Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b64a54c-d6fb-4229-9471-bd2ea024187f.roa
File:                     6b64a54c-d6fb-4229-9471-bd2ea024187f.roa (raw, json)
Hash identifier:          bOanu3I68a9GfWuYoDkaH0LzxdrGwNe4428XaIwjFpg=
Subject key identifier:   8C:BB:D0:3A:9E:95:E7:C1:1E:10:9E:1A:63:BF:7F:53:64:E1:5A:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2DB9D69EE7D6F4CFFA0369194E32A46F6281AF64
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b64a54c-d6fb-4229-9471-bd2ea024187f.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ffb:80a0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:b9:d6:9e:e7:d6:f4:cf:fa:03:69:19:4e:32:a4:6f:62:81:af:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=7b6020795ea2143910a5e7f15fe08aac23a3fbc1596c526ff4ec0e5ff6c14d54, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b2:11:2f:ff:b4:55:93:a1:bb:22:3a:e0:1d:
                    47:72:59:ce:77:21:41:c2:23:ed:1b:11:5c:af:eb:
                    9a:51:63:4b:0c:ce:c9:33:ee:a8:0a:63:0f:8e:dd:
                    87:a4:88:de:5e:3c:ba:fa:45:0e:79:bc:5f:1c:06:
                    b8:75:9e:73:c8:97:4d:62:21:f6:4e:db:8e:9d:a9:
                    e0:56:dc:ee:e3:82:b6:3f:b4:7e:c1:f7:1f:83:03:
                    cb:ae:b0:27:b8:eb:68:00:50:6c:77:55:ab:13:30:
                    7b:ac:ad:30:ea:ab:b7:15:cc:eb:c1:f4:e0:3b:3a:
                    ce:9a:12:eb:1f:b6:7c:6e:14:bf:a4:62:b6:0f:29:
                    ff:42:52:53:f2:bf:21:df:c0:72:3e:7a:aa:5a:16:
                    b1:d5:36:49:f0:05:1f:bc:f8:1c:c3:ea:98:a4:0b:
                    0d:40:6e:e3:b3:d9:ec:19:ad:94:bb:4d:0e:60:60:
                    5b:a9:ca:b7:00:a5:e5:95:f3:93:d0:ae:82:72:54:
                    ab:68:0d:0a:fe:07:38:ed:13:c5:37:08:ba:cd:f6:
                    3f:03:0f:7d:73:77:aa:ca:2c:35:6b:d5:05:0c:a8:
                    37:94:a1:cf:9d:54:5c:22:13:e4:70:19:98:ca:44:
                    ff:8e:fd:9b:87:b5:bc:61:3f:ec:fa:88:1b:59:7e:
                    ef:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:BB:D0:3A:9E:95:E7:C1:1E:10:9E:1A:63:BF:7F:53:64:E1:5A:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b64a54c-d6fb-4229-9471-bd2ea024187f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:80a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:f1:8f:ad:fb:f0:e4:1d:dc:81:a7:fc:76:3b:9d:d3:1b:d6:
         6c:34:ee:0b:d7:d8:c8:84:b4:a7:b6:aa:b5:df:4b:50:7f:6f:
         64:c1:dc:72:e0:19:f9:e9:35:83:f9:0b:31:f3:cd:ba:14:bc:
         f0:04:03:87:fb:f8:5c:1a:d4:4f:d6:bb:a7:10:0f:21:d1:cf:
         92:59:fb:3d:e9:73:64:de:4a:f4:ed:e5:9d:f3:88:71:99:b4:
         13:e3:31:8f:c9:d0:ab:62:3d:ff:3e:75:b8:19:1f:45:a0:d0:
         0a:5a:a1:2d:20:d3:00:a4:5a:3c:6e:64:73:6d:e7:6c:b4:ee:
         80:95:ce:5d:21:ab:3f:9a:87:45:cd:f1:97:a2:6a:8a:79:13:
         6c:05:23:6e:cb:61:1e:ab:cd:08:f5:3a:87:9f:1c:66:fb:1b:
         66:be:86:c3:c2:f7:de:2e:83:ad:6d:7d:4e:09:cf:29:0b:d9:
         eb:1f:7a:d0:48:b3:61:59:2b:75:f5:a5:72:9d:cc:4a:08:76:
         77:08:94:c9:19:95:06:fe:29:e0:94:19:0b:54:6f:1b:dd:17:
         61:eb:20:f3:3c:5f:49:ae:95:a9:b1:5e:33:c0:6a:4e:ce:79:
         ae:e9:31:8f:4b:54:40:ad:84:1e:f8:b6:59:f0:f6:24:50:ef:
         a5:c4:c5:9e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULbnWnufW9M/6A2kZTjKkb2KBr2QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YjYwMjA3OTVlYTIxNDM5MTBhNWU3ZjE1ZmUwOGFhYzIz
YTNmYmMxNTk2YzUyNmZmNGVjMGU1ZmY2YzE0ZDU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7shEv/7RVk6G7IjrgHUdyWc53IUHCI+0bEVyv65pRY0sM
zskz7qgKYw+O3YekiN5ePLr6RQ55vF8cBrh1nnPIl01iIfZO246dqeBW3O7jgrY/
tH7B9x+DA8uusCe462gAUGx3VasTMHusrTDqq7cVzOvB9OA7Os6aEusftnxuFL+k
YrYPKf9CUlPyvyHfwHI+eqpaFrHVNknwBR+8+BzD6pikCw1AbuOz2ewZrZS7TQ5g
YFupyrcApeWV85PQroJyVKtoDQr+BzjtE8U3CLrN9j8DD31zd6rKLDVr1QUMqDeU
oc+dVFwiE+RwGZjKRP+O/ZuHtbxhP+z6iBtZfu9PAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUjLvQOp6V58EeEJ4aY79/U2ThWskwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZiNjRhNTRjLWQ2ZmItNDIyOS05NDcxLWJkMmVhMDI0MTg3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/7gKAwDQYJKoZIhvcNAQELBQADggEBAFrxj6378OQd3IGn/HY7ndMb
1mw07gvX2MiEtKe2qrXfS1B/b2TB3HLgGfnpNYP5CzHzzboUvPAEA4f7+Fwa1E/W
u6cQDyHRz5JZ+z3pc2TeSvTt5Z3ziHGZtBPjMY/J0KtiPf8+dbgZH0Wg0ApaoS0g
0wCkWjxuZHNt52y07oCVzl0hqz+ah0XN8Zeiaop5E2wFI27LYR6rzQj1OoefHGb7
G2a+hsPC994ug61tfU4JzykL2esfetBIs2FZK3X1pXKdzEoIdncIlMkZlQb+KeCU
GQtUbxvdF2HrIPM8X0mulamxXjPAak7Oea7pMY9LVECthB74tlnw9iRQ76XExZ4=
-----END CERTIFICATE-----