Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434e9526-9e97-40e5-9178-9ac0395ab2f2.roa
File:                     434e9526-9e97-40e5-9178-9ac0395ab2f2.roa (raw, json)
Hash identifier:          3zgZztTsai2S70g5IC0CAojzgrg0Z/F8td/aIGBsfQY=
Subject key identifier:   63:7C:7E:10:18:5B:F4:A1:5E:EE:27:9B:02:F6:98:6A:7C:96:1C:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0AC383EB01D2455645D8D78700A8A800AE4AE58C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434e9526-9e97-40e5-9178-9ac0395ab2f2.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:5000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:c3:83:eb:01:d2:45:56:45:d8:d7:87:00:a8:a8:00:ae:4a:e5:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=abb532429afbc8591d4cfae8747123aa20719259836bafcdb4c83c51801ab691, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:db:3a:dc:58:e6:aa:86:7e:28:c6:39:3c:5d:
                    91:6f:2c:61:29:a4:80:08:d7:5d:41:a6:1e:78:15:
                    ff:9e:70:8e:69:b0:6c:06:4b:fb:32:48:b5:1f:cb:
                    e4:93:b1:c9:64:1f:e6:57:f5:7a:dd:64:1f:86:da:
                    b8:c2:88:c7:9d:83:aa:b5:24:1b:cd:b8:e2:9e:fb:
                    e9:85:03:df:ca:23:c1:85:6c:ba:39:a7:57:ed:5f:
                    2e:39:06:a0:b3:cd:d1:54:c8:ba:4a:c8:f4:46:c8:
                    ab:f9:e6:9d:37:78:26:9e:44:bd:d8:25:18:70:f0:
                    49:47:26:7a:5c:9f:49:9a:5f:e9:38:00:ce:9a:ee:
                    dd:45:b0:7b:48:57:81:b9:d6:7a:c2:d9:c7:c0:40:
                    ce:a9:30:ed:34:9c:d3:40:1d:68:3e:2f:71:90:52:
                    7e:9a:65:3a:e3:9c:0b:01:23:fe:b9:79:8d:bb:26:
                    8f:a3:5d:f3:5f:29:03:fe:e9:75:52:cd:cc:2c:1e:
                    da:79:5a:3c:65:ab:22:e6:e3:9c:86:c6:a2:d0:c5:
                    7c:b8:b6:ab:e8:91:a3:47:e3:8a:e4:8f:ed:16:99:
                    cf:49:f1:0a:ab:64:8e:42:6e:b9:82:3f:65:e1:0d:
                    05:9d:9d:ba:07:18:ef:24:4b:01:9c:6f:a6:d6:77:
                    30:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:7C:7E:10:18:5B:F4:A1:5E:EE:27:9B:02:F6:98:6A:7C:96:1C:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434e9526-9e97-40e5-9178-9ac0395ab2f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         16:58:22:2f:12:75:2d:ee:41:ba:bc:04:62:72:41:39:b5:3d:
         03:1c:d2:d9:05:e4:44:a2:e8:d7:94:d9:c3:16:84:05:7e:3d:
         fc:18:45:c4:1a:ca:e9:1d:60:46:ff:06:e3:43:6d:ed:25:18:
         8c:1f:62:f8:1c:8a:ce:89:f3:19:03:5d:05:98:d8:f2:d3:16:
         82:51:d3:bc:71:67:ef:5f:94:64:cd:3c:64:0f:30:07:cc:30:
         51:20:0f:e1:12:1d:5e:bf:74:44:74:47:43:da:69:ce:66:a5:
         12:fc:76:27:1a:35:b0:36:b5:23:6b:e8:b5:cd:91:ff:5f:d0:
         e5:9c:3b:69:a3:65:62:cd:e1:1e:93:de:90:4d:00:76:67:5a:
         a9:48:bd:43:b3:2b:82:66:fb:6f:15:97:cd:2a:00:9f:e1:f8:
         f1:1e:d1:3c:bd:0a:90:19:0f:15:dd:48:6d:cc:23:c2:e5:87:
         bd:d8:dd:3f:64:79:e4:d5:0a:c7:34:a0:83:5d:b9:5a:bf:cc:
         ac:8d:81:7f:0d:40:65:3a:8e:08:1d:67:cb:dc:55:fe:8d:28:
         bc:25:ab:15:c5:36:07:b4:6d:a2:bd:26:e7:cd:1c:4f:e8:ea:
         64:2e:10:ec:80:2b:18:7f:9d:fc:6f:45:9f:70:f1:0c:a6:f0:
         e2:5c:19:d7
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUCsOD6wHSRVZF2NeHAKioAK5K5YwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYmI1MzI0MjlhZmJjODU5MWQ0Y2ZhZTg3NDcxMjNhYTIw
NzE5MjU5ODM2YmFmY2RiNGM4M2M1MTgwMWFiNjkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC82zrcWOaqhn4oxjk8XZFvLGEppIAI111Bph54Ff+ecI5p
sGwGS/sySLUfy+STsclkH+ZX9XrdZB+G2rjCiMedg6q1JBvNuOKe++mFA9/KI8GF
bLo5p1ftXy45BqCzzdFUyLpKyPRGyKv55p03eCaeRL3YJRhw8ElHJnpcn0maX+k4
AM6a7t1FsHtIV4G51nrC2cfAQM6pMO00nNNAHWg+L3GQUn6aZTrjnAsBI/65eY27
Jo+jXfNfKQP+6XVSzcwsHtp5WjxlqyLm45yGxqLQxXy4tqvokaNH44rkj+0Wmc9J
8QqrZI5CbrmCP2XhDQWdnboHGO8kSwGcb6bWdzDxAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUY3x+EBhb9KFe7iebAvaYanyWHHUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNGU5NTI2LTllOTctNDBlNS05MTc4LTlhYzAzOTVhYjJmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/2UDANBgkqhkiG9w0BAQsFAAOCAQEAFlgiLxJ1Le5BurwEYnJBObU9
AxzS2QXkRKLo15TZwxaEBX49/BhFxBrK6R1gRv8G40Nt7SUYjB9i+ByKzonzGQNd
BZjY8tMWglHTvHFn71+UZM08ZA8wB8wwUSAP4RIdXr90RHRHQ9ppzmalEvx2Jxo1
sDa1I2votc2R/1/Q5Zw7aaNlYs3hHpPekE0AdmdaqUi9Q7Mrgmb7bxWXzSoAn+H4
8R7RPL0KkBkPFd1IbcwjwuWHvdjdP2R55NUKxzSgg125Wr/MrI2Bfw1AZTqOCB1n
y9xV/o0ovCWrFcU2B7Rtor0m580cT+jqZC4Q7IArGH+d/G9Fn3DxDKbw4lwZ1w==
-----END CERTIFICATE-----