Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa
File:                     c88bc903-16fc-4d37-9398-665b5419307e.roa (raw, json)
Hash identifier:          ecjMRxFvQUAWbM6UZZNHm/w5/D+u8pozya5tIf0ohPc=
Subject key identifier:   8D:BD:55:9F:BB:C7:84:96:D4:F3:31:3B:EB:EB:13:09:8A:DC:DA:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C575C6B7D1CAB08894DD000BFFF760316FE16FD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f68:4000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:57:5c:6b:7d:1c:ab:08:89:4d:d0:00:bf:ff:76:03:16:fe:16:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: serialNumber=23f66593f18561488dbb94da225b1d383208678d2b140a462238fc489cb4e7fc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:88:a2:f9:98:e5:16:6a:75:69:b6:da:e5:7c:
                    a7:14:a0:e8:e8:58:e2:dd:06:3b:ae:76:82:f2:cc:
                    0b:4c:e1:39:88:fa:54:cf:90:63:7a:25:32:3d:6b:
                    ad:fa:59:cb:75:e8:c8:f7:ee:eb:7f:75:9e:84:fc:
                    6e:06:db:9a:bc:06:88:50:8a:2b:2c:68:0e:f0:55:
                    c4:d5:b4:02:28:52:ea:65:29:b9:6f:2b:c6:f6:e1:
                    d7:8d:27:9d:99:2b:95:5e:c6:ae:2c:5d:29:8f:54:
                    32:24:67:a9:58:5c:5d:12:c7:3c:dd:2b:37:db:9e:
                    c2:5e:3e:fd:b0:a7:9c:76:cd:56:48:61:c5:a3:2d:
                    e4:db:73:67:83:04:34:c4:ff:af:93:bf:1c:55:5b:
                    5b:9d:1b:6b:b0:94:c0:d2:4c:aa:c1:ed:c1:14:c3:
                    83:9a:0a:d3:eb:9d:17:9d:0d:3f:be:37:d8:33:e5:
                    14:a8:6a:a5:75:36:56:a5:1e:a5:59:db:26:a8:11:
                    96:24:bc:b7:93:d8:f8:69:aa:84:c6:73:ea:f7:42:
                    8f:3a:4d:c9:24:93:74:30:aa:c5:c2:3c:0f:99:08:
                    16:f6:22:9f:76:6c:77:c4:72:24:3f:34:02:2a:51:
                    25:f3:07:7e:bb:98:b6:e1:23:2d:d2:42:18:32:b4:
                    ca:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BD:55:9F:BB:C7:84:96:D4:F3:31:3B:EB:EB:13:09:8A:DC:DA:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f68:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         ab:04:6e:7d:1c:84:ac:af:1c:e8:9f:ae:b0:0f:f3:c3:aa:4e:
         a5:27:30:06:22:12:39:f4:dd:a0:14:a5:ab:c4:a8:9f:5d:90:
         40:ad:1d:63:8b:33:4b:5f:9c:56:9a:f8:dd:a1:07:2c:e2:e8:
         aa:f3:47:16:85:d5:ca:37:5b:05:87:74:3f:9e:be:ed:76:f6:
         0c:2f:51:1b:8f:8d:f0:8f:a8:47:f3:c4:a1:8a:a0:cc:03:53:
         43:cf:47:5e:fa:50:96:da:16:28:eb:6a:c1:32:4c:27:f5:c9:
         cd:11:4e:94:2d:c6:da:bb:3d:c8:c7:7d:19:33:66:04:4f:87:
         a1:33:44:c6:48:d3:31:27:6d:9a:3f:dc:6b:04:cf:e0:13:f0:
         bb:95:7f:91:5c:bf:ce:f7:38:42:0c:47:c6:4e:7e:05:b8:d8:
         69:c6:22:8f:95:5e:0d:16:67:86:66:62:ee:d3:78:b0:5d:dc:
         6d:1c:ab:6e:92:40:78:ef:b1:d1:b7:af:d2:31:8d:ac:23:e9:
         66:3c:91:84:e0:f8:68:e2:0b:60:70:75:e9:54:50:14:a5:4c:
         98:64:b4:47:79:42:14:64:73:d1:8c:59:de:47:69:97:f2:1d:
         13:06:50:96:00:d5:70:ea:2e:bd:26:bb:88:1e:f4:c7:a7:1c:
         94:43:23:e7
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUXFdca30cqwiJTdAAv/92Axb+Fv0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyM2Y2NjU5M2YxODU2MTQ4OGRiYjk0ZGEyMjViMWQzODMy
MDg2NzhkMmIxNDBhNDYyMjM4ZmM0ODljYjRlN2ZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDciKL5mOUWanVpttrlfKcUoOjoWOLdBjuudoLyzAtM4TmI
+lTPkGN6JTI9a636Wct16Mj37ut/dZ6E/G4G25q8BohQiissaA7wVcTVtAIoUupl
KblvK8b24deNJ52ZK5Vexq4sXSmPVDIkZ6lYXF0SxzzdKzfbnsJePv2wp5x2zVZI
YcWjLeTbc2eDBDTE/6+TvxxVW1udG2uwlMDSTKrB7cEUw4OaCtPrnRedDT++N9gz
5RSoaqV1NlalHqVZ2yaoEZYkvLeT2PhpqoTGc+r3Qo86Tckkk3QwqsXCPA+ZCBb2
Ip92bHfEciQ/NAIqUSXzB367mLbhIy3SQhgytMoRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUjb1Vn7vHhJbU8zE76+sTCYrc2s4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M4OGJjOTAzLTE2ZmMtNGQzNy05Mzk4LTY2NWI1NDE5MzA3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB9oQDANBgkqhkiG9w0BAQsFAAOCAQEAqwRufRyErK8c6J+usA/zw6pO
pScwBiISOfTdoBSlq8Son12QQK0dY4szS1+cVpr43aEHLOLoqvNHFoXVyjdbBYd0
P56+7Xb2DC9RG4+N8I+oR/PEoYqgzANTQ89HXvpQltoWKOtqwTJMJ/XJzRFOlC3G
2rs9yMd9GTNmBE+HoTNExkjTMSdtmj/cawTP4BPwu5V/kVy/zvc4QgxHxk5+BbjY
acYij5VeDRZnhmZi7tN4sF3cbRyrbpJAeO+x0bev0jGNrCPpZjyRhOD4aOILYHB1
6VRQFKVMmGS0R3lCFGRz0YxZ3kdpl/IdEwZQlgDVcOouvSa7iB70x6cclEMj5w==
-----END CERTIFICATE-----