Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ffed944-acab-4e46-8e6c-4d6f55f5c604.roa
File:                     0ffed944-acab-4e46-8e6c-4d6f55f5c604.roa (raw, json)
Hash identifier:          lpIjQrVka2IJdkI5di4AUl183Vof32zfBeHtK6V0ULE=
Subject key identifier:   F6:A7:0F:4B:B6:1D:B9:AC:5A:7F:57:5D:3F:DC:81:C3:19:00:D9:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01D12FB86B0DADF200FE2DB33DDF289612B3B6A7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ffed944-acab-4e46-8e6c-4d6f55f5c604.roa
Signing time:             Fri 28 Mar 2025 15:30:29 +0000
ROA not before:           Fri 28 Mar 2025 15:30:29 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff7:8040::/46 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:d1:2f:b8:6b:0d:ad:f2:00:fe:2d:b3:3d:df:28:96:12:b3:b6:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:30:29 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=a85a82f1370df1ebfe941b212203cc2de14c30f77c7b90845d7d685ba8c0d898, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:2c:a5:d3:73:fe:20:b0:a0:dc:ce:8f:1a:aa:
                    d5:e9:8c:8e:79:de:65:0d:62:56:14:0c:6c:a9:d2:
                    22:01:b1:e3:8b:fe:95:c8:cf:86:3b:ee:57:2d:3d:
                    40:de:f6:d8:2c:a7:bd:3b:3e:aa:6e:c4:8d:cc:c0:
                    21:f8:22:60:b4:80:f8:53:a7:f2:9a:d6:1c:25:45:
                    56:97:7f:25:77:3b:16:bc:86:6e:4a:b4:d7:19:bc:
                    ef:70:2e:4e:1c:52:08:e2:ac:66:13:a6:18:f2:40:
                    a5:d7:7d:47:2b:df:ac:58:37:74:e4:59:39:72:8b:
                    14:52:70:55:54:cf:0c:47:9f:ce:43:6a:82:a6:17:
                    64:49:e8:61:d0:c8:5e:92:61:2f:17:5b:5a:fb:23:
                    2c:2d:df:38:ba:8b:67:58:8b:8d:27:12:8f:eb:f1:
                    fa:11:6b:1e:0b:4a:76:6e:b0:07:11:55:7f:b1:eb:
                    bb:89:31:38:e2:a5:74:b1:1f:a6:10:a6:db:3b:34:
                    7e:b1:fa:35:96:d2:f5:4c:d6:85:04:ba:03:ab:87:
                    01:e1:2e:84:54:7a:bf:15:52:f7:01:3e:4a:60:df:
                    0c:17:61:dc:6e:01:94:16:a6:83:18:f0:6e:fa:8d:
                    94:c9:67:fb:6c:0d:ae:2d:47:45:b4:9a:7c:8b:f1:
                    b5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A7:0F:4B:B6:1D:B9:AC:5A:7F:57:5D:3F:DC:81:C3:19:00:D9:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ffed944-acab-4e46-8e6c-4d6f55f5c604.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:8040::/46

    Signature Algorithm: sha256WithRSAEncryption
         6a:c5:18:29:a8:a9:a3:a4:2a:ef:9f:92:d4:31:76:b6:63:6a:
         aa:08:44:82:46:27:f6:48:b8:f8:e1:4a:54:38:72:ed:1b:5a:
         91:b5:f4:e6:7e:8e:ea:f8:ad:40:b7:33:8e:91:bd:86:42:9c:
         9b:68:2b:6d:0e:ec:2c:18:33:7c:f2:51:40:b2:9c:fc:fd:37:
         b4:33:9d:94:31:4d:a4:a1:70:e3:8d:0c:3c:60:41:4c:94:52:
         a0:e0:44:1b:20:fc:8a:61:9e:8d:38:bf:c0:54:66:f9:2e:fb:
         ca:3d:e0:9c:36:49:ab:31:de:8e:1a:9d:68:29:4e:45:f4:86:
         13:03:14:7a:ab:b7:e8:ee:fa:7c:e8:9e:e7:fc:7f:ad:f7:17:
         b5:58:09:97:5d:6f:93:e2:33:fb:22:56:6c:f3:71:73:7d:74:
         54:7f:4f:b4:3b:55:dd:43:c0:ef:50:36:62:24:b8:7f:40:82:
         da:0d:cd:16:35:42:1a:b5:96:79:30:c9:d0:2a:45:b9:a8:d7:
         b8:bb:37:4d:4e:2a:b4:e0:2e:be:5e:0e:2e:59:78:22:22:40:
         72:a2:0c:19:6e:ba:ff:c4:e0:b0:2f:fa:e6:92:31:5c:86:b2:
         83:73:9a:8d:4f:7e:15:10:ec:a4:88:a3:83:97:17:2c:b9:03:
         a6:63:ce:06
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUAdEvuGsNrfIA/i2zPd8olhKztqcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTUzMDI5WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhODVhODJmMTM3MGRmMWViZmU5NDFiMjEyMjAzY2MyZGUx
NGMzMGY3N2M3YjkwODQ1ZDdkNjg1YmE4YzBkODk4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDULKXTc/4gsKDczo8aqtXpjI553mUNYlYUDGyp0iIBseOL
/pXIz4Y77lctPUDe9tgsp707PqpuxI3MwCH4ImC0gPhTp/Ka1hwlRVaXfyV3Oxa8
hm5KtNcZvO9wLk4cUgjirGYTphjyQKXXfUcr36xYN3TkWTlyixRScFVUzwxHn85D
aoKmF2RJ6GHQyF6SYS8XW1r7Iywt3zi6i2dYi40nEo/r8foRax4LSnZusAcRVX+x
67uJMTjipXSxH6YQpts7NH6x+jWW0vVM1oUEugOrhwHhLoRUer8VUvcBPkpg3wwX
YdxuAZQWpoMY8G76jZTJZ/tsDa4tR0W0mnyL8bWRAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU9qcPS7Yduaxaf1ddP9yBwxkA2cQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBmZmVkOTQ0LWFjYWItNGU0Ni04ZTZjLTRkNmY1NWY1YzYwNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/3gEAwDQYJKoZIhvcNAQELBQADggEBAGrFGCmoqaOkKu+fktQxdrZj
aqoIRIJGJ/ZIuPjhSlQ4cu0bWpG19OZ+jur4rUC3M46RvYZCnJtoK20O7CwYM3zy
UUCynPz9N7QznZQxTaShcOONDDxgQUyUUqDgRBsg/Iphno04v8BUZvku+8o94Jw2
Sasx3o4anWgpTkX0hhMDFHqrt+ju+nzonuf8f633F7VYCZddb5PiM/siVmzzcXN9
dFR/T7Q7Vd1DwO9QNmIkuH9AgtoNzRY1Qhq1lnkwydAqRbmo17i7N01OKrTgLr5e
Di5ZeCIiQHKiDBluuv/E4LAv+uaSMVyGsoNzmo1PfhUQ7KSIo4OXFyy5A6ZjzgY=
-----END CERTIFICATE-----