Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7109eae2-0e21-4e85-9b88-63b1777e3c13.roa
File:                     7109eae2-0e21-4e85-9b88-63b1777e3c13.roa (raw, json)
Hash identifier:          A0/8jQCue72hv9LDH/Z2KTj4r8tiL5in4ZxH1U4TH9Y=
Subject key identifier:   B2:EA:7B:87:EF:89:C4:6E:34:8E:6A:90:96:32:76:9F:68:3F:54:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A13C892BC924E71A7AA9A2E0F5754001945FA95
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7109eae2-0e21-4e85-9b88-63b1777e3c13.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:6000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:13:c8:92:bc:92:4e:71:a7:aa:9a:2e:0f:57:54:00:19:45:fa:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=26d39959dc32f18e814b35e52ed10828dd0c80d7e64d067d42a80ff71c6669d0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2b:70:35:74:5c:7d:58:59:e9:f6:e1:46:ac:
                    0a:9b:13:89:a3:7c:80:ad:39:e7:1b:0e:3c:fd:fd:
                    48:2f:9c:af:45:61:0e:f8:8e:df:48:e2:ab:bf:6c:
                    ad:05:bf:f1:3c:ba:39:86:28:8b:14:99:f6:b8:63:
                    ba:68:93:90:50:a1:a0:1d:aa:7a:51:33:a5:c1:f6:
                    57:aa:c9:94:18:e5:62:42:b9:5d:60:1f:02:9e:db:
                    91:0f:de:43:c3:15:73:f7:36:96:90:f0:99:4d:7e:
                    1f:94:c5:a5:7d:ca:39:b5:4f:a9:f2:1d:e2:1a:a9:
                    b4:da:f0:82:6e:a5:fa:a9:03:04:a3:8e:49:39:cd:
                    27:ff:21:9e:0d:65:fc:9a:91:36:d5:8d:f7:d5:49:
                    2d:db:23:d4:11:02:cf:45:b8:fa:e8:2a:48:46:1b:
                    68:ff:6d:5d:42:79:3c:b5:ec:a9:11:97:18:3d:7b:
                    8b:00:dd:7f:72:a1:1e:6a:0f:e4:74:c6:ca:15:e6:
                    8c:9a:32:f8:06:b5:44:29:5f:cb:64:d6:1a:06:68:
                    9a:6e:98:9b:f0:66:70:6e:3c:00:b8:3f:75:48:b0:
                    8a:8c:81:54:e3:d2:cb:17:82:0c:71:e3:5c:c0:43:
                    73:79:e1:a9:9e:e9:d1:63:da:92:c0:60:6c:42:d2:
                    a7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:EA:7B:87:EF:89:C4:6E:34:8E:6A:90:96:32:76:9F:68:3F:54:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7109eae2-0e21-4e85-9b88-63b1777e3c13.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c1:11:de:04:45:39:50:90:3c:ef:76:de:8c:49:d3:3f:e0:2d:
         5d:13:64:25:35:9f:ec:e2:49:59:4e:96:80:84:e8:02:15:39:
         0f:c4:2f:44:80:8c:fc:08:24:b5:20:50:1d:06:ff:f6:2d:37:
         9b:37:b6:3f:e2:1d:e2:13:c0:61:20:38:8e:33:c7:9f:29:b7:
         6c:5f:63:25:8e:fb:27:41:e1:9c:76:21:11:ce:1a:12:d0:90:
         59:40:70:28:2c:12:8a:42:97:c4:bb:39:b5:35:91:f7:f3:0b:
         e5:5b:95:08:b7:bc:2b:1e:14:64:14:46:4e:4c:71:7b:c8:cf:
         ab:af:ba:1c:da:d5:74:60:db:0e:9b:af:c8:9c:f5:1a:ee:c1:
         af:61:b8:2e:6e:c6:73:75:13:66:16:4a:f5:ea:f4:58:82:94:
         bc:6f:8c:1f:90:01:59:01:e7:a2:10:59:df:7b:00:bc:0e:f2:
         84:32:2d:7a:8d:61:50:95:ba:ba:4e:4f:0d:96:2b:37:4d:c8:
         fa:7a:1b:67:33:d3:ae:02:0d:1b:c9:e9:92:c2:78:35:92:a0:
         42:69:bc:e7:af:ee:21:af:4e:cd:29:8d:46:3b:65:38:67:3f:
         cf:f2:c2:13:58:aa:e7:e5:39:d0:d2:2b:e6:3d:56:09:3c:90:
         6b:ef:21:df
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUWhPIkrySTnGnqpouD1dUABlF+pUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmQzOTk1OWRjMzJmMThlODE0YjM1ZTUyZWQxMDgyOGRk
MGM4MGQ3ZTY0ZDA2N2Q0MmE4MGZmNzFjNjY2OWQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrK3A1dFx9WFnp9uFGrAqbE4mjfICtOecbDjz9/UgvnK9F
YQ74jt9I4qu/bK0Fv/E8ujmGKIsUmfa4Y7pok5BQoaAdqnpRM6XB9leqyZQY5WJC
uV1gHwKe25EP3kPDFXP3NpaQ8JlNfh+UxaV9yjm1T6nyHeIaqbTa8IJupfqpAwSj
jkk5zSf/IZ4NZfyakTbVjffVSS3bI9QRAs9FuProKkhGG2j/bV1CeTy17KkRlxg9
e4sA3X9yoR5qD+R0xsoV5oyaMvgGtUQpX8tk1hoGaJpumJvwZnBuPAC4P3VIsIqM
gVTj0ssXggxx41zAQ3N54ame6dFj2pLAYGxC0qfRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUsup7h++JxG40jmqQljJ2n2g/VG8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxMDllYWUyLTBlMjEtNGU4NS05Yjg4LTYzYjE3NzdlM2MxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wYDANBgkqhkiG9w0BAQsFAAOCAQEAwRHeBEU5UJA873bejEnTP+At
XRNkJTWf7OJJWU6WgIToAhU5D8QvRICM/AgktSBQHQb/9i03mze2P+Id4hPAYSA4
jjPHnym3bF9jJY77J0HhnHYhEc4aEtCQWUBwKCwSikKXxLs5tTWR9/ML5VuVCLe8
Kx4UZBRGTkxxe8jPq6+6HNrVdGDbDpuvyJz1Gu7Br2G4Lm7Gc3UTZhZK9er0WIKU
vG+MH5ABWQHnohBZ33sAvA7yhDIteo1hUJW6uk5PDZYrN03I+nobZzPTrgING8np
ksJ4NZKgQmm856/uIa9OzSmNRjtlOGc/z/LCE1iq5+U50NIr5j1WCTyQa+8h3w==
-----END CERTIFICATE-----