Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/712df843-0f79-4044-bae3-174bd1f87fce.roa
File:                     712df843-0f79-4044-bae3-174bd1f87fce.roa (raw, json)
Hash identifier:          3OVudmjT+vv3PDHhkTRVSL7c4DgJH4/WScGyIbusjoU=
Subject key identifier:   7B:C7:D3:FF:BA:1B:75:08:BA:7D:8E:60:98:7B:AB:30:F8:DF:C0:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7399C872FFB2B185CF9CD264748EEC3162A96022
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/712df843-0f79-4044-bae3-174bd1f87fce.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff5:e000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:99:c8:72:ff:b2:b1:85:cf:9c:d2:64:74:8e:ec:31:62:a9:60:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=e49869ed9ed437df2644ff5eb0104d1796e74d5ec465ea201594c50b36ed693c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:05:7b:ee:89:de:c5:3c:c7:b6:81:ab:de:a6:
                    37:75:e6:88:9c:0f:9c:ab:a0:9d:5a:75:1f:2e:ff:
                    b1:45:11:3e:09:c9:f1:7f:56:08:33:36:a8:a4:f8:
                    89:f7:91:76:5d:0f:51:d4:2d:b3:bd:18:e5:79:d8:
                    7e:57:cb:e4:ef:95:9a:56:45:a6:ca:4d:4e:42:55:
                    15:9f:e8:a2:77:c2:ed:eb:9d:04:f8:5a:d8:2e:c7:
                    04:09:74:c6:10:d7:6c:f9:be:70:c5:19:e2:5e:d0:
                    95:11:f2:31:20:7f:03:b6:ee:f6:9d:0b:26:10:f5:
                    de:1d:e3:16:bb:9a:d9:fb:d6:ca:77:cc:b0:ea:8e:
                    e9:80:c6:25:d9:4d:56:59:79:8c:25:ed:58:64:db:
                    df:15:dc:a4:73:7e:23:8b:10:a3:f2:39:93:92:85:
                    4d:42:91:f1:1a:50:0d:3a:be:4e:56:cb:4e:7b:57:
                    5d:65:0b:65:c8:37:7b:e6:fd:e8:53:8d:09:ac:83:
                    c7:9a:56:9f:6d:6a:d7:df:7f:27:88:2c:8c:f5:8c:
                    e6:75:7d:48:ba:4b:1b:7d:93:b1:a0:80:bc:89:e0:
                    22:86:5c:d6:d9:aa:96:ad:57:66:cc:4c:4b:8c:98:
                    00:73:8a:ef:e5:82:dd:b4:9d:8c:05:22:3e:05:2d:
                    72:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C7:D3:FF:BA:1B:75:08:BA:7D:8E:60:98:7B:AB:30:F8:DF:C0:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/712df843-0f79-4044-bae3-174bd1f87fce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         d7:39:23:60:48:d1:b7:c8:49:3d:29:27:5f:83:5b:7f:53:0c:
         ac:74:cd:9a:ef:8a:a2:84:af:b3:14:3d:b8:8a:ce:f9:3e:d6:
         b9:27:67:77:43:1e:ef:89:08:a8:89:ee:e9:64:20:10:90:3c:
         13:2d:88:32:28:c3:ee:8d:c7:a2:ec:ed:6c:b4:44:ff:e2:f8:
         99:65:e8:de:46:c0:bb:b3:89:d3:7f:c0:ab:1a:3a:94:b6:82:
         e8:2e:fb:13:12:ff:a2:07:c7:c4:34:fa:61:dd:c9:7f:a4:6d:
         56:d0:ad:46:32:de:06:c1:c3:00:7a:e4:03:a0:4f:57:c6:2f:
         e2:7d:4a:fd:4a:22:2b:de:c6:91:87:36:02:ee:d0:b9:63:78:
         ec:5a:c5:32:90:14:49:d8:b7:56:b8:18:c2:6b:e5:39:26:90:
         98:7f:aa:c5:e6:e5:ba:6e:85:de:c9:0f:b2:86:77:8d:45:04:
         fb:64:96:8b:04:5e:d5:53:15:71:d5:60:75:e2:a8:78:30:c6:
         68:36:df:e2:25:7e:bf:db:de:84:a9:b2:36:13:92:71:13:0a:
         e8:79:5e:41:ba:c7:64:55:ba:4e:6e:2f:f7:17:c6:7b:19:18:
         76:f0:3b:e9:69:80:43:4d:e3:22:49:8f:04:14:db:6d:9a:0c:
         08:fa:3f:e4
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUc5nIcv+ysYXPnNJkdI7sMWKpYCIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDk4NjllZDllZDQzN2RmMjY0NGZmNWViMDEwNGQxNzk2
ZTc0ZDVlYzQ2NWVhMjAxNTk0YzUwYjM2ZWQ2OTNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxBXvuid7FPMe2gavepjd15oicD5yroJ1adR8u/7FFET4J
yfF/VggzNqik+In3kXZdD1HULbO9GOV52H5Xy+TvlZpWRabKTU5CVRWf6KJ3wu3r
nQT4WtguxwQJdMYQ12z5vnDFGeJe0JUR8jEgfwO27vadCyYQ9d4d4xa7mtn71sp3
zLDqjumAxiXZTVZZeYwl7Vhk298V3KRzfiOLEKPyOZOShU1CkfEaUA06vk5Wy057
V11lC2XIN3vm/ehTjQmsg8eaVp9tatfffyeILIz1jOZ1fUi6Sxt9k7GggLyJ4CKG
XNbZqpatV2bMTEuMmABziu/lgt20nYwFIj4FLXLjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUe8fT/7obdQi6fY5gmHurMPjfwN8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxMmRmODQzLTBmNzktNDA0NC1iYWUzLTE3NGJkMWY4N2ZjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/14DANBgkqhkiG9w0BAQsFAAOCAQEA1zkjYEjRt8hJPSknX4Nbf1MM
rHTNmu+KooSvsxQ9uIrO+T7WuSdnd0Me74kIqInu6WQgEJA8Ey2IMijD7o3Houzt
bLRE/+L4mWXo3kbAu7OJ03/Aqxo6lLaC6C77ExL/ogfHxDT6Yd3Jf6RtVtCtRjLe
BsHDAHrkA6BPV8Yv4n1K/UoiK97GkYc2Au7QuWN47FrFMpAUSdi3VrgYwmvlOSaQ
mH+qxeblum6F3skPsoZ3jUUE+2SWiwRe1VMVcdVgdeKoeDDGaDbf4iV+v9vehKmy
NhOScRMK6HleQbrHZFW6Tm4v9xfGexkYdvA76WmAQ03jIkmPBBTbbZoMCPo/5A==
-----END CERTIFICATE-----