Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abca4e34-4067-4f69-a8e5-ff555a04b157.roa
File:                     abca4e34-4067-4f69-a8e5-ff555a04b157.roa (raw, json)
Hash identifier:          IUN73UGT/YTz7sgy5oqwksLhmrIKs8oVblVqIWr3L1g=
Subject key identifier:   7B:F4:98:BF:AB:F2:09:70:E9:98:21:8C:ED:5B:E3:40:B5:D4:7B:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C8E9DA79F8B6BDAD65467E7AE22F0577DDCED93
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abca4e34-4067-4f69-a8e5-ff555a04b157.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:8180::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:8e:9d:a7:9f:8b:6b:da:d6:54:67:e7:ae:22:f0:57:7d:dc:ed:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=4fd822771d88a4ee242e4816a92a2a7c1875db63698a341a399fd8a52761a3f6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5a:cd:df:7a:13:46:59:be:88:03:9c:02:36:
                    f3:d1:b5:a6:56:20:2f:06:47:61:dc:4e:a6:6e:25:
                    eb:01:de:85:c3:10:7e:a0:2f:5d:93:87:3c:56:35:
                    d3:ef:f6:ac:c3:13:cb:6c:7a:ea:7c:05:21:de:30:
                    e5:02:0a:63:9a:2e:ed:65:7b:dd:ed:39:e8:8c:e3:
                    18:05:67:3e:a5:f1:b8:7a:2e:d7:af:01:ea:86:da:
                    31:3c:ec:75:91:0c:3e:bc:38:43:30:ed:39:09:98:
                    90:45:67:23:51:ce:c0:19:09:6d:d7:29:d3:9d:44:
                    e4:36:18:24:aa:3f:80:ae:64:a6:34:0f:29:5d:37:
                    fe:19:90:34:1e:76:2a:c8:27:09:af:78:61:20:7d:
                    05:70:e6:40:5c:e1:9c:ef:d3:f5:e1:b8:6b:29:5a:
                    05:a8:e7:62:f8:a8:ba:21:b8:9b:6e:3c:9f:16:30:
                    9e:0d:19:51:27:12:02:0d:5d:b6:e8:86:25:a8:6d:
                    97:2d:06:3c:4b:d1:df:da:f5:b5:81:0b:c0:07:03:
                    19:58:4a:9d:f6:90:d0:28:30:63:7f:f2:bb:28:c7:
                    bb:52:6d:93:70:65:96:65:6f:63:ca:0a:9c:a5:6a:
                    70:40:b7:46:bb:84:6d:0b:fb:b8:93:03:6a:a9:21:
                    60:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:F4:98:BF:AB:F2:09:70:E9:98:21:8C:ED:5B:E3:40:B5:D4:7B:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abca4e34-4067-4f69-a8e5-ff555a04b157.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:8180::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:e4:46:81:e5:52:40:79:f8:ee:77:dd:45:55:3f:a9:de:8d:
         24:21:9d:da:60:af:12:e8:b5:cb:0b:ba:9c:58:d2:c9:51:4c:
         ba:04:26:16:8c:b1:8a:39:b5:b0:4f:a5:6d:45:15:6e:db:5b:
         38:26:b9:62:5d:dc:41:4c:9e:f3:42:54:7a:4a:37:77:9f:a7:
         78:c0:b7:e3:1b:5d:32:d4:4f:1b:89:c7:dc:7f:7c:1b:5c:a0:
         6c:f3:29:56:a0:ec:45:0d:a0:27:3c:e5:49:23:ce:f8:2e:0f:
         68:58:ff:d4:a6:e4:30:ef:47:90:f8:c0:c8:f9:33:a9:01:39:
         41:89:67:2f:e4:bf:3c:47:ef:08:39:21:a2:45:c6:82:03:22:
         a4:90:62:83:c2:48:7e:c5:44:ff:35:69:2e:52:7f:bf:ce:91:
         e4:2c:31:9e:17:d7:9c:92:ff:68:c2:55:e3:9e:97:18:61:f3:
         e8:d8:9d:23:50:32:ef:40:f3:4d:8b:fd:90:ae:7e:de:bd:26:
         f5:ef:71:d8:0c:22:3b:0d:83:ce:d6:56:ba:5b:6b:c8:01:2c:
         52:de:ec:3c:d1:ae:14:fc:24:97:dd:d3:14:12:52:b3:e5:5d:
         91:08:82:4e:e5:09:61:67:2d:9a:5f:d1:db:d2:6c:92:7c:00:
         44:35:e3:90
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULI6dp5+La9rWVGfnriLwV33c7ZMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmQ4MjI3NzFkODhhNGVlMjQyZTQ4MTZhOTJhMmE3YzE4
NzVkYjYzNjk4YTM0MWEzOTlmZDhhNTI3NjFhM2Y2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaWs3fehNGWb6IA5wCNvPRtaZWIC8GR2HcTqZuJesB3oXD
EH6gL12ThzxWNdPv9qzDE8tseup8BSHeMOUCCmOaLu1le93tOeiM4xgFZz6l8bh6
LtevAeqG2jE87HWRDD68OEMw7TkJmJBFZyNRzsAZCW3XKdOdROQ2GCSqP4CuZKY0
DyldN/4ZkDQedirIJwmveGEgfQVw5kBc4Zzv0/XhuGspWgWo52L4qLohuJtuPJ8W
MJ4NGVEnEgINXbbohiWobZctBjxL0d/a9bWBC8AHAxlYSp32kNAoMGN/8rsox7tS
bZNwZZZlb2PKCpylanBAt0a7hG0L+7iTA2qpIWA1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUe/SYv6vyCXDpmCGM7VvjQLXUe+0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FiY2E0ZTM0LTQwNjctNGY2OS1hOGU1LWZmNTU1YTA0YjE1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AgYAwDQYJKoZIhvcNAQELBQADggEBAKLkRoHlUkB5+O533UVVP6ne
jSQhndpgrxLotcsLupxY0slRTLoEJhaMsYo5tbBPpW1FFW7bWzgmuWJd3EFMnvNC
VHpKN3efp3jAt+MbXTLUTxuJx9x/fBtcoGzzKVag7EUNoCc85UkjzvguD2hY/9Sm
5DDvR5D4wMj5M6kBOUGJZy/kvzxH7wg5IaJFxoIDIqSQYoPCSH7FRP81aS5Sf7/O
keQsMZ4X15yS/2jCVeOelxhh8+jYnSNQMu9A802L/ZCuft69JvXvcdgMIjsNg87W
Vrpba8gBLFLe7DzRrhT8JJfd0xQSUrPlXZEIgk7lCWFnLZpf0dvSbJJ8AEQ145A=
-----END CERTIFICATE-----