Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f89554b9-b6ae-4a2e-b141-281d3ff873d3.roa
File:                     f89554b9-b6ae-4a2e-b141-281d3ff873d3.roa (raw, json)
Hash identifier:          3rcaQN9dqbfZOT+p4MjYtyzIa8EO/UMnGIrMg3fC/t0=
Subject key identifier:   FA:32:F2:A2:46:43:AF:73:64:0D:CD:DC:3A:60:1D:1A:28:99:C5:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       22B969B8AD808AB1EFCFE840944BC742EE0DD30E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f89554b9-b6ae-4a2e-b141-281d3ff873d3.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:c040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:b9:69:b8:ad:80:8a:b1:ef:cf:e8:40:94:4b:c7:42:ee:0d:d3:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=8e6449cddcc8ad51d9424c86adb74fc059dca8b5bb265eba64a20d4b9e94620e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a8:12:96:43:c0:25:44:e9:f1:9b:b6:2c:17:
                    0c:d8:f9:dd:d8:70:27:22:d0:4f:bd:28:06:8a:6d:
                    2d:a0:8f:7d:28:f3:84:81:5a:5e:9d:f9:66:63:23:
                    54:ea:ef:bf:d5:4b:04:73:44:3f:79:7d:6b:38:d4:
                    64:bf:fb:4e:a7:f5:24:93:c0:ff:ef:56:e4:0b:c7:
                    42:6e:64:ab:ed:9c:77:b8:55:10:9b:4b:4f:6b:f8:
                    ad:b6:3f:81:9e:0b:5c:61:ef:8b:8d:b3:04:12:10:
                    33:89:7a:7a:4c:d6:22:c1:66:fe:ba:81:86:21:4d:
                    7a:a5:47:f2:58:38:fb:90:bf:5b:d7:99:a7:ea:f8:
                    0b:0a:9a:88:f8:0a:64:51:52:34:d9:e6:39:bd:02:
                    91:cd:1b:d2:a4:9e:49:34:c0:10:e2:98:b5:1e:9c:
                    d9:91:3f:ea:80:c1:e2:44:3f:1d:01:27:63:8b:8a:
                    c6:36:7e:db:d1:76:fd:73:87:8f:97:08:1f:40:c3:
                    78:18:39:07:88:16:96:5f:37:d3:2b:6a:83:35:b7:
                    f2:d5:7e:32:0b:9f:5c:80:86:38:8d:08:01:6b:4d:
                    eb:c1:a6:f0:1e:00:f8:7b:df:78:4c:f3:d0:8d:ef:
                    e8:ec:8c:f3:92:0e:3d:dd:55:34:fb:b0:79:2c:fe:
                    b4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:32:F2:A2:46:43:AF:73:64:0D:CD:DC:3A:60:1D:1A:28:99:C5:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f89554b9-b6ae-4a2e-b141-281d3ff873d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:c040::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:5b:88:eb:c9:1c:e2:3c:a7:f3:75:b4:d4:c6:03:50:88:56:
         b7:5e:8a:e7:3d:f0:d5:af:94:75:17:c1:fd:62:b1:03:53:03:
         cf:91:46:bf:9c:a4:da:27:49:62:85:71:65:85:bb:d5:44:26:
         ad:4f:29:94:a2:f4:1d:68:31:3d:9f:4f:93:a7:d2:f9:32:e6:
         5a:71:ca:97:d2:fa:a2:44:2d:4a:45:eb:03:b7:96:da:bf:d3:
         cd:30:eb:61:d0:92:e6:74:17:2e:8b:4d:ba:19:b6:b6:73:b0:
         a7:10:56:8e:de:cb:93:20:19:b5:1b:b4:38:2e:5b:fc:dd:2c:
         87:d7:b0:9b:8f:78:7d:69:9d:f2:25:00:00:a2:52:3d:fa:8e:
         5d:8c:e2:22:8e:5f:ed:10:9f:92:24:a4:0d:33:fd:c9:db:39:
         d0:cf:8f:e2:76:2b:0f:4b:de:a0:44:89:fc:50:7d:b7:92:f7:
         c5:c5:52:50:77:1f:a1:13:b1:a1:4e:a1:3f:48:ed:71:34:2e:
         ba:3b:4c:a7:96:1e:67:34:ec:d0:87:3d:2e:df:3d:17:97:ea:
         95:a4:09:1c:f4:95:f1:10:79:b3:f4:e8:d5:eb:a6:72:f1:44:
         29:d7:41:78:ef:63:9a:6c:23:54:04:1a:5b:bb:2f:26:9e:bd:
         3f:d3:97:a2
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUIrlpuK2AirHvz+hAlEvHQu4N0w4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTY0NDljZGRjYzhhZDUxZDk0MjRjODZhZGI3NGZjMDU5
ZGNhOGI1YmIyNjVlYmE2NGEyMGQ0YjllOTQ2MjBlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbqBKWQ8AlROnxm7YsFwzY+d3YcCci0E+9KAaKbS2gj30o
84SBWl6d+WZjI1Tq77/VSwRzRD95fWs41GS/+06n9SSTwP/vVuQLx0JuZKvtnHe4
VRCbS09r+K22P4GeC1xh74uNswQSEDOJenpM1iLBZv66gYYhTXqlR/JYOPuQv1vX
mafq+AsKmoj4CmRRUjTZ5jm9ApHNG9Kknkk0wBDimLUenNmRP+qAweJEPx0BJ2OL
isY2ftvRdv1zh4+XCB9Aw3gYOQeIFpZfN9MraoM1t/LVfjILn1yAhjiNCAFrTevB
pvAeAPh733hM89CN7+jsjPOSDj3dVTT7sHks/rTZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU+jLyokZDr3NkDc3cOmAdGiiZxZAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4OTU1NGI5LWI2YWUtNGEyZS1iMTQxLTI4MWQzZmY4NzNkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hwEAwDQYJKoZIhvcNAQELBQADggEBAGVbiOvJHOI8p/N1tNTGA1CI
Vrdeiuc98NWvlHUXwf1isQNTA8+RRr+cpNonSWKFcWWFu9VEJq1PKZSi9B1oMT2f
T5On0vky5lpxypfS+qJELUpF6wO3ltq/080w62HQkuZ0Fy6LTboZtrZzsKcQVo7e
y5MgGbUbtDguW/zdLIfXsJuPeH1pnfIlAACiUj36jl2M4iKOX+0Qn5IkpA0z/cnb
OdDPj+J2Kw9L3qBEifxQfbeS98XFUlB3H6ETsaFOoT9I7XE0Lro7TKeWHmc07NCH
PS7fPReX6pWkCRz0lfEQebP06NXrpnLxRCnXQXjvY5psI1QEGlu7LyaevT/Tl6I=
-----END CERTIFICATE-----