Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea48da40-e606-40ca-a47e-49973c2920b0.roa
File:                     ea48da40-e606-40ca-a47e-49973c2920b0.roa (raw, json)
Hash identifier:          +ExLMo6hb/a6WcMZMmKDRbkqn2ViC65n3qQp/0tYROE=
Subject key identifier:   6A:BE:D8:9A:82:72:4B:B4:EB:82:0F:CE:25:7B:55:77:CB:D5:C2:3F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       07FB1A110247B9D229E98AC0479E293BA5465D21
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea48da40-e606-40ca-a47e-49973c2920b0.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fb8:8000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:fb:1a:11:02:47:b9:d2:29:e9:8a:c0:47:9e:29:3b:a5:46:5d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=ac70b28721d05f0502e6dcd7915d19a31460ef9b89d47de0a638f2406fe72fdc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:41:a5:66:b2:29:6c:36:65:7f:07:0e:91:97:
                    d5:c2:db:ef:aa:ef:fa:0a:f9:e0:4d:8b:07:82:d7:
                    73:6e:5f:57:d5:3b:ae:81:3b:88:0e:bd:94:ba:42:
                    ca:46:96:81:f9:2b:a2:1a:36:4c:a2:e2:c0:5a:3c:
                    96:fe:59:af:4c:38:ff:ec:b4:b5:6e:28:5f:5b:88:
                    a6:e4:b3:03:6c:ce:19:16:f4:f7:ea:80:3d:e1:5f:
                    20:9b:f3:67:2f:2a:60:01:48:d8:ff:26:12:19:2c:
                    eb:33:56:6a:09:6f:b5:ac:08:a3:9a:18:fd:fd:0d:
                    78:87:a1:44:39:69:90:b3:1d:f0:6b:20:2d:4f:19:
                    71:ca:54:be:b2:f1:8e:84:6e:1d:45:28:59:64:77:
                    56:a0:10:44:d8:a1:ef:4c:4c:64:fc:b0:96:76:38:
                    c5:8f:9e:38:92:a8:1d:eb:ef:00:40:46:61:13:62:
                    95:1c:b7:70:c5:21:52:db:a1:02:01:c5:86:f6:b4:
                    d2:ca:c0:70:42:11:9f:c6:df:4c:f6:28:a8:cc:9a:
                    0d:eb:4d:85:11:77:ce:ae:d7:34:e7:7f:c4:58:e4:
                    90:66:34:c7:ae:aa:07:59:3f:1a:07:2d:fb:57:24:
                    b4:26:97:63:86:7f:81:1b:9f:31:71:d2:5a:8c:03:
                    64:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:BE:D8:9A:82:72:4B:B4:EB:82:0F:CE:25:7B:55:77:CB:D5:C2:3F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea48da40-e606-40ca-a47e-49973c2920b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb8:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         14:da:2e:8b:e7:c2:5c:86:da:a6:41:3d:aa:55:2c:ca:20:4a:
         63:46:5b:c2:c4:22:9a:0e:54:84:a9:19:5b:5e:d1:c5:bc:b7:
         1d:8d:36:e0:c2:b0:11:7c:e6:81:5a:4f:8c:ad:e9:99:a7:90:
         5b:ac:d4:20:34:e9:00:5d:4f:d0:ba:1c:18:3b:81:f6:a7:2b:
         26:43:f2:bf:ef:52:8d:a8:bf:42:e6:e6:f4:83:7e:f1:e1:44:
         82:6a:e6:67:6c:5a:b4:df:bc:8e:63:f2:02:0c:11:6c:43:24:
         b3:cf:9c:cf:9a:02:a6:0c:b2:a9:11:e6:a9:49:87:39:79:12:
         66:a2:c3:6a:d1:22:f2:6d:89:5a:d0:0d:32:8d:8a:91:8f:6f:
         fd:c8:d7:dd:f9:3e:a2:0f:e7:da:52:f3:cd:fb:05:35:11:55:
         fe:f3:a3:97:02:80:48:7f:07:32:0a:ea:75:bf:02:07:73:58:
         32:aa:fa:08:d7:ab:d5:66:88:d6:b7:fd:c7:af:16:57:56:13:
         6e:b2:e9:c0:89:8c:c2:90:70:1d:1b:a4:9b:44:c9:14:da:c2:
         2d:92:8e:77:33:02:24:cf:64:15:af:86:59:c5:71:25:d1:23:
         35:c9:7c:67:a9:b5:93:11:e1:e9:03:09:70:9d:0e:ff:4d:68:
         77:b8:e2:17
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUB/saEQJHudIp6YrAR54pO6VGXSEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzcwYjI4NzIxZDA1ZjA1MDJlNmRjZDc5MTVkMTlhMzE0
NjBlZjliODlkNDdkZTBhNjM4ZjI0MDZmZTcyZmRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5QaVmsilsNmV/Bw6Rl9XC2++q7/oK+eBNiweC13NuX1fV
O66BO4gOvZS6QspGloH5K6IaNkyi4sBaPJb+Wa9MOP/stLVuKF9biKbkswNszhkW
9PfqgD3hXyCb82cvKmABSNj/JhIZLOszVmoJb7WsCKOaGP39DXiHoUQ5aZCzHfBr
IC1PGXHKVL6y8Y6Ebh1FKFlkd1agEETYoe9MTGT8sJZ2OMWPnjiSqB3r7wBARmET
YpUct3DFIVLboQIBxYb2tNLKwHBCEZ/G30z2KKjMmg3rTYURd86u1zTnf8RY5JBm
NMeuqgdZPxoHLftXJLQml2OGf4EbnzFx0lqMA2RXAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUar7YmoJyS7Trgg/OJXtVd8vVwj8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VhNDhkYTQwLWU2MDYtNDBjYS1hNDdlLTQ5OTczYzI5MjBiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB+4gDANBgkqhkiG9w0BAQsFAAOCAQEAFNoui+fCXIbapkE9qlUsyiBK
Y0ZbwsQimg5UhKkZW17Rxby3HY024MKwEXzmgVpPjK3pmaeQW6zUIDTpAF1P0Loc
GDuB9qcrJkPyv+9Sjai/Qubm9IN+8eFEgmrmZ2xatN+8jmPyAgwRbEMks8+cz5oC
pgyyqRHmqUmHOXkSZqLDatEi8m2JWtANMo2KkY9v/cjX3fk+og/n2lLzzfsFNRFV
/vOjlwKASH8HMgrqdb8CB3NYMqr6CNer1WaI1rf9x68WV1YTbrLpwImMwpBwHRuk
m0TJFNrCLZKOdzMCJM9kFa+GWcVxJdEjNcl8Z6m1kxHh6QMJcJ0O/01od7jiFw==
-----END CERTIFICATE-----