Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/acd929a8-008d-4a9f-82fa-61b37285a49d.roa
File:                     acd929a8-008d-4a9f-82fa-61b37285a49d.roa (raw, json)
Hash identifier:          nTMguETGWiorxbZvuWDYcguJlz+Ed3ZFx7lM8RTbv/Q=
Subject key identifier:   28:D5:95:43:AF:E0:A6:ED:F2:5F:42:E8:C4:BB:7C:CD:98:CF:90:3F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73B930C92B44CF716F7A5A498BFB7610B71DCAA4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/acd929a8-008d-4a9f-82fa-61b37285a49d.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:3440::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:b9:30:c9:2b:44:cf:71:6f:7a:5a:49:8b:fb:76:10:b7:1d:ca:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=1b2ab6c0fa08552e655135d89dbeccaec6af7fa350058018694daa088cf3d9b5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e5:1e:58:70:a1:f5:92:cc:07:f9:2b:e7:68:
                    b7:10:ae:2f:68:08:c0:e0:50:3c:31:65:08:89:ed:
                    49:e6:16:05:52:89:d6:ae:50:96:04:89:18:e0:16:
                    53:fe:e2:11:33:1a:c2:d7:9f:13:2b:13:14:3a:29:
                    69:02:01:f3:21:e6:3e:ae:bf:a0:ea:92:cd:f7:81:
                    2d:22:b6:a8:e1:f6:00:8c:fa:c9:8f:dd:78:d0:29:
                    de:71:21:57:22:28:24:21:60:71:c1:36:2f:4a:7a:
                    00:ca:3b:cf:9e:6c:da:ab:12:a3:32:50:ca:8b:3f:
                    85:be:20:cf:8f:90:59:77:9b:c7:39:59:26:e8:70:
                    3c:fe:8d:c6:e4:b5:50:05:1b:a6:0d:8f:41:6f:fb:
                    98:39:fd:d9:e0:75:c7:87:f4:74:ba:16:f9:20:53:
                    5d:2d:7b:54:84:4e:f7:7c:f3:92:1d:46:22:15:0c:
                    80:c7:d8:68:23:a1:e4:17:18:06:bb:35:3c:4a:5a:
                    61:b5:0f:ad:02:31:3b:0e:02:7f:c5:2a:7c:bc:18:
                    d7:1a:f2:20:73:ff:16:37:99:13:e9:5f:f8:86:5e:
                    95:7f:23:8a:f2:3c:f8:2b:3e:85:a0:40:05:da:d6:
                    ae:96:75:ac:04:98:2b:08:bd:80:5e:ab:f2:7e:70:
                    74:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D5:95:43:AF:E0:A6:ED:F2:5F:42:E8:C4:BB:7C:CD:98:CF:90:3F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/acd929a8-008d-4a9f-82fa-61b37285a49d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:3440::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:9f:d7:42:7d:59:3b:c1:bb:2d:fb:80:43:01:d6:a5:96:8c:
         2b:8d:95:1a:68:f6:05:8b:0f:a7:b2:de:02:7b:bb:e5:ac:9b:
         a7:6f:fa:6c:67:54:09:e0:fe:d7:0b:b2:41:51:23:42:04:b7:
         55:04:e0:15:72:f1:20:d5:d3:f7:b4:3d:f5:f1:5a:49:72:d2:
         b2:8a:7f:d7:d7:50:88:a9:3a:28:f4:a8:d0:72:bb:46:49:7f:
         ba:03:05:06:c0:1a:36:6b:5e:e0:19:da:89:5b:21:32:f3:81:
         64:d5:49:c8:7e:5e:dd:5e:b5:71:fc:ef:ee:7a:4d:5d:ca:8f:
         d6:72:c5:4f:78:5d:be:8a:e8:e8:5f:51:0d:88:90:07:1e:18:
         21:fe:1a:05:71:c8:19:b2:27:55:0f:ad:9a:55:d9:77:ff:92:
         3c:ab:63:73:6f:3a:b9:6b:16:ae:b5:d7:f2:26:77:3d:d2:c6:
         7f:85:1e:e3:ca:5a:c2:88:7e:a0:b3:9e:0b:11:1b:23:52:6b:
         16:c2:9d:1c:c3:0a:3d:e6:a1:82:aa:6e:7f:d8:29:89:1f:db:
         3e:31:d1:c7:bc:eb:e8:8a:1b:aa:30:bf:d7:6a:7c:b7:59:0c:
         d6:c8:29:ff:67:b0:68:a1:49:a8:b2:58:69:41:f5:6d:01:b9:
         a9:f3:ec:f4
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUc7kwyStEz3FvelpJi/t2ELcdyqQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjJhYjZjMGZhMDg1NTJlNjU1MTM1ZDg5ZGJlY2NhZWM2
YWY3ZmEzNTAwNTgwMTg2OTRkYWEwODhjZjNkOWI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCR5R5YcKH1kswH+SvnaLcQri9oCMDgUDwxZQiJ7UnmFgVS
idauUJYEiRjgFlP+4hEzGsLXnxMrExQ6KWkCAfMh5j6uv6Dqks33gS0itqjh9gCM
+smP3XjQKd5xIVciKCQhYHHBNi9KegDKO8+ebNqrEqMyUMqLP4W+IM+PkFl3m8c5
WSbocDz+jcbktVAFG6YNj0Fv+5g5/dngdceH9HS6FvkgU10te1SETvd885IdRiIV
DIDH2GgjoeQXGAa7NTxKWmG1D60CMTsOAn/FKny8GNca8iBz/xY3mRPpX/iGXpV/
I4ryPPgrPoWgQAXa1q6WdawEmCsIvYBeq/J+cHTLAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUKNWVQ6/gpu3yX0LoxLt8zZjPkD8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FjZDkyOWE4LTAwOGQtNGE5Zi04MmZhLTYxYjM3Mjg1YTQ5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84NEAwDQYJKoZIhvcNAQELBQADggEBALif10J9WTvBuy37gEMB1qWW
jCuNlRpo9gWLD6ey3gJ7u+Wsm6dv+mxnVAng/tcLskFRI0IEt1UE4BVy8SDV0/e0
PfXxWkly0rKKf9fXUIipOij0qNByu0ZJf7oDBQbAGjZrXuAZ2olbITLzgWTVSch+
Xt1etXH87+56TV3Kj9ZyxU94Xb6K6OhfUQ2IkAceGCH+GgVxyBmyJ1UPrZpV2Xf/
kjyrY3NvOrlrFq611/Imdz3Sxn+FHuPKWsKIfqCzngsRGyNSaxbCnRzDCj3moYKq
bn/YKYkf2z4x0ce86+iKG6owv9dqfLdZDNbIKf9nsGihSaiyWGlB9W0Buanz7PQ=
-----END CERTIFICATE-----