Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd1c8944-1621-4da7-9c93-1eab516bb822.roa
File:                     fd1c8944-1621-4da7-9c93-1eab516bb822.roa (raw, json)
Hash identifier:          qS/z5U3N1u7ERxlt317Z+3xr9R6xQijqc1LNKs7ov5g=
Subject key identifier:   FA:65:22:8E:AD:0C:BD:09:E1:95:EC:60:EF:DD:79:EC:B1:43:5A:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       16236D78F46BE6A88239DA993D937FA0F20358C5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd1c8944-1621-4da7-9c93-1eab516bb822.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f14:1000::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:23:6d:78:f4:6b:e6:a8:82:39:da:99:3d:93:7f:a0:f2:03:58:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=8bb9c9fc5782a06b2929f7172a9b23bf9ba89c82276206b4676a9fa0934dda81, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a1:62:34:46:42:62:91:bb:71:dd:a0:71:66:
                    d5:9e:95:b3:f7:31:88:f1:5d:4f:54:99:85:1b:8c:
                    5b:8e:7e:4d:35:be:19:3f:c9:83:d1:7c:76:8d:23:
                    81:64:22:f6:98:8f:aa:db:ba:97:ee:99:4e:21:90:
                    85:34:1e:1f:6d:b2:ed:dc:93:46:6d:f9:20:cf:8f:
                    38:6f:90:eb:55:c5:77:2c:3c:40:f9:1e:67:46:87:
                    82:c8:c2:a9:45:5a:f2:32:3b:ed:ac:9a:54:cb:ca:
                    67:da:f5:6b:1a:ce:ce:64:37:c5:69:08:52:98:bb:
                    56:62:9b:11:52:7b:ff:32:0e:9f:33:80:b8:a2:fc:
                    db:42:22:78:4c:44:d1:da:a8:6a:1a:a3:f7:70:79:
                    0e:65:d6:c6:e1:33:82:b5:ea:46:f7:c9:3f:66:c1:
                    95:c1:3c:04:c9:b9:7c:2b:0f:fb:52:a7:8b:1b:dd:
                    1a:50:91:99:b1:91:f2:30:a3:f7:61:e8:46:32:cf:
                    06:dd:ca:fb:16:b2:cc:95:9e:bc:01:c9:ad:11:93:
                    63:7f:3d:cd:0c:bc:b5:3c:8a:7e:8f:36:c1:ab:44:
                    0d:fb:35:4f:84:71:b2:cc:9b:db:5c:fe:31:ae:af:
                    3d:a0:5f:99:01:2e:ac:ea:9e:1f:a6:d7:e5:5d:66:
                    18:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:65:22:8E:AD:0C:BD:09:E1:95:EC:60:EF:DD:79:EC:B1:43:5A:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd1c8944-1621-4da7-9c93-1eab516bb822.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f14:1000::/37

    Signature Algorithm: sha256WithRSAEncryption
         8b:dd:cb:92:20:0f:b7:0a:2b:e8:e0:a1:9b:b7:77:9f:7a:a1:
         ab:9d:f0:46:31:00:37:aa:4d:78:8b:9c:7f:ae:74:e8:cc:77:
         b8:33:84:9b:d5:a6:f9:05:9e:f6:61:a9:01:94:02:c6:dd:68:
         99:89:84:49:b4:14:fe:59:b8:56:23:87:88:13:85:9a:5e:93:
         63:5c:c5:11:e3:ec:41:d2:6d:79:73:ab:fc:dd:26:5f:a1:bb:
         20:43:9e:27:60:15:3c:7c:8a:c2:89:3e:45:31:6c:65:86:63:
         42:19:44:74:37:40:7a:75:50:fa:07:58:5e:dd:a2:c0:33:88:
         f1:c0:06:f5:9e:00:16:59:fb:51:04:6e:03:aa:02:6c:6a:3c:
         66:e7:97:4d:c0:87:25:6e:6a:b9:e3:17:8c:eb:cc:c7:d9:6a:
         aa:ba:78:0f:22:f8:7e:91:db:05:19:4e:c8:5e:6f:28:21:1d:
         ba:fb:b2:34:14:e1:ad:37:17:b5:ee:a7:5e:5b:8c:90:0c:0a:
         56:09:5f:58:64:a6:77:ab:70:0a:74:08:b6:1b:93:1c:f7:f0:
         36:9b:30:7a:7e:fe:77:ce:37:97:73:a6:c8:33:68:3f:ae:3b:
         aa:94:bb:7d:4c:10:38:1b:e1:10:03:04:db:f6:37:20:11:72:
         68:63:36:38
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUFiNtePRr5qiCOdqZPZN/oPIDWMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmI5YzlmYzU3ODJhMDZiMjkyOWY3MTcyYTliMjNiZjli
YTg5YzgyMjc2MjA2YjQ2NzZhOWZhMDkzNGRkYTgxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIoWI0RkJikbtx3aBxZtWelbP3MYjxXU9UmYUbjFuOfk01
vhk/yYPRfHaNI4FkIvaYj6rbupfumU4hkIU0Hh9tsu3ck0Zt+SDPjzhvkOtVxXcs
PED5HmdGh4LIwqlFWvIyO+2smlTLymfa9Wsazs5kN8VpCFKYu1ZimxFSe/8yDp8z
gLii/NtCInhMRNHaqGoao/dweQ5l1sbhM4K16kb3yT9mwZXBPATJuXwrD/tSp4sb
3RpQkZmxkfIwo/dh6EYyzwbdyvsWssyVnrwBya0Rk2N/Pc0MvLU8in6PNsGrRA37
NU+EcbLMm9tc/jGurz2gX5kBLqzqnh+m1+VdZhiRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU+mUijq0MvQnhlexg79157LFDWs8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZkMWM4OTQ0LTE2MjEtNGRhNy05YzkzLTFlYWI1MTZiYjgyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8UEDANBgkqhkiG9w0BAQsFAAOCAQEAi93LkiAPtwor6OChm7d3n3qh
q53wRjEAN6pNeIucf6506Mx3uDOEm9Wm+QWe9mGpAZQCxt1omYmESbQU/lm4ViOH
iBOFml6TY1zFEePsQdJteXOr/N0mX6G7IEOeJ2AVPHyKwok+RTFsZYZjQhlEdDdA
enVQ+gdYXt2iwDOI8cAG9Z4AFln7UQRuA6oCbGo8ZueXTcCHJW5queMXjOvMx9lq
qrp4DyL4fpHbBRlOyF5vKCEduvuyNBThrTcXte6nXluMkAwKVglfWGSmd6twCnQI
thuTHPfwNpswen7+d843l3OmyDNoP647qpS7fUwQOBvhEAME2/Y3IBFyaGM2OA==
-----END CERTIFICATE-----