Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d89855d3-ea99-4c70-9ca7-6599aed127bd.roa
File:                     d89855d3-ea99-4c70-9ca7-6599aed127bd.roa (raw, json)
Hash identifier:          +Bqmgm/BVVkFxfyraz5jEI3wCgZjK5KVVaM4jWwaRnQ=
Subject key identifier:   70:EA:1B:E8:BA:CF:76:F3:4A:5A:B3:FC:69:C5:FA:EF:AC:C9:FF:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4B07ACAAE5CA3B230C8AF614D22E1B71899F9F29
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d89855d3-ea99-4c70-9ca7-6599aed127bd.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff5:8000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:07:ac:aa:e5:ca:3b:23:0c:8a:f6:14:d2:2e:1b:71:89:9f:9f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=946ff2cef4d1ac30f12ff8762dfce77cbbb8d750f9657933e1294f7b85086c9b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b0:a5:f4:1a:4e:62:03:df:27:50:ab:52:73:
                    fd:94:9d:71:d0:e7:f8:c1:19:ee:f5:bf:db:c4:09:
                    f1:55:08:4b:12:5d:03:74:6f:6f:37:aa:94:d8:ac:
                    2b:e7:8a:44:65:a9:7b:22:94:c9:ce:ce:a0:85:03:
                    90:2c:1b:b3:06:8c:42:3a:bd:5d:da:dd:bc:74:3a:
                    fa:2f:3e:e5:a5:73:2f:fe:cc:c6:f6:3d:9e:b5:34:
                    b6:93:c0:0e:99:3d:35:c5:2e:f5:89:fd:73:46:b8:
                    4b:b0:b3:84:dd:a2:7a:ee:54:75:31:c6:10:de:d6:
                    bb:7d:aa:e1:c7:81:7a:53:02:41:98:fa:e4:9a:0b:
                    c1:46:e3:35:ef:2f:ef:3d:5d:a2:46:50:8b:7b:f9:
                    f4:b6:f2:9e:c8:9a:76:d0:34:b6:50:25:c2:ed:08:
                    83:10:b5:a8:09:03:1e:bd:32:cc:a2:b6:2e:e9:39:
                    39:b9:6c:dd:d0:e4:10:83:e7:f1:10:53:b3:9e:1d:
                    1b:a7:63:bd:7e:db:36:50:c7:d0:f2:25:a2:63:82:
                    74:bb:4d:6c:27:06:43:36:14:51:b0:6c:0f:8a:ec:
                    3e:82:2b:bb:31:14:93:f1:5d:21:36:95:fd:01:70:
                    a2:57:82:0a:20:b8:7d:e3:5d:7a:2d:45:52:5c:80:
                    6e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:EA:1B:E8:BA:CF:76:F3:4A:5A:B3:FC:69:C5:FA:EF:AC:C9:FF:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d89855d3-ea99-4c70-9ca7-6599aed127bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         39:8d:7e:dd:9a:11:91:cc:9b:c5:4c:d4:61:ad:06:5f:6c:80:
         41:ff:f1:09:3e:f5:03:09:cc:ee:9e:0f:fc:25:74:00:a4:ca:
         c7:9b:ee:36:8a:7f:67:ff:15:7c:a4:43:00:6a:2c:1c:0c:6f:
         a3:cf:be:7e:b4:24:74:9c:70:92:41:31:ca:d4:07:d4:85:7b:
         d9:7c:f3:92:68:31:55:4c:ab:62:ff:8c:fc:9d:6b:71:d6:f4:
         e1:1f:1a:d3:a6:80:9c:8e:70:df:b5:ac:32:cf:ad:bd:ee:f5:
         01:f5:15:b2:53:58:d5:84:93:42:ce:9b:d3:70:e8:c6:1b:a5:
         dc:a4:0c:8f:bf:7f:04:71:3c:37:5c:53:d5:a5:ce:63:d0:4c:
         85:e3:47:43:49:01:31:db:0f:97:27:b7:76:f8:de:1c:94:b7:
         75:83:1f:22:ea:32:5a:74:44:47:e3:3d:07:77:36:66:fc:d2:
         e4:8e:47:97:35:0d:18:a9:bf:1f:13:6c:05:c0:f5:73:56:61:
         6d:97:01:57:14:96:67:95:44:ea:94:a1:7f:e3:b8:02:7a:a9:
         4f:0f:b4:34:f5:f1:ae:ef:95:4a:2a:52:3d:c8:f2:54:b6:e7:
         44:f4:53:ae:f0:af:57:70:c5:c9:04:76:b5:6b:02:fa:7c:1f:
         0d:cd:f2:5c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUSwesquXKOyMMivYU0i4bcYmfnykwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDZmZjJjZWY0ZDFhYzMwZjEyZmY4NzYyZGZjZTc3Y2Ji
YjhkNzUwZjk2NTc5MzNlMTI5NGY3Yjg1MDg2YzliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwsKX0Gk5iA98nUKtSc/2UnXHQ5/jBGe71v9vECfFVCEsS
XQN0b283qpTYrCvnikRlqXsilMnOzqCFA5AsG7MGjEI6vV3a3bx0OvovPuWlcy/+
zMb2PZ61NLaTwA6ZPTXFLvWJ/XNGuEuws4TdonruVHUxxhDe1rt9quHHgXpTAkGY
+uSaC8FG4zXvL+89XaJGUIt7+fS28p7ImnbQNLZQJcLtCIMQtagJAx69Msyiti7p
OTm5bN3Q5BCD5/EQU7OeHRunY71+2zZQx9DyJaJjgnS7TWwnBkM2FFGwbA+K7D6C
K7sxFJPxXSE2lf0BcKJXggoguH3jXXotRVJcgG67AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUcOob6LrPdvNKWrP8acX676zJ/wMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4OTg1NWQzLWVhOTktNGM3MC05Y2E3LTY1OTlhZWQxMjdiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/1gDANBgkqhkiG9w0BAQsFAAOCAQEAOY1+3ZoRkcybxUzUYa0GX2yA
Qf/xCT71AwnM7p4P/CV0AKTKx5vuNop/Z/8VfKRDAGosHAxvo8++frQkdJxwkkEx
ytQH1IV72XzzkmgxVUyrYv+M/J1rcdb04R8a06aAnI5w37WsMs+tve71AfUVslNY
1YSTQs6b03Doxhul3KQMj79/BHE8N1xT1aXOY9BMheNHQ0kBMdsPlye3dvjeHJS3
dYMfIuoyWnRER+M9B3c2ZvzS5I5HlzUNGKm/HxNsBcD1c1ZhbZcBVxSWZ5VE6pSh
f+O4AnqpTw+0NPXxru+VSipSPcjyVLbnRPRTrvCvV3DFyQR2tWsC+nwfDc3yXA==
-----END CERTIFICATE-----