Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9814519b-e29c-45df-b37a-f202bfa4d2cd.roa
File:                     9814519b-e29c-45df-b37a-f202bfa4d2cd.roa (raw, json)
Hash identifier:          gvn7yliw4tJjEhvIBMiTHbcAC95OXe9DRYtGfOu2MNU=
Subject key identifier:   65:8F:0C:E0:C4:A7:7C:C2:E1:EF:96:B8:A5:6B:25:2D:5B:74:38:E4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       552FA37D4E35AE36DDAE5E3FE7480EE8F6696553
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9814519b-e29c-45df-b37a-f202bfa4d2cd.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:5000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:2f:a3:7d:4e:35:ae:36:dd:ae:5e:3f:e7:48:0e:e8:f6:69:65:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=21cd0eaccdbaaeefccf70e5498d930e57cfee79786500786a011ad4fdaec3959, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:56:fa:16:84:86:06:4d:f5:19:ec:0f:45:11:
                    5c:9c:23:7e:8a:1f:02:a7:15:ec:bf:17:0a:27:28:
                    a9:a5:29:db:f0:77:53:e7:45:e8:85:75:7c:39:84:
                    49:fd:0c:98:ab:b1:3f:94:70:12:bd:9a:5c:37:27:
                    54:47:5e:cb:bc:35:bd:c6:0b:4b:9b:05:c2:d3:3b:
                    ab:41:89:8c:f9:42:43:c1:47:6b:7c:d9:33:fc:ca:
                    7f:b7:24:de:4f:ce:b2:d2:15:08:b9:54:18:77:ec:
                    74:f4:67:00:a6:f8:1f:53:69:5c:7a:d5:dd:15:b2:
                    a4:7b:29:14:c2:67:7e:35:b0:bc:9f:3e:33:89:64:
                    a2:cd:df:bd:ed:64:9c:8d:79:b6:1b:d0:91:f5:fe:
                    0d:78:55:9a:70:3c:66:fa:0f:a7:70:7c:67:52:a0:
                    25:6f:97:5d:19:d4:1c:10:44:87:74:f2:ec:b6:5a:
                    11:d1:3d:2f:f2:c4:2c:7a:2f:f9:f7:85:ab:d8:5b:
                    81:5e:cf:8e:3d:bc:a1:3f:1c:8c:65:4d:02:1b:53:
                    43:f1:a5:36:69:18:84:e4:0b:84:d1:ca:68:71:da:
                    d4:e9:46:f6:3c:78:35:38:35:c9:47:51:8e:26:a7:
                    3a:a7:1f:bd:a0:96:fd:ba:5e:a0:2f:86:d2:e4:11:
                    d4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:8F:0C:E0:C4:A7:7C:C2:E1:EF:96:B8:A5:6B:25:2D:5B:74:38:E4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9814519b-e29c-45df-b37a-f202bfa4d2cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         34:a4:3a:3f:ba:fb:41:d3:01:66:f2:72:a1:91:80:fc:e0:67:
         dd:5a:80:d2:85:21:69:43:ab:d3:15:81:a9:c3:e8:8e:32:2c:
         d5:e7:1a:88:3f:9b:b0:67:ae:b8:ff:26:f2:72:cc:65:51:2b:
         99:19:c8:f3:84:59:69:3d:46:88:82:05:fb:79:ef:9b:68:50:
         eb:ef:54:4e:c3:7c:a1:83:81:b5:97:52:d7:ff:8f:ec:91:9f:
         83:18:5a:d6:61:0b:d9:fb:47:40:8b:0b:53:0b:cc:46:95:1e:
         a2:c6:22:e1:11:c6:7e:36:f5:06:40:03:0e:3d:25:99:7f:99:
         3f:fc:b4:27:d6:77:91:18:27:07:6b:f8:88:ec:31:21:c0:b5:
         0f:af:67:5a:26:7b:41:e2:a4:e5:a6:eb:46:ed:bf:e2:7b:a8:
         39:d2:2c:76:6f:b3:ff:b5:66:08:56:30:85:f7:86:28:aa:d4:
         5f:dd:c1:a6:99:4c:1b:31:06:f8:66:87:bc:d9:8d:90:26:b1:
         f4:83:cb:0c:94:c3:03:c3:b7:8d:57:e6:da:44:ca:95:23:96:
         c1:76:c1:ce:27:4e:0f:14:f1:b9:63:16:e5:02:a2:f2:4c:43:
         92:25:73:db:2e:c3:58:35:ca:a3:bf:7a:b6:14:14:d3:b7:dc:
         2b:f3:73:cd
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUVS+jfU41rjbdrl4/50gO6PZpZVMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMWNkMGVhY2NkYmFhZWVmY2NmNzBlNTQ5OGQ5MzBlNTdj
ZmVlNzk3ODY1MDA3ODZhMDExYWQ0ZmRhZWMzOTU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUVvoWhIYGTfUZ7A9FEVycI36KHwKnFey/FwonKKmlKdvw
d1PnReiFdXw5hEn9DJirsT+UcBK9mlw3J1RHXsu8Nb3GC0ubBcLTO6tBiYz5QkPB
R2t82TP8yn+3JN5PzrLSFQi5VBh37HT0ZwCm+B9TaVx61d0VsqR7KRTCZ341sLyf
PjOJZKLN373tZJyNebYb0JH1/g14VZpwPGb6D6dwfGdSoCVvl10Z1BwQRId08uy2
WhHRPS/yxCx6L/n3havYW4Fez449vKE/HIxlTQIbU0PxpTZpGITkC4TRymhx2tTp
RvY8eDU4NclHUY4mpzqnH72glv26XqAvhtLkEdRzAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUZY8M4MSnfMLh75a4pWslLVt0OOQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4MTQ1MTliLWUyOWMtNDVkZi1iMzdhLWYyMDJiZmE0ZDJjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wUDANBgkqhkiG9w0BAQsFAAOCAQEANKQ6P7r7QdMBZvJyoZGA/OBn
3VqA0oUhaUOr0xWBqcPojjIs1ecaiD+bsGeuuP8m8nLMZVErmRnI84RZaT1GiIIF
+3nvm2hQ6+9UTsN8oYOBtZdS1/+P7JGfgxha1mEL2ftHQIsLUwvMRpUeosYi4RHG
fjb1BkADDj0lmX+ZP/y0J9Z3kRgnB2v4iOwxIcC1D69nWiZ7QeKk5abrRu2/4nuo
OdIsdm+z/7VmCFYwhfeGKKrUX93BpplMGzEG+GaHvNmNkCax9IPLDJTDA8O3jVfm
2kTKlSOWwXbBzidODxTxuWMW5QKi8kxDkiVz2y7DWDXKo796thQU07fcK/NzzQ==
-----END CERTIFICATE-----