Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0a96416-5af5-491b-9304-164e9269c69c.roa
File:                     c0a96416-5af5-491b-9304-164e9269c69c.roa (raw, json)
Hash identifier:          CAzbJMskTOMh6Xj6u7bcz+8k8rEJTrWrXbyuRHHMVww=
Subject key identifier:   FD:D4:22:E8:35:63:4C:2C:B4:37:83:06:32:EB:2E:50:6C:11:45:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15F46C97BD9B56C98365A0CD0D39372B0FDE203C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0a96416-5af5-491b-9304-164e9269c69c.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:4080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:f4:6c:97:bd:9b:56:c9:83:65:a0:cd:0d:39:37:2b:0f:de:20:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=a90ea2af81e154c8b389450f57144c827dc66b4ee78d42daf3274c39b982e78f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1a:cf:78:27:8b:9d:ac:58:cd:67:1c:f2:1f:
                    28:10:49:b1:9f:ca:4b:c3:30:b9:ce:bf:09:3e:41:
                    56:4f:2a:6b:66:82:ee:7c:57:ae:73:e9:76:22:bc:
                    66:0e:7c:56:ab:56:65:5a:81:28:7d:48:47:e1:f0:
                    af:07:3e:d3:a7:41:8e:fd:72:c0:96:9a:9c:fa:85:
                    35:d2:0e:36:b8:82:2b:9c:6d:8e:cb:9b:6c:e9:66:
                    df:cc:49:52:64:2c:bc:35:a3:24:b7:be:f8:94:1a:
                    07:77:3e:28:63:c9:3c:e7:67:c6:16:34:67:87:4e:
                    b0:f4:a0:ea:3c:52:79:46:e4:13:c8:96:09:96:d5:
                    1a:a0:a3:a9:34:73:63:ef:2e:56:5e:79:7f:1a:da:
                    ba:ba:81:4c:6b:9b:ad:a0:b0:d3:ee:55:72:6d:ff:
                    ba:5d:f6:45:3f:97:a5:ad:fe:39:6e:0b:ad:ed:03:
                    91:cb:a1:8c:63:5a:74:f0:58:f4:3b:9f:49:98:92:
                    53:d3:dc:f0:df:4c:46:05:6d:a3:69:97:96:26:0d:
                    c0:ee:85:e5:09:6e:93:85:93:38:ca:78:e3:c0:7b:
                    eb:83:e8:21:e8:45:67:c0:70:8a:51:e0:78:a5:ec:
                    a8:27:73:52:c9:44:62:58:80:3a:96:33:3e:f7:84:
                    ae:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D4:22:E8:35:63:4C:2C:B4:37:83:06:32:EB:2E:50:6C:11:45:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0a96416-5af5-491b-9304-164e9269c69c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:4080::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:d8:a3:2b:dc:3e:19:6f:32:ea:eb:59:c6:fa:53:ad:93:7d:
         00:82:dd:8c:c8:ed:c2:d5:61:b9:c5:03:d4:7d:c0:de:9c:8e:
         3f:4f:6c:42:fe:f2:1f:41:17:2a:0e:59:2d:bc:e3:66:9d:c1:
         d6:4c:8c:fe:08:24:5e:d4:67:04:fc:0f:c2:8f:f4:9a:00:4d:
         39:8f:88:b5:eb:f2:4e:f8:23:3b:52:3a:8d:20:f6:ee:eb:c5:
         aa:af:76:c4:06:19:c3:e4:34:6e:76:45:b5:27:c4:3c:93:4f:
         f9:30:33:16:56:b1:69:2c:91:5b:4f:38:41:88:cd:16:14:96:
         f8:83:f5:13:72:54:41:82:0c:6b:b9:1a:34:07:a6:b5:41:cd:
         0d:02:7b:70:8d:48:35:12:03:5f:1e:19:7f:49:5a:cd:ca:29:
         9d:05:c8:95:c8:ae:56:bb:e4:97:ab:09:24:80:c1:3c:63:05:
         37:ea:f2:04:cc:49:4b:48:44:79:7d:f8:8b:0b:26:31:d1:8e:
         f4:82:35:df:d3:2a:64:88:d0:87:2d:bc:fa:7f:eb:c3:44:eb:
         b0:77:6a:a3:bd:d4:21:b5:18:2a:de:90:2d:e7:05:98:ff:e3:
         a5:ad:04:c4:dc:41:c9:a5:5b:24:79:cf:c4:31:ea:23:49:4e:
         61:5d:7d:9e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUFfRsl72bVsmDZaDNDTk3Kw/eIDwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTBlYTJhZjgxZTE1NGM4YjM4OTQ1MGY1NzE0NGM4Mjdk
YzY2YjRlZTc4ZDQyZGFmMzI3NGMzOWI5ODJlNzhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6Gs94J4udrFjNZxzyHygQSbGfykvDMLnOvwk+QVZPKmtm
gu58V65z6XYivGYOfFarVmVagSh9SEfh8K8HPtOnQY79csCWmpz6hTXSDja4giuc
bY7Lm2zpZt/MSVJkLLw1oyS3vviUGgd3PihjyTznZ8YWNGeHTrD0oOo8UnlG5BPI
lgmW1Rqgo6k0c2PvLlZeeX8a2rq6gUxrm62gsNPuVXJt/7pd9kU/l6Wt/jluC63t
A5HLoYxjWnTwWPQ7n0mYklPT3PDfTEYFbaNpl5YmDcDuheUJbpOFkzjKeOPAe+uD
6CHoRWfAcIpR4Hil7Kgnc1LJRGJYgDqWMz73hK5dAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU/dQi6DVjTCy0N4MGMusuUGwRReswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwYTk2NDE2LTVhZjUtNDkxYi05MzA0LTE2NGU5MjY5YzY5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hQIAwDQYJKoZIhvcNAQELBQADggEBAJrYoyvcPhlvMurrWcb6U62T
fQCC3YzI7cLVYbnFA9R9wN6cjj9PbEL+8h9BFyoOWS2842adwdZMjP4IJF7UZwT8
D8KP9JoATTmPiLXr8k74IztSOo0g9u7rxaqvdsQGGcPkNG52RbUnxDyTT/kwMxZW
sWkskVtPOEGIzRYUlviD9RNyVEGCDGu5GjQHprVBzQ0Ce3CNSDUSA18eGX9JWs3K
KZ0FyJXIrla75JerCSSAwTxjBTfq8gTMSUtIRHl9+IsLJjHRjvSCNd/TKmSI0Ict
vPp/68NE67B3aqO91CG1GCrekC3nBZj/46WtBMTcQcmlWyR5z8Qx6iNJTmFdfZ4=
-----END CERTIFICATE-----