Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a671fe1-235f-4059-aaa3-935ef59dcd6d.roa
File:                     5a671fe1-235f-4059-aaa3-935ef59dcd6d.roa (raw, json)
Hash identifier:          m0UIsa/RgX1Q9T24c99TuHIXQVsb7gmHFBG5+Q8Y414=
Subject key identifier:   E5:4A:C9:83:A6:9F:7A:AC:C2:45:FF:BD:85:7E:6A:5A:CF:8B:23:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3383E8D1A7563CB8DFC6DD639BD1A3A4BBFCF44A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a671fe1-235f-4059-aaa3-935ef59dcd6d.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f29:4000::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:83:e8:d1:a7:56:3c:b8:df:c6:dd:63:9b:d1:a3:a4:bb:fc:f4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=ab6e602d67476e4580b64e2d20d415d1b016dc1498e9b04266a3e30ffc753a2f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bb:68:67:73:4b:0d:c4:09:85:2c:d8:0a:38:
                    97:61:ba:8a:99:d1:aa:38:09:fd:eb:ba:1c:dd:70:
                    d9:1e:0d:3e:a5:c6:68:83:e1:08:bc:42:3e:d5:d5:
                    01:43:53:29:d3:dd:28:51:57:e8:b8:75:12:d2:64:
                    40:93:a9:10:aa:86:78:49:53:e7:48:ff:17:22:73:
                    de:0d:3d:1a:67:9b:89:bc:0a:89:c1:e7:3f:90:92:
                    8e:62:46:6c:c7:8f:8f:4d:53:22:0f:d1:ef:01:e5:
                    a0:88:ec:34:c6:7b:45:63:7f:21:53:6f:d3:3b:b1:
                    bb:b5:2c:53:b9:e0:d6:89:48:45:b2:c4:d4:45:ef:
                    a9:bf:1e:3c:3c:9c:41:e5:67:c0:58:cb:ef:98:78:
                    91:ec:ee:28:fd:44:99:af:7f:c9:8d:bb:8e:91:86:
                    70:94:3d:18:3d:41:cf:2a:6c:a2:b4:39:c0:39:85:
                    d4:44:50:d4:b9:81:3a:f5:fe:f6:85:8d:95:5a:80:
                    cb:29:af:4a:80:c7:3e:72:ce:43:3b:fc:93:94:9a:
                    e1:8b:37:8e:85:8d:f0:b8:77:c4:6b:59:68:86:64:
                    1d:52:e3:57:20:be:73:f1:c6:a0:f2:f9:96:b3:f6:
                    aa:53:d6:c5:60:f2:74:8a:aa:43:2f:e5:5a:f0:31:
                    92:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:4A:C9:83:A6:9F:7A:AC:C2:45:FF:BD:85:7E:6A:5A:CF:8B:23:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a671fe1-235f-4059-aaa3-935ef59dcd6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f29:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         bb:26:64:95:f8:ed:c5:64:af:83:8a:d9:b5:0a:36:7a:d9:ee:
         20:c9:fd:a4:28:9a:46:66:60:85:9f:f4:f0:85:a3:ec:39:35:
         72:12:37:80:26:db:a2:92:cd:2f:03:59:bd:dd:f7:23:fd:a3:
         ab:c9:18:fd:bf:76:c9:22:af:e8:51:7d:11:fe:34:1f:00:8b:
         e5:4d:d1:d9:8d:05:76:65:5d:2f:fa:ba:7d:70:04:fe:34:38:
         df:d7:95:d8:24:1f:6a:0f:25:22:37:3f:de:69:2c:ef:78:e5:
         66:05:12:02:7b:c3:87:37:22:45:63:7f:5a:78:e2:1a:f3:05:
         d9:5c:45:fd:22:ef:99:21:0f:a9:72:b7:57:a2:fd:76:70:18:
         44:d9:c5:d3:c3:41:e1:14:2f:1f:6e:f8:62:8c:52:e7:90:13:
         11:d9:8f:77:18:7d:f6:85:c2:a8:65:44:4a:44:dc:61:13:d1:
         6e:1d:64:82:a2:67:44:85:25:86:18:2e:7c:9b:c3:7e:13:3a:
         f4:de:73:a9:8e:88:48:5c:f7:6a:13:93:50:6d:07:f7:a3:f6:
         c3:93:ed:5a:78:95:6a:b1:70:46:5a:92:02:d0:1f:00:e7:51:
         c0:7e:35:29:e8:8e:50:4b:c8:e7:07:5c:34:4a:6d:93:5d:19:
         24:7c:4d:d8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUM4Po0adWPLjfxt1jm9GjpLv89EowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjZlNjAyZDY3NDc2ZTQ1ODBiNjRlMmQyMGQ0MTVkMWIw
MTZkYzE0OThlOWIwNDI2NmEzZTMwZmZjNzUzYTJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHu2hnc0sNxAmFLNgKOJdhuoqZ0ao4Cf3ruhzdcNkeDT6l
xmiD4Qi8Qj7V1QFDUynT3ShRV+i4dRLSZECTqRCqhnhJU+dI/xcic94NPRpnm4m8
ConB5z+Qko5iRmzHj49NUyIP0e8B5aCI7DTGe0VjfyFTb9M7sbu1LFO54NaJSEWy
xNRF76m/Hjw8nEHlZ8BYy++YeJHs7ij9RJmvf8mNu46RhnCUPRg9Qc8qbKK0OcA5
hdREUNS5gTr1/vaFjZVagMspr0qAxz5yzkM7/JOUmuGLN46FjfC4d8RrWWiGZB1S
41cgvnPxxqDy+Zaz9qpT1sVg8nSKqkMv5VrwMZJrAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU5UrJg6afeqzCRf+9hX5qWs+LIyUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVhNjcxZmUxLTIzNWYtNDA1OS1hYWEzLTkzNWVmNTlkY2Q2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8pQDANBgkqhkiG9w0BAQsFAAOCAQEAuyZklfjtxWSvg4rZtQo2etnu
IMn9pCiaRmZghZ/08IWj7Dk1chI3gCbbopLNLwNZvd33I/2jq8kY/b92ySKv6FF9
Ef40HwCL5U3R2Y0FdmVdL/q6fXAE/jQ439eV2CQfag8lIjc/3mks73jlZgUSAnvD
hzciRWN/WnjiGvMF2VxF/SLvmSEPqXK3V6L9dnAYRNnF08NB4RQvH274YoxS55AT
EdmPdxh99oXCqGVESkTcYRPRbh1kgqJnRIUlhhgufJvDfhM69N5zqY6ISFz3ahOT
UG0H96P2w5PtWniVarFwRlqSAtAfAOdRwH41KeiOUEvI5wdcNEptk10ZJHxN2A==
-----END CERTIFICATE-----