Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/15aa6352-348a-401d-8e39-36d727c951f2.roa
File:                     15aa6352-348a-401d-8e39-36d727c951f2.roa (raw, json)
Hash identifier:          bjLeofQHPrvFe5mQyWiv62L7Qgfh3TmzFptIUdJd4aQ=
Subject key identifier:   44:2F:C8:E9:0A:57:8D:08:54:F4:F0:45:0D:C3:33:E7:25:80:6F:B9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6C14420190D7BE6C118FCAAF0416D7B617696703
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/15aa6352-348a-401d-8e39-36d727c951f2.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fef:1000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:14:42:01:90:d7:be:6c:11:8f:ca:af:04:16:d7:b6:17:69:67:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=c201a838029422d37534bf5081fe0a3dfd336dd09e303cc9e902eb69807e824f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5c:3d:ce:8c:83:ed:45:a5:ca:fc:a2:b1:d8:
                    d2:63:5f:cb:ab:7f:f4:f5:80:8a:ea:85:c0:f3:f3:
                    d6:7a:51:77:c4:ab:81:46:ed:aa:c0:f0:e6:27:53:
                    c2:e8:9c:44:fa:73:97:e7:c0:12:7f:7f:8c:e2:84:
                    37:bd:2d:db:1a:9b:58:a5:39:62:f6:66:3c:83:86:
                    27:02:b4:59:91:47:f6:98:c5:60:1f:57:a3:60:74:
                    0c:a2:f9:27:4c:57:9c:e5:9c:fc:27:46:58:cf:cc:
                    1d:35:39:86:eb:da:07:20:c9:48:19:86:2f:59:c1:
                    ee:3d:2c:0e:c9:9b:8c:89:a8:e2:d9:b5:74:6e:1c:
                    0b:c7:e5:cc:77:6e:2d:56:24:39:7f:b4:ff:16:a2:
                    53:80:fb:5b:1f:b4:3d:2a:f3:fd:a4:13:f1:9c:ab:
                    ea:4a:32:6c:2c:8c:d5:3f:10:ec:b7:53:98:eb:2e:
                    51:22:6c:5c:9d:42:cc:b4:41:33:5c:ad:f2:7c:a6:
                    f1:dd:92:01:23:28:4a:cc:87:88:c1:43:11:5b:76:
                    43:17:b9:6c:f1:0a:e0:55:50:b0:6a:79:ad:83:0c:
                    83:ca:eb:c1:10:87:61:03:7c:f9:f8:4f:b3:ef:8a:
                    22:30:45:89:bc:f0:47:2e:06:f2:75:ed:51:dc:a5:
                    60:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:2F:C8:E9:0A:57:8D:08:54:F4:F0:45:0D:C3:33:E7:25:80:6F:B9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/15aa6352-348a-401d-8e39-36d727c951f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fef:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         99:c7:9f:b0:59:3a:01:37:17:d1:d2:fa:33:1e:2c:e1:26:ac:
         52:38:dc:89:0a:d3:8d:0b:c0:a7:33:0a:4d:3d:ed:0b:63:13:
         23:bc:db:8a:ea:af:e3:ae:e9:c8:05:ec:e1:5a:df:fe:fa:d0:
         15:52:1b:11:01:50:b7:92:0b:22:c3:de:e7:26:ed:57:44:60:
         af:85:71:32:de:1b:b4:28:b7:98:42:d2:ce:b4:1b:60:80:4d:
         1c:80:5d:06:c7:6b:6b:de:2f:ed:48:92:87:95:55:d7:1d:91:
         e5:86:92:c2:85:af:ad:1b:b7:79:1e:94:35:ed:e2:7c:33:b4:
         af:9e:67:a8:25:cf:73:9f:6c:a8:c3:31:43:0e:f2:ba:9c:02:
         27:9e:a4:eb:e7:52:59:d3:5b:9c:8e:b5:ae:9b:5d:24:d0:2b:
         32:ad:49:39:46:b3:dd:d5:ee:f1:5d:8f:4c:8a:26:a0:1f:4c:
         69:11:06:f6:90:0a:93:65:8c:49:77:3f:c5:be:e9:e6:3d:32:
         33:7a:e5:50:90:c9:47:c2:30:f0:4b:fd:12:c6:66:a7:75:03:
         33:4a:f9:fb:89:ba:c8:b5:be:e8:d7:63:f2:e7:3f:b4:ca:80:
         00:39:c2:25:11:ed:0d:76:4e:5f:1a:c6:ba:45:05:b3:d5:4d:
         a5:5e:1c:44
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUbBRCAZDXvmwRj8qvBBbXthdpZwMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMjAxYTgzODAyOTQyMmQzNzUzNGJmNTA4MWZlMGEzZGZk
MzM2ZGQwOWUzMDNjYzllOTAyZWI2OTgwN2U4MjRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6XD3OjIPtRaXK/KKx2NJjX8urf/T1gIrqhcDz89Z6UXfE
q4FG7arA8OYnU8LonET6c5fnwBJ/f4zihDe9Ldsam1ilOWL2ZjyDhicCtFmRR/aY
xWAfV6NgdAyi+SdMV5zlnPwnRljPzB01OYbr2gcgyUgZhi9Zwe49LA7Jm4yJqOLZ
tXRuHAvH5cx3bi1WJDl/tP8WolOA+1sftD0q8/2kE/Gcq+pKMmwsjNU/EOy3U5jr
LlEibFydQsy0QTNcrfJ8pvHdkgEjKErMh4jBQxFbdkMXuWzxCuBVULBqea2DDIPK
68EQh2EDfPn4T7PviiIwRYm88EcuBvJ17VHcpWBNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQURC/I6QpXjQhU9PBFDcMz5yWAb7kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1YWE2MzUyLTM0OGEtNDAxZC04ZTM5LTM2ZDcyN2M5NTFmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/vEDANBgkqhkiG9w0BAQsFAAOCAQEAmcefsFk6ATcX0dL6Mx4s4Sas
UjjciQrTjQvApzMKTT3tC2MTI7zbiuqv467pyAXs4Vrf/vrQFVIbEQFQt5ILIsPe
5ybtV0Rgr4VxMt4btCi3mELSzrQbYIBNHIBdBsdra94v7UiSh5VV1x2R5YaSwoWv
rRu3eR6UNe3ifDO0r55nqCXPc59sqMMxQw7yupwCJ56k6+dSWdNbnI61rptdJNAr
Mq1JOUaz3dXu8V2PTIomoB9MaREG9pAKk2WMSXc/xb7p5j0yM3rlUJDJR8Iw8Ev9
EsZmp3UDM0r5+4m6yLW+6Ndj8uc/tMqAADnCJRHtDXZOXxrGukUFs9VNpV4cRA==
-----END CERTIFICATE-----