Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5fe4f53a-ef73-4b72-b978-1a2307ae8e0d.roa
File:                     5fe4f53a-ef73-4b72-b978-1a2307ae8e0d.roa (raw, json)
Hash identifier:          7FCXBw6OcVNMQCYowbBm+gxM8l5aegUKpIPf9gHiGwA=
Subject key identifier:   45:2B:E1:93:E2:B0:0A:82:38:1A:49:DC:CD:CD:4A:0F:BD:6F:E4:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       075C414E526C75BD99796E523D7F1D798851386A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5fe4f53a-ef73-4b72-b978-1a2307ae8e0d.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f69:2000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:5c:41:4e:52:6c:75:bd:99:79:6e:52:3d:7f:1d:79:88:51:38:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=c55d6513503ea2f0117532f7b216a09317d88a717cc30600068394bea9bb4a4e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:bf:66:7a:4e:27:4c:d4:10:a7:a5:ae:58:95:
                    a1:21:3a:63:03:bd:9a:c4:ce:24:43:9f:6f:75:d7:
                    eb:db:0e:95:ba:2b:83:86:43:e7:8c:52:90:66:31:
                    44:91:59:6f:fd:cc:93:3d:cd:9b:d3:ce:54:33:c0:
                    35:2e:56:39:3d:ad:58:33:28:98:8f:1d:85:fa:d9:
                    1e:9d:b1:87:9f:29:32:23:f9:66:fe:36:4f:58:ae:
                    7b:de:ca:d5:33:40:15:b5:51:be:ad:99:1c:d0:4c:
                    d1:7b:a2:ef:74:71:50:93:48:f7:d9:7b:e3:ea:01:
                    0f:27:d8:4d:3f:0d:09:9d:76:de:17:2b:ce:10:6f:
                    83:6a:4f:39:18:eb:ae:f7:65:b1:28:d6:ff:ed:7d:
                    71:29:86:7e:5d:4a:27:0b:68:5e:b1:fa:39:6e:7e:
                    fc:c5:ef:a2:b6:8a:9d:c6:f8:5c:05:57:f0:22:4e:
                    d0:c8:10:03:e3:8f:82:3c:cf:30:2f:0e:34:d7:6c:
                    99:70:76:97:9c:08:64:8b:a9:3a:c8:44:c0:16:c9:
                    32:dd:6b:c3:5e:af:a1:f4:77:eb:8a:2b:15:c5:09:
                    09:07:8b:8e:0a:08:2c:67:fb:66:d6:13:d7:f0:3e:
                    2a:12:6a:a0:8e:6c:f3:25:3f:85:d9:fc:57:52:b8:
                    59:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:2B:E1:93:E2:B0:0A:82:38:1A:49:DC:CD:CD:4A:0F:BD:6F:E4:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5fe4f53a-ef73-4b72-b978-1a2307ae8e0d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5d:38:86:4c:fd:f3:2a:30:f0:53:84:ee:d8:36:65:e2:3e:15:
         db:72:5b:91:f0:b9:cd:be:87:86:55:30:70:1f:94:4a:cb:82:
         b7:57:01:7b:f2:53:7b:dd:88:2e:45:5d:ac:ac:83:1e:57:c5:
         c9:fd:ac:e4:d3:29:19:bf:81:2b:47:ea:da:e9:89:05:a1:be:
         97:1b:a3:d9:ad:ff:26:12:ad:33:1c:54:23:57:f2:69:bc:55:
         cf:86:46:af:c8:bc:a8:a5:c3:99:61:c5:b8:07:5a:64:91:04:
         c3:e2:2b:69:c3:91:ba:f8:d5:53:4d:0f:48:9f:76:87:c4:00:
         55:17:89:2f:3e:0a:91:5a:6e:47:55:e8:41:4f:fc:19:96:d9:
         6c:27:78:72:fc:ac:ca:4a:ea:6a:bf:03:9e:65:d0:b4:5f:bf:
         9a:89:81:a3:92:5d:1f:2e:9a:eb:ed:fa:82:fc:52:92:00:57:
         52:e0:e3:86:1e:15:d6:13:ec:34:b2:bc:f7:93:79:f8:e0:c2:
         eb:1f:22:be:5a:0f:4e:96:cd:04:22:fe:c1:4b:3b:e3:20:47:
         bc:30:48:08:b0:a0:b2:1f:78:89:24:c5:44:29:42:38:40:d6:
         c1:85:c3:ef:21:61:a0:32:9c:7b:43:50:96:1d:90:46:9b:9a:
         8a:02:c8:cd
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUB1xBTlJsdb2ZeW5SPX8deYhROGowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNTVkNjUxMzUwM2VhMmYwMTE3NTMyZjdiMjE2YTA5MzE3
ZDg4YTcxN2NjMzA2MDAwNjgzOTRiZWE5YmI0YTRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvv2Z6TidM1BCnpa5YlaEhOmMDvZrEziRDn2911+vbDpW6
K4OGQ+eMUpBmMUSRWW/9zJM9zZvTzlQzwDUuVjk9rVgzKJiPHYX62R6dsYefKTIj
+Wb+Nk9YrnveytUzQBW1Ub6tmRzQTNF7ou90cVCTSPfZe+PqAQ8n2E0/DQmddt4X
K84Qb4NqTzkY6673ZbEo1v/tfXEphn5dSicLaF6x+jlufvzF76K2ip3G+FwFV/Ai
TtDIEAPjj4I8zzAvDjTXbJlwdpecCGSLqTrIRMAWyTLda8Ner6H0d+uKKxXFCQkH
i44KCCxn+2bWE9fwPioSaqCObPMlP4XZ/FdSuFlHAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQURSvhk+KwCoI4Gknczc1KD71v5OYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVmZTRmNTNhLWVmNzMtNGI3Mi1iOTc4LTFhMjMwN2FlOGUwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9pIDANBgkqhkiG9w0BAQsFAAOCAQEAXTiGTP3zKjDwU4Tu2DZl4j4V
23JbkfC5zb6HhlUwcB+USsuCt1cBe/JTe92ILkVdrKyDHlfFyf2s5NMpGb+BK0fq
2umJBaG+lxuj2a3/JhKtMxxUI1fyabxVz4ZGr8i8qKXDmWHFuAdaZJEEw+IracOR
uvjVU00PSJ92h8QAVReJLz4KkVpuR1XoQU/8GZbZbCd4cvysykrqar8DnmXQtF+/
momBo5JdHy6a6+36gvxSkgBXUuDjhh4V1hPsNLK895N5+ODC6x8ivloPTpbNBCL+
wUs74yBHvDBICLCgsh94iSTFRClCOEDWwYXD7yFhoDKce0NQlh2QRpuaigLIzQ==
-----END CERTIFICATE-----