Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a66f3aa-faf8-4541-b8b7-fedc5cb1e6c7.roa
File:                     9a66f3aa-faf8-4541-b8b7-fedc5cb1e6c7.roa (raw, json)
Hash identifier:          /UqAOBvevsg59rkQGmlPrD9sIDEzlzAHRAftcc9YwGc=
Subject key identifier:   9F:33:52:DD:AD:05:7B:CF:04:3C:3A:9B:97:02:B7:0C:7A:FD:31:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6AEC2C13B24DD69B70FBE895B2FB7F3B8E768AF0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a66f3aa-faf8-4541-b8b7-fedc5cb1e6c7.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:7400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:ec:2c:13:b2:4d:d6:9b:70:fb:e8:95:b2:fb:7f:3b:8e:76:8a:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=675ad29641f99aecd39024086847a3b2b498e3d6982e33844d2fb789e1492011, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:46:f3:b5:f7:65:6d:a4:c7:4c:bb:de:58:d4:
                    81:01:75:d9:6e:2f:f3:df:78:86:40:fc:9d:a9:84:
                    3e:67:7e:c9:f4:78:cd:01:c6:22:43:69:e2:63:02:
                    5b:77:af:f1:55:08:03:54:a9:3e:41:a8:fa:db:47:
                    1a:f0:ef:86:16:ae:f5:64:5c:0f:c3:9f:11:21:d0:
                    d7:bb:5d:f6:01:3b:2f:22:c7:3e:b6:73:d1:12:54:
                    fd:6d:bb:0a:be:50:3f:53:96:88:a7:8b:e4:b2:7f:
                    e3:ad:1f:f9:f8:66:53:aa:48:31:b2:7b:62:fe:59:
                    3e:ed:f9:50:86:4e:d1:a3:43:f5:fe:10:f6:7d:3d:
                    63:cf:cf:26:d7:7e:34:e1:68:7e:d8:b1:65:d1:3e:
                    35:b1:7c:e5:25:2f:38:04:d3:b1:49:e3:9b:ce:6a:
                    c4:20:81:19:92:69:de:7f:aa:1c:b8:2b:85:20:fd:
                    7f:71:79:11:f9:ff:5b:ad:d8:9a:f5:da:5a:2c:73:
                    1a:b9:a6:d8:a4:c6:3d:6b:cc:7b:cf:bb:b1:c7:68:
                    d1:90:90:8a:4e:64:88:68:17:33:d0:dd:be:f5:3b:
                    26:53:18:e3:d3:b9:54:09:5f:91:05:14:f6:d6:9a:
                    52:31:ae:e1:63:9c:21:1b:66:6d:56:29:a3:6a:94:
                    27:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:33:52:DD:AD:05:7B:CF:04:3C:3A:9B:97:02:B7:0C:7A:FD:31:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a66f3aa-faf8-4541-b8b7-fedc5cb1e6c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:b5:e1:7b:74:00:80:b1:f0:0e:dc:c8:c2:1c:d1:45:b2:8b:
         15:28:d4:33:d2:0e:fe:16:1f:9b:36:01:12:81:4b:f6:28:93:
         95:8a:f9:26:99:97:1c:ef:8c:38:70:23:11:5b:bc:89:fe:89:
         d2:3f:31:b5:89:2b:5c:3c:12:26:64:f4:8b:3b:eb:49:8a:75:
         55:d4:71:02:8c:df:94:51:b7:90:50:24:8e:cf:e3:b9:f5:eb:
         7a:43:98:c7:51:17:eb:e0:1e:95:a7:54:eb:91:2a:60:4c:fa:
         b5:cd:53:3c:74:2e:50:79:23:03:62:56:6c:33:d1:94:6d:90:
         07:b8:04:82:8f:6e:b4:74:21:d4:05:bc:51:17:2f:d0:ae:93:
         f9:99:2c:90:d5:3b:e1:eb:b2:bf:32:94:3b:e7:4a:1c:d3:07:
         cd:a8:c6:d1:94:0e:61:c6:1f:a5:c4:86:86:84:9d:e5:05:38:
         a0:b4:a2:ad:dd:61:fa:c4:05:81:4c:5b:51:f3:34:40:c8:f7:
         25:5f:67:74:51:f4:e4:8b:0f:c2:31:20:70:24:a3:a6:1b:19:
         d8:a0:ce:27:ae:b7:29:6c:43:f8:ec:d9:cb:c3:1c:d3:76:34:
         c9:1e:1e:cd:a8:fe:9b:ed:f7:36:1a:34:ce:d0:03:1b:57:f5:
         82:26:5d:32
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUauwsE7JN1ptw++iVsvt/O452ivAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NzVhZDI5NjQxZjk5YWVjZDM5MDI0MDg2ODQ3YTNiMmI0
OThlM2Q2OTgyZTMzODQ0ZDJmYjc4OWUxNDkyMDExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwRvO192VtpMdMu95Y1IEBddluL/PfeIZA/J2phD5nfsn0
eM0BxiJDaeJjAlt3r/FVCANUqT5BqPrbRxrw74YWrvVkXA/DnxEh0Ne7XfYBOy8i
xz62c9ESVP1tuwq+UD9Tloini+Syf+OtH/n4ZlOqSDGye2L+WT7t+VCGTtGjQ/X+
EPZ9PWPPzybXfjThaH7YsWXRPjWxfOUlLzgE07FJ45vOasQggRmSad5/qhy4K4Ug
/X9xeRH5/1ut2Jr12loscxq5ptikxj1rzHvPu7HHaNGQkIpOZIhoFzPQ3b71OyZT
GOPTuVQJX5EFFPbWmlIxruFjnCEbZm1WKaNqlCdjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUnzNS3a0Fe88EPDqblwK3DHr9MQEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhNjZmM2FhLWZhZjgtNDU0MS1iOGI3LWZlZGM1Y2IxZTZjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/xdDANBgkqhkiG9w0BAQsFAAOCAQEAwrXhe3QAgLHwDtzIwhzRRbKL
FSjUM9IO/hYfmzYBEoFL9iiTlYr5JpmXHO+MOHAjEVu8if6J0j8xtYkrXDwSJmT0
izvrSYp1VdRxAozflFG3kFAkjs/jufXrekOYx1EX6+AeladU65EqYEz6tc1TPHQu
UHkjA2JWbDPRlG2QB7gEgo9utHQh1AW8URcv0K6T+ZkskNU74euyvzKUO+dKHNMH
zajG0ZQOYcYfpcSGhoSd5QU4oLSird1h+sQFgUxbUfM0QMj3JV9ndFH05IsPwjEg
cCSjphsZ2KDOJ663KWxD+OzZy8Mc03Y0yR4ezaj+m+33Nho0ztADG1f1giZdMg==
-----END CERTIFICATE-----