Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f6e828c-dab6-49f6-836d-72e1c0db4fa8.roa
File:                     7f6e828c-dab6-49f6-836d-72e1c0db4fa8.roa (raw, json)
Hash identifier:          G1HAPvGImUbbFwwI8INNwiu2Thyykl3+0OIbkuU1OAo=
Subject key identifier:   A9:B8:01:A2:58:64:9B:E6:F2:64:01:31:BC:72:C9:12:54:D7:19:EA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13B95F94FA26794BF70BBF7D1F8BA76AE0340D68
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f6e828c-dab6-49f6-836d-72e1c0db4fa8.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffb:e0c0::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:b9:5f:94:fa:26:79:4b:f7:0b:bf:7d:1f:8b:a7:6a:e0:34:0d:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=e0be12b8f81c82c76f96e5ae674ed7ecf336e27e09dabc0d596c6dcd40d64fc5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b9:ad:6d:83:de:7c:39:9a:b6:42:49:5d:5c:
                    a6:72:ad:e3:42:54:48:d4:2c:f0:54:18:e2:fc:3f:
                    a4:dd:f4:d8:da:9a:38:7a:35:c4:b9:83:a1:29:bc:
                    bd:bd:84:c6:82:a0:da:b6:09:16:51:31:53:ee:24:
                    02:6e:d2:8d:4a:8e:5e:54:15:4e:5c:9c:6a:4e:7a:
                    95:e8:ca:82:23:a7:a5:1c:88:50:0e:2b:a0:de:e9:
                    2e:fb:d3:72:69:0d:d0:55:1c:a0:44:ae:ee:e0:33:
                    b9:2a:56:36:67:9e:d7:d5:c0:69:c0:2a:e2:56:9d:
                    9a:56:2f:aa:4f:15:5f:9a:68:76:99:b7:34:42:48:
                    4e:c0:fe:84:9b:de:64:2b:0f:40:7d:50:32:a5:28:
                    69:39:df:7d:53:06:f9:f5:fb:c3:3d:d0:e2:9a:b4:
                    2e:44:a6:12:72:8d:7f:88:be:98:ef:a7:35:7e:85:
                    43:0c:4b:a5:70:1a:ce:e8:03:53:d1:33:62:50:1d:
                    aa:92:13:1a:76:6f:a0:f8:b0:c8:2e:d4:c9:c3:9d:
                    8d:01:ba:6e:3a:96:08:a0:be:94:e5:e0:65:96:9f:
                    ee:fb:92:78:9c:92:62:70:f1:36:74:9d:d6:d9:d6:
                    58:86:2c:ff:78:bc:30:b0:36:48:27:2a:f5:d3:da:
                    1d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:B8:01:A2:58:64:9B:E6:F2:64:01:31:BC:72:C9:12:54:D7:19:EA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f6e828c-dab6-49f6-836d-72e1c0db4fa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:e0c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         b4:df:2a:a9:fa:a5:ef:0f:15:78:8e:b0:76:53:78:11:1d:57:
         a7:ea:b0:2e:99:42:47:b6:08:57:3e:ba:92:4f:27:20:a3:72:
         76:34:74:fd:0a:50:b0:0d:5f:e7:42:54:c6:5d:12:b9:8e:88:
         b0:36:5c:89:d1:46:a4:02:4c:58:4f:68:d1:77:9f:db:5d:a5:
         f2:e8:a0:2f:14:48:73:1a:fa:39:34:b9:a1:1f:03:5c:2c:dc:
         21:f6:7c:4d:00:a1:d1:e8:f1:17:85:3c:72:f1:c3:82:86:0a:
         81:5d:b0:f5:44:1c:e2:08:65:11:d3:5c:98:70:fe:1f:09:73:
         34:10:ad:83:2d:e5:20:ee:ba:7b:fc:e4:0e:af:38:da:96:ad:
         32:14:c9:f8:d5:f0:d3:36:94:19:58:de:cc:d0:87:53:31:8e:
         53:7d:ee:1e:1e:53:44:7d:d5:0e:f4:c1:51:62:2b:39:0d:d5:
         25:26:c3:a1:e5:3a:df:be:f6:84:34:a7:2b:e6:43:6a:c5:70:
         d3:a1:bf:e5:0c:79:56:ab:73:b0:2b:3a:8f:29:44:95:95:f5:
         6e:e6:ca:7d:29:d8:aa:34:86:d2:89:98:6f:08:07:04:e0:3d:
         41:c4:de:df:ad:ba:41:5b:3d:82:9b:98:f5:86:c7:b8:6b:ef:
         1e:a3:12:81
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUE7lflPomeUv3C799H4unauA0DWgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMGJlMTJiOGY4MWM4MmM3NmY5NmU1YWU2NzRlZDdlY2Yz
MzZlMjdlMDlkYWJjMGQ1OTZjNmRjZDQwZDY0ZmM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkua1tg958OZq2QkldXKZyreNCVEjULPBUGOL8P6Td9Nja
mjh6NcS5g6EpvL29hMaCoNq2CRZRMVPuJAJu0o1Kjl5UFU5cnGpOepXoyoIjp6Uc
iFAOK6De6S7703JpDdBVHKBEru7gM7kqVjZnntfVwGnAKuJWnZpWL6pPFV+aaHaZ
tzRCSE7A/oSb3mQrD0B9UDKlKGk5331TBvn1+8M90OKatC5EphJyjX+IvpjvpzV+
hUMMS6VwGs7oA1PRM2JQHaqSExp2b6D4sMgu1MnDnY0Bum46lgigvpTl4GWWn+77
knickmJw8TZ0ndbZ1liGLP94vDCwNkgnKvXT2h1PAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUqbgBolhkm+byZAExvHLJElTXGeowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdmNmU4MjhjLWRhYjYtNDlmNi04MzZkLTcyZTFjMGRiNGZhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/74MAwDQYJKoZIhvcNAQELBQADggEBALTfKqn6pe8PFXiOsHZTeBEd
V6fqsC6ZQke2CFc+upJPJyCjcnY0dP0KULANX+dCVMZdErmOiLA2XInRRqQCTFhP
aNF3n9tdpfLooC8USHMa+jk0uaEfA1ws3CH2fE0AodHo8ReFPHLxw4KGCoFdsPVE
HOIIZRHTXJhw/h8JczQQrYMt5SDuunv85A6vONqWrTIUyfjV8NM2lBlY3szQh1Mx
jlN97h4eU0R91Q70wVFiKzkN1SUmw6HlOt++9oQ0pyvmQ2rFcNOhv+UMeVarc7Ar
Oo8pRJWV9W7myn0p2Ko0htKJmG8IBwTgPUHE3t+tukFbPYKbmPWGx7hr7x6jEoE=
-----END CERTIFICATE-----