Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/390a9ddd-ca1d-4e54-a3ea-f0be32b32d11.roa
File:                     390a9ddd-ca1d-4e54-a3ea-f0be32b32d11.roa (raw, json)
Hash identifier:          d/hS9IJJn6tWQkuowbn8sLFELveek7ucDnHR/oTdkMg=
Subject key identifier:   F4:17:4D:5F:72:EA:C4:33:74:66:E5:94:71:F3:A6:DB:15:F1:10:DD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1DE4A94598A9F03DB532709C18B2FE634C901AB0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/390a9ddd-ca1d-4e54-a3ea-f0be32b32d11.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:8120::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:e4:a9:45:98:a9:f0:3d:b5:32:70:9c:18:b2:fe:63:4c:90:1a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=3c3923dfcd9df6fc730ac60256e42227309d3716aaf6a89fce01d5309a742b10, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:5f:21:49:45:df:57:bf:ba:fb:ba:dd:84:e8:
                    fd:ea:1d:c3:d9:93:65:89:3e:b2:a9:2c:d1:6b:5b:
                    ea:b6:ea:ba:ec:80:62:ef:f4:9a:d8:29:f4:56:99:
                    ac:ff:fa:1b:1d:be:f1:69:00:47:72:ef:20:5d:54:
                    01:15:6f:44:0a:98:e4:83:40:67:09:c4:c9:44:ce:
                    6f:ae:53:b6:f9:57:7e:74:63:02:97:d3:64:01:39:
                    1c:07:56:a8:22:53:38:60:16:6e:11:1a:bd:f2:00:
                    db:58:83:b4:c7:bd:40:90:fd:19:85:09:5a:d0:a2:
                    2a:7c:58:c9:6b:87:3d:94:9f:2b:18:5d:47:46:a9:
                    26:13:03:09:66:c3:d2:78:4c:46:00:24:aa:87:23:
                    9c:44:b8:b0:76:ca:9e:3f:51:3f:d4:20:1a:1b:58:
                    43:c4:f1:3f:bb:cc:47:cc:56:10:3d:a0:f0:bb:32:
                    4a:66:ac:9b:43:34:21:09:53:4a:c9:34:01:15:af:
                    b9:43:e2:1b:dc:97:78:40:d5:3d:a1:5a:43:be:76:
                    3d:a3:84:d8:91:47:0a:43:b1:46:59:72:7d:de:5a:
                    bc:d4:85:3d:04:af:5a:49:d6:6c:fc:97:86:48:e4:
                    4a:fc:5b:9e:cf:e1:ed:c3:76:d8:85:c7:9e:d5:88:
                    14:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:17:4D:5F:72:EA:C4:33:74:66:E5:94:71:F3:A6:DB:15:F1:10:DD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/390a9ddd-ca1d-4e54-a3ea-f0be32b32d11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:8120::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:93:6f:dd:65:13:9e:4d:6a:8f:35:45:29:61:ed:49:c0:4d:
         be:c6:8f:1e:65:dc:bd:45:09:46:63:88:4e:e3:a2:5e:2d:c4:
         ac:5d:cf:a5:ea:c6:b4:85:2c:c8:50:8e:b9:b3:a7:0b:1a:32:
         44:70:2a:35:1e:16:03:f2:33:c0:b3:73:8c:ba:16:0f:be:04:
         fe:ae:5b:e9:f6:26:a3:ba:cf:4c:11:3c:02:a0:06:41:1f:31:
         90:be:1c:f1:d4:51:e7:3c:4c:2f:87:2c:51:bb:5a:31:11:64:
         63:a1:02:4b:03:05:90:6d:e8:14:66:38:0f:d0:35:56:60:49:
         09:3e:46:aa:cc:1a:0e:54:52:0a:2b:cd:29:af:f1:cc:ec:c8:
         67:0b:d2:c1:3b:f1:67:c8:69:03:ae:d2:c8:3d:9b:25:43:e2:
         b2:1b:3b:14:25:ae:72:63:3b:53:6b:54:6f:2d:1a:85:c2:a9:
         27:4a:be:d9:11:70:02:c7:81:b6:1b:c0:0e:87:bb:55:6c:62:
         c6:ce:4a:59:1c:48:0f:a3:a5:6a:aa:94:da:fe:54:e8:8e:77:
         23:d4:77:10:bd:31:b8:df:64:ba:f0:f9:d4:2d:02:0f:c8:23:
         85:ca:4b:77:d6:43:f6:3f:e9:7a:63:32:90:25:d0:40:32:30:
         3a:a8:4f:88
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUHeSpRZip8D21MnCcGLL+Y0yQGrAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzM5MjNkZmNkOWRmNmZjNzMwYWM2MDI1NmU0MjIyNzMw
OWQzNzE2YWFmNmE4OWZjZTAxZDUzMDlhNzQyYjEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYXyFJRd9Xv7r7ut2E6P3qHcPZk2WJPrKpLNFrW+q26rrs
gGLv9JrYKfRWmaz/+hsdvvFpAEdy7yBdVAEVb0QKmOSDQGcJxMlEzm+uU7b5V350
YwKX02QBORwHVqgiUzhgFm4RGr3yANtYg7THvUCQ/RmFCVrQoip8WMlrhz2UnysY
XUdGqSYTAwlmw9J4TEYAJKqHI5xEuLB2yp4/UT/UIBobWEPE8T+7zEfMVhA9oPC7
MkpmrJtDNCEJU0rJNAEVr7lD4hvcl3hA1T2hWkO+dj2jhNiRRwpDsUZZcn3eWrzU
hT0Er1pJ1mz8l4ZI5Er8W57P4e3DdtiFx57ViBRrAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU9BdNX3LqxDN0ZuWUcfOm2xXxEN0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM5MGE5ZGRkLWNhMWQtNGU1NC1hM2VhLWYwYmUzMmIzMmQxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AgSAwDQYJKoZIhvcNAQELBQADggEBAKuTb91lE55Nao81RSlh7UnA
Tb7Gjx5l3L1FCUZjiE7jol4txKxdz6XqxrSFLMhQjrmzpwsaMkRwKjUeFgPyM8Cz
c4y6Fg++BP6uW+n2JqO6z0wRPAKgBkEfMZC+HPHUUec8TC+HLFG7WjERZGOhAksD
BZBt6BRmOA/QNVZgSQk+RqrMGg5UUgorzSmv8czsyGcL0sE78WfIaQOu0sg9myVD
4rIbOxQlrnJjO1NrVG8tGoXCqSdKvtkRcALHgbYbwA6Hu1VsYsbOSlkcSA+jpWqq
lNr+VOiOdyPUdxC9MbjfZLrw+dQtAg/II4XKS3fWQ/Y/6XpjMpAl0EAyMDqoT4g=
-----END CERTIFICATE-----