Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dac6d91f-0131-4f38-be3d-421eba8e0816.roa
File:                     dac6d91f-0131-4f38-be3d-421eba8e0816.roa (raw, json)
Hash identifier:          /bxJeqhyEEVw9yMiOwVK6I2OL+J0wwSYH19jZygZSIU=
Subject key identifier:   E0:5E:EE:15:53:AB:32:8F:1F:39:79:EC:88:99:B7:CA:2A:76:3B:A0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77E505D1586BF6F29848093EED8B9D662F7BD85B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dac6d91f-0131-4f38-be3d-421eba8e0816.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f69:c040::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:e5:05:d1:58:6b:f6:f2:98:48:09:3e:ed:8b:9d:66:2f:7b:d8:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=ed8bf7381c9721364e69b7c13c65594fc14a49d3271e612448445e44c62148f8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:78:c0:d1:bc:1c:db:6e:3c:b5:be:8a:01:fd:
                    6a:e6:5b:34:c0:1f:af:47:50:a6:51:98:45:c0:a2:
                    54:91:14:b7:39:f6:ba:7e:45:d0:33:89:10:f5:85:
                    da:c2:28:1b:30:82:0b:50:1c:de:91:13:43:6a:b8:
                    d3:8a:e4:39:65:1e:b8:ed:70:0b:bb:60:a7:ee:bc:
                    69:55:53:1b:d4:02:43:33:d4:ed:65:55:72:9f:63:
                    2b:9a:c1:99:18:77:ea:17:9d:68:69:cc:b8:b4:1d:
                    6d:7d:81:b7:63:5b:d7:ca:d8:d9:f0:10:dc:07:a3:
                    3d:39:d6:34:c3:5a:5f:ba:68:2c:a7:f2:5d:a9:2e:
                    61:03:85:aa:89:9a:74:c0:04:32:c7:a0:51:76:dd:
                    7a:7d:1d:e9:8d:d6:ac:7a:d2:a0:ac:05:9d:20:85:
                    33:ca:49:84:8f:19:e9:e6:05:c9:89:ec:01:aa:5b:
                    86:e4:75:e9:04:a8:4a:95:4b:e7:1a:37:1d:7c:b6:
                    0a:95:19:2c:bc:0c:62:01:eb:69:77:94:4d:47:ed:
                    2d:f5:b6:6d:99:2a:3a:f3:fe:28:58:de:f5:f8:5d:
                    3e:09:cf:17:56:9a:b1:b5:d6:df:f2:68:5c:c4:f9:
                    31:72:58:c7:ec:eb:65:35:5f:89:8c:c7:78:d2:34:
                    84:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:5E:EE:15:53:AB:32:8F:1F:39:79:EC:88:99:B7:CA:2A:76:3B:A0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dac6d91f-0131-4f38-be3d-421eba8e0816.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:c040::/46

    Signature Algorithm: sha256WithRSAEncryption
         64:12:9f:98:2a:ca:bc:3f:37:7f:b6:ae:6d:62:5d:ce:d8:75:
         14:a2:db:9f:7e:a2:ab:04:24:34:94:52:e7:51:f5:0e:f2:97:
         ad:3f:c5:1d:42:33:a5:25:83:ea:49:a7:a8:dc:cf:4f:ba:25:
         9b:fc:b0:3a:12:ee:a5:4f:e3:64:c3:76:50:2e:2f:5b:9a:0b:
         9a:04:05:5f:79:7a:52:3b:6f:66:96:e3:60:fa:12:5d:0e:75:
         dc:4f:c8:96:b9:94:7a:0f:0d:a6:0d:86:e1:40:b1:12:50:c2:
         75:0b:19:fb:e1:e9:8c:8b:48:9c:17:c6:0e:52:70:2a:99:61:
         38:c6:ef:b9:c7:47:9c:e3:36:2c:a5:93:ba:a5:9c:08:53:0c:
         c2:1e:63:1e:56:46:71:87:22:63:aa:b2:c5:06:5e:6b:83:5e:
         bf:de:d8:9d:49:11:cd:0c:06:7a:bd:c9:09:0a:c0:fb:04:ea:
         2b:59:42:3f:9f:e6:90:10:19:4e:95:51:25:83:10:57:dd:54:
         09:76:d3:39:6c:e8:b9:b3:64:f4:60:10:fe:ae:52:0f:67:55:
         e1:56:c0:05:3b:91:e0:bd:67:cf:bd:04:5e:33:db:b9:00:61:
         45:96:88:11:19:e9:0f:07:ed:38:e7:8c:e3:23:9c:a4:de:75:
         2f:b0:ea:a7
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUd+UF0Vhr9vKYSAk+7YudZi972FswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDhiZjczODFjOTcyMTM2NGU2OWI3YzEzYzY1NTk0ZmMx
NGE0OWQzMjcxZTYxMjQ0ODQ0NWU0NGM2MjE0OGY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCueMDRvBzbbjy1vooB/WrmWzTAH69HUKZRmEXAolSRFLc5
9rp+RdAziRD1hdrCKBswggtQHN6RE0NquNOK5DllHrjtcAu7YKfuvGlVUxvUAkMz
1O1lVXKfYyuawZkYd+oXnWhpzLi0HW19gbdjW9fK2NnwENwHoz051jTDWl+6aCyn
8l2pLmEDhaqJmnTABDLHoFF23Xp9HemN1qx60qCsBZ0ghTPKSYSPGenmBcmJ7AGq
W4bkdekEqEqVS+caNx18tgqVGSy8DGIB62l3lE1H7S31tm2ZKjrz/ihY3vX4XT4J
zxdWmrG11t/yaFzE+TFyWMfs62U1X4mMx3jSNIShAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU4F7uFVOrMo8fOXnsiJm3yip2O6AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhYzZkOTFmLTAxMzEtNGYzOC1iZTNkLTQyMWViYThlMDgxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB9pwEAwDQYJKoZIhvcNAQELBQADggEBAGQSn5gqyrw/N3+2rm1iXc7Y
dRSi259+oqsEJDSUUudR9Q7yl60/xR1CM6Ulg+pJp6jcz0+6JZv8sDoS7qVP42TD
dlAuL1uaC5oEBV95elI7b2aW42D6El0OddxPyJa5lHoPDaYNhuFAsRJQwnULGfvh
6YyLSJwXxg5ScCqZYTjG77nHR5zjNiylk7qlnAhTDMIeYx5WRnGHImOqssUGXmuD
Xr/e2J1JEc0MBnq9yQkKwPsE6itZQj+f5pAQGU6VUSWDEFfdVAl20zls6LmzZPRg
EP6uUg9nVeFWwAU7keC9Z8+9BF4z27kAYUWWiBEZ6Q8H7TjnjOMjnKTedS+w6qc=
-----END CERTIFICATE-----