Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d864abe-fc66-4c0d-90e8-605fc9ba487c.roa
File:                     8d864abe-fc66-4c0d-90e8-605fc9ba487c.roa (raw, json)
Hash identifier:          SRGYJIB3ekSflTkxxMJZ47JdpfDqD1yG+XKQD1HsPJA=
Subject key identifier:   8E:6A:E8:F5:AC:0E:97:59:4D:1A:C4:29:8D:07:D1:E3:66:AF:7F:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       35BF186BE2756D68EDB4E9891FFD289FDAB11720
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d864abe-fc66-4c0d-90e8-605fc9ba487c.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:4040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:bf:18:6b:e2:75:6d:68:ed:b4:e9:89:1f:fd:28:9f:da:b1:17:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=85ed23f7693f88da0bb22a3c36e20e013e69c3da7e9e35f916bc40ffa4be34b6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:70:64:0e:28:00:06:51:99:d3:61:77:f0:45:
                    f4:00:f3:f9:1a:1a:99:aa:44:d5:9d:d4:b3:b9:fa:
                    ac:c3:8b:9e:69:56:9b:b4:80:19:81:b7:26:30:a8:
                    f9:55:f0:b8:05:ae:f7:46:bb:de:64:04:65:f0:9a:
                    3f:34:c9:68:02:00:4c:75:62:51:84:0f:4d:37:f1:
                    4a:80:af:b4:6b:57:dc:a7:d9:38:59:5a:7e:77:d8:
                    75:5e:f9:48:3e:ec:2d:89:59:ae:9d:15:41:1a:0c:
                    ae:b6:7f:27:4b:a0:01:64:0e:f9:ab:06:ec:30:09:
                    af:b2:cb:62:f3:b6:e9:0b:a5:46:9a:61:d9:45:55:
                    e3:6b:a4:b1:99:7e:10:b9:ed:04:9f:92:d3:a5:1b:
                    42:b3:61:91:62:08:97:67:b3:a5:85:a1:5f:04:0d:
                    da:87:d8:d6:e1:57:47:bd:a2:e5:08:a9:0f:18:c7:
                    ff:05:a4:83:19:cc:44:b9:d4:57:c2:f7:48:9a:b2:
                    86:f0:47:79:12:6f:77:95:f8:65:e4:06:68:42:12:
                    95:d4:eb:37:97:fe:8b:e5:8b:d8:51:6d:b8:d1:76:
                    b4:8b:6b:56:e4:8d:7c:bb:a1:4f:e4:c0:b6:39:20:
                    20:0d:f9:38:34:66:dd:49:aa:1b:c3:0f:11:27:b0:
                    48:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:6A:E8:F5:AC:0E:97:59:4D:1A:C4:29:8D:07:D1:E3:66:AF:7F:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d864abe-fc66-4c0d-90e8-605fc9ba487c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:4040::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:af:ce:0c:c1:a2:cb:39:2a:0e:fc:d2:ed:5b:14:cd:e1:e8:
         59:3a:d6:ec:17:83:47:fa:77:93:68:aa:b1:e2:19:d3:85:5c:
         4a:79:4a:60:c3:65:86:d2:00:9b:88:78:5d:8d:b0:a4:f0:fb:
         e0:5b:ff:51:e1:8c:e5:38:92:ae:ce:27:5b:32:26:2a:f9:34:
         ba:c6:54:6b:01:36:39:fc:55:74:a9:60:93:99:57:b6:22:7b:
         c4:0a:6e:a8:7b:e1:fd:84:b4:25:d6:1f:f4:e3:b6:96:d3:ca:
         a1:9f:d5:d7:0e:a3:67:09:9a:b3:48:50:ae:c7:23:55:6f:3b:
         c7:bb:8c:9e:b0:ef:68:19:dd:cd:ab:66:d7:26:45:f8:51:97:
         bc:0a:0c:8b:50:00:e0:92:a0:b4:e2:c3:83:d5:b3:cb:fc:f9:
         f1:16:71:27:4f:98:99:e8:82:48:d3:b5:af:57:dc:1d:90:aa:
         b6:75:32:80:88:ba:4c:54:c0:c4:f8:ec:4e:2f:30:ed:de:00:
         ca:41:e3:0e:e7:3b:5e:55:e3:b2:4f:5d:9c:b4:02:ed:26:ec:
         a4:92:09:8c:4f:fa:8e:f5:cb:93:7a:c7:93:9a:af:78:81:e2:
         eb:4f:b2:d8:4f:83:74:d7:6d:51:89:2f:fd:e1:9b:cc:28:52:
         0d:b0:1f:d1
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUNb8Ya+J1bWjttOmJH/0on9qxFyAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWVkMjNmNzY5M2Y4OGRhMGJiMjJhM2MzNmUyMGUwMTNl
NjljM2RhN2U5ZTM1ZjkxNmJjNDBmZmE0YmUzNGI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1cGQOKAAGUZnTYXfwRfQA8/kaGpmqRNWd1LO5+qzDi55p
Vpu0gBmBtyYwqPlV8LgFrvdGu95kBGXwmj80yWgCAEx1YlGED0038UqAr7RrV9yn
2ThZWn532HVe+Ug+7C2JWa6dFUEaDK62fydLoAFkDvmrBuwwCa+yy2LztukLpUaa
YdlFVeNrpLGZfhC57QSfktOlG0KzYZFiCJdns6WFoV8EDdqH2NbhV0e9ouUIqQ8Y
x/8FpIMZzES51FfC90iasobwR3kSb3eV+GXkBmhCEpXU6zeX/ovli9hRbbjRdrSL
a1bkjXy7oU/kwLY5ICAN+Tg0Zt1JqhvDDxEnsEhnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUjmro9awOl1lNGsQpjQfR42avf8UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkODY0YWJlLWZjNjYtNGMwZC05MGU4LTYwNWZjOWJhNDg3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/yQEAwDQYJKoZIhvcNAQELBQADggEBAEWvzgzBoss5Kg780u1bFM3h
6Fk61uwXg0f6d5NoqrHiGdOFXEp5SmDDZYbSAJuIeF2NsKTw++Bb/1HhjOU4kq7O
J1syJir5NLrGVGsBNjn8VXSpYJOZV7Yie8QKbqh74f2EtCXWH/TjtpbTyqGf1dcO
o2cJmrNIUK7HI1VvO8e7jJ6w72gZ3c2rZtcmRfhRl7wKDItQAOCSoLTiw4PVs8v8
+fEWcSdPmJnogkjTta9X3B2QqrZ1MoCIukxUwMT47E4vMO3eAMpB4w7nO15V47JP
XZy0Au0m7KSSCYxP+o71y5N6x5Oar3iB4utPsthPg3TXbVGJL/3hm8woUg2wH9E=
-----END CERTIFICATE-----