vxFLKNZ
CMfXanfCeofOc8myxh0Qdrrs7HBK9uHivqMQn3HJbtvnYewccalTaMJn5B3JZpUF
AX5C1Vivjp59coD6mxwUTxebK0QtIuyU2Ff4OoU9CBqZclwGgJ8R6RjU2x/N31lK
e0wdTWOQlC39hne/to2P6sWZ5nqBTaYQ5L+HwLuQ1cGH0NcXl8jSlFO80XYgmWNA
ods7F6pU2thqx3i278YmGlfZ3vcV9eHVSICm3a+zTOYJJh+5lg3icy22KX9NO/E=
-----END CERTIFICATE-----