Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/017914bc-f93f-4439-904c-fb383c270999.roa
File:                     017914bc-f93f-4439-904c-fb383c270999.roa (raw, json)
Hash identifier:          jDrjExnmt0B0XqkgrFznEVN8t+2MGrq3ROyXOW2aPR8=
Subject key identifier:   F9:E0:C5:52:35:4A:FA:1F:F6:20:A2:45:E3:7A:C0:FF:07:9B:EB:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01E9C1AB4D52A3C12D733E3CA84D3A2F0FF7A228
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/017914bc-f93f-4439-904c-fb383c270999.roa
Signing time:             Fri 28 Mar 2025 16:40:12 +0000
ROA not before:           Fri 28 Mar 2025 16:40:12 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f36:8000::/39 maxlen: 39

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:e9:c1:ab:4d:52:a3:c1:2d:73:3e:3c:a8:4d:3a:2f:0f:f7:a2:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:40:12 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=3d9641178a19d2073b641d1bcf281c9ebc86221441477c4c817e08e8a9f9870b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:b1:46:5e:82:e5:d9:20:cf:57:27:cf:e7:8d:
                    24:74:14:8e:f9:ee:2f:12:92:ef:be:8d:2a:94:6b:
                    48:97:38:de:26:aa:8c:a2:69:08:3f:e7:9f:97:0c:
                    0d:32:33:8f:ae:8c:c6:9b:26:60:9c:88:c4:7b:69:
                    01:93:85:1d:51:a5:d9:91:39:f6:f5:ad:e2:b3:2f:
                    95:30:1f:ed:27:c3:7f:77:95:7f:b1:3f:83:6b:83:
                    f3:c3:c5:e0:3e:93:21:b6:2b:b0:79:18:e5:ce:7e:
                    4f:fe:d8:4f:7d:3c:7a:7b:f7:b1:e5:22:77:24:42:
                    4a:34:9f:22:7f:e7:c6:38:ac:b8:9e:58:56:a9:c4:
                    27:30:38:40:0c:19:1a:c6:ab:63:1a:93:6a:5d:ed:
                    eb:80:5c:89:75:67:fa:66:89:65:bd:7c:65:b4:e8:
                    f2:cf:1d:3d:81:e1:f0:33:21:cf:f2:bd:55:76:60:
                    da:5b:95:1a:7e:6d:e5:50:2d:27:6f:b6:17:8f:ac:
                    5c:44:c5:24:6c:76:06:87:60:8a:b6:84:e8:05:57:
                    79:3c:fa:0c:82:27:00:95:d6:2a:8a:b8:fe:6e:d4:
                    9b:5b:47:78:ea:3f:27:f5:f0:1d:5c:fc:58:d7:c5:
                    94:c7:15:e9:40:10:b3:84:cf:cd:14:2e:44:73:90:
                    0d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E0:C5:52:35:4A:FA:1F:F6:20:A2:45:E3:7A:C0:FF:07:9B:EB:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/017914bc-f93f-4439-904c-fb383c270999.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f36:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         91:a1:de:31:d4:f8:5f:1f:98:a7:f2:f4:89:1d:9d:8f:70:ef:
         82:77:ba:bb:86:28:b9:1f:15:01:67:57:2d:98:58:1f:6a:1a:
         19:d8:be:e1:c9:5f:23:46:44:3b:0f:34:ce:00:fb:76:ca:83:
         8c:cf:dd:02:0c:02:cc:bc:ce:22:e8:e5:ab:f7:de:46:dc:50:
         99:9d:06:0a:e5:4e:a9:3a:0d:20:de:4e:9c:51:41:26:f2:1d:
         99:6b:ac:e2:20:05:c5:5d:fe:29:41:3e:60:5c:80:f2:57:08:
         2f:67:b0:5e:77:aa:69:9c:af:81:85:40:18:56:3a:2e:a5:ec:
         7c:4f:e1:e6:40:8a:25:ff:f1:8a:fe:d4:07:cf:0d:db:c0:c3:
         a5:c5:6d:84:05:1c:44:97:1f:82:f5:7c:d4:a1:e8:6c:09:51:
         c3:33:ad:8f:ca:2b:9c:5a:48:25:a8:f7:e3:52:26:d1:c6:9a:
         1d:a9:db:14:6f:09:16:7c:21:7d:ec:1b:63:e9:b2:c6:9a:96:
         09:7b:3d:c8:1d:4d:53:77:0c:bb:f8:cd:ce:6b:46:11:b9:ba:
         26:e7:12:38:12:70:16:f0:f7:f7:63:a6:51:f4:52:cb:67:de:
         20:58:b3:ef:fc:5a:a8:9e:7f:e0:21:96:82:47:0d:27:72:55:
         75:8a:e4:85
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUAenBq01So8Etcz48qE06Lw/3oigwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTY0MDEyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDk2NDExNzhhMTlkMjA3M2I2NDFkMWJjZjI4MWM5ZWJj
ODYyMjE0NDE0NzdjNGM4MTdlMDhlOGE5Zjk4NzBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDusUZeguXZIM9XJ8/njSR0FI757i8Sku++jSqUa0iXON4m
qoyiaQg/55+XDA0yM4+ujMabJmCciMR7aQGThR1RpdmROfb1reKzL5UwH+0nw393
lX+xP4Nrg/PDxeA+kyG2K7B5GOXOfk/+2E99PHp797HlInckQko0nyJ/58Y4rLie
WFapxCcwOEAMGRrGq2Mak2pd7euAXIl1Z/pmiWW9fGW06PLPHT2B4fAzIc/yvVV2
YNpblRp+beVQLSdvthePrFxExSRsdgaHYIq2hOgFV3k8+gyCJwCV1iqKuP5u1Jtb
R3jqPyf18B1c/FjXxZTHFelAELOEz80ULkRzkA0FAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU+eDFUjVK+h/2IKJF43rA/web63owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAxNzkxNGJjLWY5M2YtNDQzOS05MDRjLWZiMzgzYzI3MDk5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB82gDANBgkqhkiG9w0BAQsFAAOCAQEAkaHeMdT4Xx+Yp/L0iR2dj3Dv
gne6u4YouR8VAWdXLZhYH2oaGdi+4clfI0ZEOw80zgD7dsqDjM/dAgwCzLzOIujl
q/feRtxQmZ0GCuVOqToNIN5OnFFBJvIdmWus4iAFxV3+KUE+YFyA8lcIL2ewXneq
aZyvgYVAGFY6LqXsfE/h5kCKJf/xiv7UB88N28DDpcVthAUcRJcfgvV81KHobAlR
wzOtj8ornFpIJaj341Im0caaHanbFG8JFnwhfewbY+myxpqWCXs9yB1NU3cMu/jN
zmtGEbm6JucSOBJwFvD392OmUfRSy2feIFiz7/xaqJ5/4CGWgkcNJ3JVdYrkhQ==
-----END CERTIFICATE-----