Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/051afdae-4a6b-45bf-9b22-789962ff51da.roa
File:                     051afdae-4a6b-45bf-9b22-789962ff51da.roa (raw, json)
Hash identifier:          TUy6JB8ay31wi4ddOWd7L+9Y+q0Y8j+EyICBt/0W3g8=
Subject key identifier:   D0:BE:F9:91:5E:E9:B9:24:DF:79:B3:3C:83:D9:E4:A5:AB:35:39:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2274EE48514FD50B583F0B06C8849A7539164497
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/051afdae-4a6b-45bf-9b22-789962ff51da.roa
Signing time:             Fri 28 Mar 2025 17:30:30 +0000
ROA not before:           Fri 28 Mar 2025 17:30:30 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f12:4000::/36 maxlen: 36

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:74:ee:48:51:4f:d5:0b:58:3f:0b:06:c8:84:9a:75:39:16:44:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 17:30:30 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=a6570cce61088ca681db32efc558a44e71bb972e0131f874f0cbddc6a00e1a79, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:68:23:fb:f7:6c:6c:3f:b3:e9:70:5d:2a:c4:
                    57:32:53:04:4b:a1:4c:66:a6:35:a1:98:ed:81:be:
                    db:25:37:42:52:a8:12:86:68:97:ac:0c:01:e6:dc:
                    60:e1:4c:f5:e8:aa:15:66:2b:52:18:9a:1a:e6:6b:
                    55:54:f6:42:dc:ac:38:03:aa:d3:81:76:5a:dd:ac:
                    32:f9:e0:63:cb:e3:2e:de:33:7a:af:3c:93:e8:0e:
                    0b:cd:06:ec:2a:1f:46:72:c3:16:20:e6:ba:67:68:
                    2e:00:29:6c:92:17:83:99:14:e0:da:98:ff:5b:90:
                    9a:c0:9f:58:90:0b:67:a4:af:ea:0e:0a:87:5b:70:
                    74:4e:9e:be:1e:81:30:2c:31:24:5a:c0:81:70:6f:
                    f6:2f:75:9e:d5:1b:ee:63:0b:a8:30:85:f9:9c:14:
                    bf:68:c9:14:02:7f:b9:d9:d1:d2:86:0e:0f:75:9f:
                    c2:af:22:43:9a:63:41:85:d5:1b:2f:c6:5e:e5:f2:
                    93:51:4f:7a:fd:49:72:f1:e3:7a:26:73:df:af:a8:
                    db:7a:51:94:2e:00:b3:07:bc:72:1a:2f:51:a9:83:
                    05:d1:6e:73:2d:70:2a:18:cb:c8:f5:12:ee:e2:52:
                    b8:72:fd:de:8d:67:79:71:fa:d6:26:2f:f8:10:9a:
                    4b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:BE:F9:91:5E:E9:B9:24:DF:79:B3:3C:83:D9:E4:A5:AB:35:39:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/051afdae-4a6b-45bf-9b22-789962ff51da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f12:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         76:3e:96:e0:a5:bf:ed:6d:97:0e:72:2b:25:4c:cb:6c:68:dd:
         79:e2:ef:6b:73:41:a1:0e:fc:56:6e:84:f4:d9:0b:8c:0b:bc:
         35:2c:4e:1c:de:8a:fd:21:ec:de:6e:41:a1:3b:ea:51:9e:42:
         45:00:3f:47:4c:76:7b:72:7b:73:33:12:56:33:75:d2:dc:bd:
         89:6c:38:3f:de:f4:85:32:bd:c7:e9:d3:55:31:3f:35:95:05:
         45:93:cd:aa:70:7c:38:dc:fa:36:7d:35:7f:e7:12:6b:34:eb:
         fc:55:e0:ae:bd:e7:ac:6b:3d:4a:ed:24:1a:a1:2d:dd:ed:87:
         82:3d:b4:4c:6f:64:32:9d:f5:76:c3:8a:1b:84:de:62:3a:3d:
         7b:50:56:b6:73:23:c9:6a:71:7a:01:f2:cd:ca:74:d3:34:c4:
         c3:7a:15:6a:9c:93:e8:6d:28:19:1e:cf:53:80:8d:26:5a:ab:
         02:62:c1:f3:f5:2c:f2:94:ad:4b:d8:47:cd:a5:26:fe:90:2c:
         bf:1f:06:57:f7:33:13:85:07:45:fd:3d:53:d2:14:c3:59:10:
         1f:e4:e6:5f:16:9b:9c:c8:e3:45:58:72:eb:d7:5e:b6:fc:71:
         f8:3f:02:ce:50:9f:df:91:dc:a2:29:bd:61:96:5c:0b:8a:a2:
         d3:ad:b9:52
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUInTuSFFP1QtYPwsGyISadTkWRJcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTczMDMwWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjU3MGNjZTYxMDg4Y2E2ODFkYjMyZWZjNTU4YTQ0ZTcx
YmI5NzJlMDEzMWY4NzRmMGNiZGRjNmEwMGUxYTc5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6aCP792xsP7PpcF0qxFcyUwRLoUxmpjWhmO2BvtslN0JS
qBKGaJesDAHm3GDhTPXoqhVmK1IYmhrma1VU9kLcrDgDqtOBdlrdrDL54GPL4y7e
M3qvPJPoDgvNBuwqH0ZywxYg5rpnaC4AKWySF4OZFODamP9bkJrAn1iQC2ekr+oO
CodbcHROnr4egTAsMSRawIFwb/YvdZ7VG+5jC6gwhfmcFL9oyRQCf7nZ0dKGDg91
n8KvIkOaY0GF1Rsvxl7l8pNRT3r9SXLx43omc9+vqNt6UZQuALMHvHIaL1GpgwXR
bnMtcCoYy8j1Eu7iUrhy/d6NZ3lx+tYmL/gQmktrAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU0L75kV7puSTfebM8g9nkpas1OeIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA1MWFmZGFlLTRhNmItNDViZi05YjIyLTc4OTk2MmZmNTFkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8SQDANBgkqhkiG9w0BAQsFAAOCAQEAdj6W4KW/7W2XDnIrJUzLbGjd
eeLva3NBoQ78Vm6E9NkLjAu8NSxOHN6K/SHs3m5BoTvqUZ5CRQA/R0x2e3J7czMS
VjN10ty9iWw4P970hTK9x+nTVTE/NZUFRZPNqnB8ONz6Nn01f+cSazTr/FXgrr3n
rGs9Su0kGqEt3e2Hgj20TG9kMp31dsOKG4TeYjo9e1BWtnMjyWpxegHyzcp00zTE
w3oVapyT6G0oGR7PU4CNJlqrAmLB8/Us8pStS9hHzaUm/pAsvx8GV/czE4UHRf09
U9IUw1kQH+TmXxabnMjjRVhy69detvxx+D8CzlCf35Hcoim9YZZcC4qi0625Ug==
-----END CERTIFICATE-----