Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67f40a44-f534-4bd5-82d5-3d7ba1d41e1d.roa
File:                     67f40a44-f534-4bd5-82d5-3d7ba1d41e1d.roa (raw, json)
Hash identifier:          HVyJROYsoa0B64q71bBp4ad5ekYhwURnhTvAJq9u8Is=
Subject key identifier:   C4:CA:04:B4:74:ED:B4:3D:1F:1F:01:72:A5:CC:A6:FE:08:98:04:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       65EE712FF6A6CFB1A11B61933ACBF61B341B5965
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67f40a44-f534-4bd5-82d5-3d7ba1d41e1d.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f26:8000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ee:71:2f:f6:a6:cf:b1:a1:1b:61:93:3a:cb:f6:1b:34:1b:59:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=c037fe0f700a1ce69ffdd0a8b16b4db0b2b11ec755c168a2701c8dbb867384a6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:7f:c6:96:fc:5c:6e:ea:ba:d3:6c:10:47:b6:
                    7f:1b:ee:db:e0:ba:f6:30:31:25:84:a3:fe:4d:cb:
                    3e:a3:19:67:2a:8c:e2:ff:35:cd:18:3e:74:47:32:
                    5a:2f:5a:bc:d8:81:0d:35:ac:2a:ec:01:9a:3d:e7:
                    1e:02:d3:71:80:a0:9a:01:48:77:c2:7d:1e:7d:fd:
                    d1:6b:6c:45:e7:88:5c:3b:ca:f2:36:c7:19:f5:06:
                    75:58:8f:a0:7a:ad:c0:b4:ad:d4:24:38:a5:1e:47:
                    32:b5:79:b7:23:b5:72:59:74:d2:b0:20:b1:15:10:
                    04:df:37:e1:e3:98:98:f6:0b:74:01:78:ce:57:dd:
                    54:05:c2:0d:8f:18:fe:00:db:d1:9f:b5:c7:99:fb:
                    08:30:40:b1:85:34:d6:1a:08:03:ed:d8:ea:bd:f2:
                    47:7a:69:61:93:0c:3e:b6:7a:b2:c5:1c:6b:3c:96:
                    c6:c7:8e:9b:e8:ae:2f:86:32:90:11:fe:8c:33:8a:
                    79:bb:9d:f0:f6:79:e2:26:68:f7:72:4c:b5:17:e8:
                    e4:50:1e:84:2a:44:92:2b:c7:40:a5:29:50:0a:0a:
                    d3:fe:c7:ca:af:b6:ee:10:73:21:2d:53:9c:55:54:
                    58:06:01:56:8c:6f:61:e9:13:8e:3c:e8:61:d6:bb:
                    27:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CA:04:B4:74:ED:B4:3D:1F:1F:01:72:A5:CC:A6:FE:08:98:04:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67f40a44-f534-4bd5-82d5-3d7ba1d41e1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f26:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         8f:43:04:89:b6:48:df:74:6c:1b:15:73:cd:8a:9e:28:70:45:
         14:09:72:2a:a6:f1:d0:38:d7:ad:54:b5:f7:3a:65:52:e0:02:
         6a:b7:c7:ae:0b:17:46:3c:13:96:87:36:81:7b:2b:e6:cf:c9:
         72:73:22:17:33:db:7d:a2:2a:99:40:3e:3f:41:d0:97:29:b9:
         b6:f0:0f:23:99:03:24:90:9f:70:79:a0:02:e7:f6:e9:91:9c:
         57:a6:71:02:14:2c:b8:b5:84:e4:92:3b:7f:e4:d9:b9:fd:b9:
         98:9f:9f:5f:db:28:47:5a:26:c7:c8:05:e8:dd:57:e1:62:06:
         18:a1:47:dd:15:a9:a2:cb:4d:1a:83:a6:06:0a:87:e2:8e:87:
         b2:ce:cf:33:56:7a:5e:ae:5a:dd:11:29:2a:04:31:2a:86:d3:
         ab:f5:e1:72:d6:75:d9:dd:38:26:9f:cf:18:63:cc:23:d8:57:
         b9:4c:71:b7:d3:cb:67:05:c3:99:0e:b0:ce:72:f7:79:59:48:
         97:eb:f8:79:0b:ed:22:a5:9a:86:5a:61:e8:0f:f5:91:b2:1f:
         e4:60:ee:fe:14:1b:35:bf:b3:37:3b:1c:2e:ff:8b:df:07:44:
         8f:3e:58:bc:35:f8:88:87:ed:a3:5b:81:37:3a:92:62:b4:9b:
         a0:bc:ab:ff
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZe5xL/amz7GhG2GTOsv2GzQbWWUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDM3ZmUwZjcwMGExY2U2OWZmZGQwYThiMTZiNGRiMGIy
YjExZWM3NTVjMTY4YTI3MDFjOGRiYjg2NzM4NGE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhf8aW/Fxu6rrTbBBHtn8b7tvguvYwMSWEo/5Nyz6jGWcq
jOL/Nc0YPnRHMlovWrzYgQ01rCrsAZo95x4C03GAoJoBSHfCfR59/dFrbEXniFw7
yvI2xxn1BnVYj6B6rcC0rdQkOKUeRzK1ebcjtXJZdNKwILEVEATfN+HjmJj2C3QB
eM5X3VQFwg2PGP4A29GftceZ+wgwQLGFNNYaCAPt2Oq98kd6aWGTDD62erLFHGs8
lsbHjpvori+GMpAR/owzinm7nfD2eeImaPdyTLUX6ORQHoQqRJIrx0ClKVAKCtP+
x8qvtu4QcyEtU5xVVFgGAVaMb2HpE4486GHWuycTAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUxMoEtHTttD0fHwFypcym/giYBEEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY3ZjQwYTQ0LWY1MzQtNGJkNS04MmQ1LTNkN2JhMWQ0MWUxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8mgDANBgkqhkiG9w0BAQsFAAOCAQEAj0MEibZI33RsGxVzzYqeKHBF
FAlyKqbx0DjXrVS19zplUuACarfHrgsXRjwTloc2gXsr5s/JcnMiFzPbfaIqmUA+
P0HQlym5tvAPI5kDJJCfcHmgAuf26ZGcV6ZxAhQsuLWE5JI7f+TZuf25mJ+fX9so
R1omx8gF6N1X4WIGGKFH3RWpostNGoOmBgqH4o6Hss7PM1Z6Xq5a3REpKgQxKobT
q/XhctZ12d04Jp/PGGPMI9hXuUxxt9PLZwXDmQ6wznL3eVlIl+v4eQvtIqWahlph
6A/1kbIf5GDu/hQbNb+zNzscLv+L3wdEjz5YvDX4iIfto1uBNzqSYrSboLyr/w==
-----END CERTIFICATE-----