Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c94e1df9-e2ea-43d4-bfd2-55468bd063cb.roa
File:                     c94e1df9-e2ea-43d4-bfd2-55468bd063cb.roa (raw, json)
Hash identifier:          xo9eWwuJ6GzO0xjyURMVEX6PaLpoFhP5FfP9GHHMPRY=
Subject key identifier:   B2:3F:19:22:27:D4:CD:5B:D1:52:59:4D:15:DC:37:4D:21:3C:AF:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       162E063BAD9F044E47AA1A142FEBD7D64569C009
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c94e1df9-e2ea-43d4-bfd2-55468bd063cb.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f70:5000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:2e:06:3b:ad:9f:04:4e:47:aa:1a:14:2f:eb:d7:d6:45:69:c0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=60b1ae1bc5d5b96261c67b8059d816c6600727e486f1acc08f2d39bf0748ba33, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2a:27:36:04:68:d5:34:e3:e3:01:4c:11:30:
                    01:9c:15:91:af:b7:2c:b1:f7:3f:1b:14:d4:e3:7b:
                    d2:09:cd:45:37:d0:46:6c:32:31:65:8c:6b:eb:d4:
                    d3:13:b2:46:b3:00:8e:c7:37:63:0a:26:d9:ff:b4:
                    90:68:70:2b:71:40:27:ca:f8:55:98:03:fd:36:63:
                    1b:f7:87:fb:6a:71:a5:6d:4b:e4:73:33:e9:93:e8:
                    d8:9c:e5:2d:5d:ec:6e:37:26:8e:32:b2:4e:69:da:
                    e6:47:73:d5:cd:4b:cb:7b:4f:45:a4:7c:32:be:e6:
                    60:c7:4d:7b:b9:e3:b7:5f:bd:dd:25:06:ca:89:0d:
                    3f:d1:c5:8b:ad:36:1e:96:6b:4f:dd:b6:26:a5:f8:
                    8e:cb:c2:aa:71:b3:4f:74:0d:ab:92:26:a1:9b:44:
                    5c:2b:24:f6:93:27:c4:68:57:cb:ca:a1:5d:7b:8f:
                    e2:7e:af:d6:16:43:57:1e:85:96:84:3f:3c:f7:94:
                    83:c8:5d:4b:d9:45:8e:4d:2c:b2:a9:5d:75:b3:df:
                    ad:18:b6:16:5d:02:c0:a6:15:be:a3:2c:6d:64:78:
                    b8:a0:21:a8:1e:23:41:e5:ec:cb:6d:89:e8:15:0e:
                    af:a7:99:ed:c4:be:e6:40:7d:91:a2:08:ff:8c:ce:
                    c6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:3F:19:22:27:D4:CD:5B:D1:52:59:4D:15:DC:37:4D:21:3C:AF:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c94e1df9-e2ea-43d4-bfd2-55468bd063cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         38:e9:af:76:1f:dd:15:67:c9:bc:a2:29:d9:f5:57:2a:a7:17:
         68:10:dd:b3:32:7b:cb:df:91:7e:dc:82:eb:48:e9:f0:e0:6e:
         41:58:26:7d:d3:9b:8a:7f:c9:3b:1c:1c:43:fd:2c:d7:10:8b:
         2a:48:b1:89:33:75:8a:ab:c6:95:47:c2:93:be:36:eb:ee:eb:
         7c:2a:f7:e8:75:ec:10:c9:ec:8a:22:d1:05:3f:21:15:5b:d2:
         85:04:41:04:18:17:50:e4:f5:2b:de:1c:2d:0d:a2:70:b2:45:
         79:e9:7e:7c:fa:92:1f:97:ad:c2:bf:a7:95:6a:6f:b3:a2:af:
         ef:9f:16:51:65:02:5d:b8:05:e0:a3:7e:6f:eb:7b:96:c9:13:
         b9:49:8c:70:50:57:7d:68:dd:96:e3:7e:e2:bd:21:68:ca:d0:
         ea:b8:52:93:b1:e4:9d:26:53:d5:4d:04:d0:54:f0:61:d3:54:
         84:83:a8:fc:51:f3:1f:fd:ff:43:d2:fe:3f:06:1a:e2:04:33:
         f7:9d:fd:d3:85:9c:37:f6:d3:d4:98:22:77:ba:44:ef:6e:8a:
         1e:6c:59:d1:bc:76:b1:d4:5c:4f:1d:04:fa:49:88:bb:c9:f4:
         67:b7:bd:df:5d:72:ec:0a:19:24:25:0e:a5:3c:18:3d:da:2a:
         c8:0a:27:c6
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUFi4GO62fBE5HqhoUL+vX1kVpwAkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MGIxYWUxYmM1ZDViOTYyNjFjNjdiODA1OWQ4MTZjNjYw
MDcyN2U0ODZmMWFjYzA4ZjJkMzliZjA3NDhiYTMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoKic2BGjVNOPjAUwRMAGcFZGvtyyx9z8bFNTje9IJzUU3
0EZsMjFljGvr1NMTskazAI7HN2MKJtn/tJBocCtxQCfK+FWYA/02Yxv3h/tqcaVt
S+RzM+mT6Nic5S1d7G43Jo4ysk5p2uZHc9XNS8t7T0WkfDK+5mDHTXu547dfvd0l
BsqJDT/RxYutNh6Wa0/dtial+I7Lwqpxs090DauSJqGbRFwrJPaTJ8RoV8vKoV17
j+J+r9YWQ1cehZaEPzz3lIPIXUvZRY5NLLKpXXWz360YthZdAsCmFb6jLG1keLig
IageI0Hl7MttiegVDq+nme3EvuZAfZGiCP+MzsaXAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUsj8ZIifUzVvRUllNFdw3TSE8rzgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M5NGUxZGY5LWUyZWEtNDNkNC1iZmQyLTU1NDY4YmQwNjNjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wUDANBgkqhkiG9w0BAQsFAAOCAQEAOOmvdh/dFWfJvKIp2fVXKqcX
aBDdszJ7y9+RftyC60jp8OBuQVgmfdObin/JOxwcQ/0s1xCLKkixiTN1iqvGlUfC
k7426+7rfCr36HXsEMnsiiLRBT8hFVvShQRBBBgXUOT1K94cLQ2icLJFeel+fPqS
H5etwr+nlWpvs6Kv758WUWUCXbgF4KN+b+t7lskTuUmMcFBXfWjdluN+4r0haMrQ
6rhSk7HknSZT1U0E0FTwYdNUhIOo/FHzH/3/Q9L+PwYa4gQz953904WcN/bT1Jgi
d7pE726KHmxZ0bx2sdRcTx0E+kmIu8n0Z7e9311y7AoZJCUOpTwYPdoqyAonxg==
-----END CERTIFICATE-----