Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9d8322-0490-4bca-afaa-6cdbd79b9c30.roa
File:                     2f9d8322-0490-4bca-afaa-6cdbd79b9c30.roa (raw, json)
Hash identifier:          zgaXps6Sichxv4xiDJya68+PglqrfnHiwWQiHGKW0GE=
Subject key identifier:   E8:46:61:7C:06:FC:08:35:30:11:D6:2F:60:55:86:C1:67:25:17:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       52D480A7A663B16562B97966418D49C9C209CEBF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9d8322-0490-4bca-afaa-6cdbd79b9c30.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:e0c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:d4:80:a7:a6:63:b1:65:62:b9:79:66:41:8d:49:c9:c2:09:ce:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=2497141900eda0f93a93c53f6a49edf676e34b5c5772e9f6f782b160996dcd20, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c8:d8:7b:20:0b:1d:09:a5:29:93:15:94:36:
                    37:ea:97:c2:44:18:48:3e:9f:d5:7f:e5:3c:f5:35:
                    f5:4d:9b:1b:49:e6:d0:46:01:98:d9:15:2b:71:86:
                    6e:d5:1c:a5:85:43:36:6a:39:30:db:df:ff:f5:bc:
                    fb:56:f1:aa:df:f8:6f:a8:d9:fd:b7:ac:05:11:94:
                    5b:ca:c4:11:cb:81:b3:9b:77:75:08:76:64:20:b8:
                    fb:c8:03:26:05:86:47:4f:88:a4:55:72:d4:ac:85:
                    5c:ee:9f:7d:f9:ba:40:e3:54:45:3d:f8:2e:5e:44:
                    aa:c9:36:a7:cd:ae:a7:17:48:3d:b7:15:0d:43:95:
                    88:37:72:70:82:ae:27:42:a2:3a:26:ba:ce:ba:3b:
                    0f:de:56:ba:03:d2:47:b1:63:64:40:68:3a:62:be:
                    32:3d:02:3d:77:38:93:88:bf:6e:94:92:4d:2c:9c:
                    2c:81:55:c2:ac:0f:9b:be:80:87:66:46:aa:ea:1d:
                    01:55:2d:e3:3b:e3:c1:92:fe:2d:b4:a1:99:a0:db:
                    25:3f:fb:90:69:49:75:77:a4:de:b0:49:5f:e0:fb:
                    5c:20:b3:0a:96:0e:64:e5:6d:7f:29:ec:47:75:c7:
                    ad:7d:71:83:75:9b:4b:93:cd:fb:00:cb:dd:c9:5b:
                    b3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:46:61:7C:06:FC:08:35:30:11:D6:2F:60:55:86:C1:67:25:17:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9d8322-0490-4bca-afaa-6cdbd79b9c30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:e0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:e4:8a:8e:7c:59:89:69:60:f0:05:9d:76:ed:fb:99:5d:d1:
         b0:d8:a1:3f:55:6b:54:25:c6:79:38:43:54:1c:90:5c:b7:b3:
         3c:b1:c0:ee:ac:00:5a:9a:6d:7c:78:81:7f:ec:1c:2b:10:a6:
         27:09:cd:25:be:96:01:61:06:f0:da:21:a9:dd:19:bf:5c:da:
         43:77:f1:05:4d:4f:b7:77:9f:e5:bb:64:65:cc:e2:3e:64:a9:
         33:ce:84:84:ca:6d:a2:33:cf:00:d4:22:67:55:4d:fb:57:92:
         ea:dd:5d:2f:43:90:b0:58:51:07:1c:cb:42:23:ff:23:80:aa:
         1c:54:59:e6:40:40:b2:19:43:a2:7f:e8:7b:b4:66:3a:3c:26:
         50:07:18:40:38:23:88:90:60:f3:1f:d3:ca:50:48:df:ae:93:
         d8:c9:37:4a:8d:c4:6f:39:5a:39:ef:b7:06:73:06:b3:d2:f7:
         18:fd:85:80:3f:e5:64:86:aa:02:f5:20:6e:8d:af:24:36:e4:
         82:4e:b5:da:3b:b8:27:4e:fa:77:22:99:bd:85:9d:1b:17:a7:
         7b:c6:b5:86:34:e0:7c:c4:92:61:0d:b1:ca:36:32:84:b5:32:
         9f:67:a3:4f:14:c9:9a:b7:be:1d:66:58:d6:31:b7:d6:d8:84:
         dc:83:25:15
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUUtSAp6ZjsWViuXlmQY1JycIJzr8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDk3MTQxOTAwZWRhMGY5M2E5M2M1M2Y2YTQ5ZWRmNjc2
ZTM0YjVjNTc3MmU5ZjZmNzgyYjE2MDk5NmRjZDIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+yNh7IAsdCaUpkxWUNjfql8JEGEg+n9V/5Tz1NfVNmxtJ
5tBGAZjZFStxhm7VHKWFQzZqOTDb3//1vPtW8arf+G+o2f23rAURlFvKxBHLgbOb
d3UIdmQguPvIAyYFhkdPiKRVctSshVzun335ukDjVEU9+C5eRKrJNqfNrqcXSD23
FQ1DlYg3cnCCridCojomus66Ow/eVroD0kexY2RAaDpivjI9Aj13OJOIv26Ukk0s
nCyBVcKsD5u+gIdmRqrqHQFVLeM748GS/i20oZmg2yU/+5BpSXV3pN6wSV/g+1wg
swqWDmTlbX8p7Ed1x619cYN1m0uTzfsAy93JW7N9AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU6EZhfAb8CDUwEdYvYFWGwWclF+swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmOWQ4MzIyLTA0OTAtNGJjYS1hZmFhLTZjZGJkNzliOWMzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/y4MAwDQYJKoZIhvcNAQELBQADggEBAJDkio58WYlpYPAFnXbt+5ld
0bDYoT9Va1Qlxnk4Q1QckFy3szyxwO6sAFqabXx4gX/sHCsQpicJzSW+lgFhBvDa
IandGb9c2kN38QVNT7d3n+W7ZGXM4j5kqTPOhITKbaIzzwDUImdVTftXkurdXS9D
kLBYUQccy0Ij/yOAqhxUWeZAQLIZQ6J/6Hu0Zjo8JlAHGEA4I4iQYPMf08pQSN+u
k9jJN0qNxG85WjnvtwZzBrPS9xj9hYA/5WSGqgL1IG6NryQ25IJOtdo7uCdO+nci
mb2FnRsXp3vGtYY04HzEkmENsco2MoS1Mp9no08UyZq3vh1mWNYxt9bYhNyDJRU=
-----END CERTIFICATE-----