Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2374e022-9570-49a3-ab6f-76a40590c15a.roa
File:                     2374e022-9570-49a3-ab6f-76a40590c15a.roa (raw, json)
Hash identifier:          d1ovXcL0DGRUfauFIpDwG6ncptPq2He+KHzL8mrAp50=
Subject key identifier:   56:6C:D4:FD:B2:F6:F3:98:38:8F:B2:E0:6A:64:D6:D2:0C:FD:57:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       71E5AD2D2DC42C3C655A69A02D26C397BF90A459
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2374e022-9570-49a3-ab6f-76a40590c15a.roa
Signing time:             Tue 25 Mar 2025 17:41:14 +0000
ROA not before:           Tue 25 Mar 2025 17:41:14 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fff:81e0::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:e5:ad:2d:2d:c4:2c:3c:65:5a:69:a0:2d:26:c3:97:bf:90:a4:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 25 17:41:14 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=5481b7def3fbd8ea15dddacceb0c87e8a61e860958d8f265f2f9d69b84cde28a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:37:28:e4:a9:14:1d:16:e7:1e:03:ea:19:7e:
                    6e:98:59:0c:14:bf:cf:66:23:3b:71:d2:a5:02:ac:
                    d9:01:4c:e1:81:52:a8:43:fa:d0:ae:3b:8b:be:4e:
                    78:99:c7:42:87:5a:42:fa:d4:6f:0e:f9:bf:db:e2:
                    ca:42:c1:4f:5d:c6:31:22:b3:0e:16:fc:25:dc:3c:
                    f2:33:8c:20:0c:44:7c:7c:18:42:5f:a8:8c:05:17:
                    d0:e5:10:8e:da:10:78:90:9d:65:a0:3e:7d:cd:d4:
                    10:84:8f:ea:f0:f3:ad:98:7b:6c:52:19:e3:2d:ba:
                    ef:25:73:f0:43:14:8b:21:fa:84:91:09:79:8e:67:
                    cc:94:92:3d:91:8a:ae:ea:6c:5f:b3:12:71:b7:ad:
                    0d:21:2d:08:3d:dc:45:d6:f9:9d:3d:c2:82:34:46:
                    cc:0b:e8:9f:5a:31:a4:26:b4:f2:4e:5c:49:8f:6c:
                    39:60:12:a0:4f:36:67:a9:e1:e6:2d:39:c4:da:ba:
                    6a:1d:11:2a:c2:ff:dc:3c:a5:55:ab:cd:3c:4d:ab:
                    31:02:aa:b4:72:23:db:ae:a0:bc:fe:4f:75:0d:4f:
                    fd:41:f5:27:ea:03:31:30:45:cc:0a:ea:2e:15:2e:
                    6d:97:64:d8:e6:3a:7e:02:fc:24:7a:23:85:86:7d:
                    8a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:6C:D4:FD:B2:F6:F3:98:38:8F:B2:E0:6A:64:D6:D2:0C:FD:57:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2374e022-9570-49a3-ab6f-76a40590c15a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:81e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:a9:30:e6:97:f6:c7:93:94:bf:a6:07:65:a6:a6:53:32:81:
         d7:20:9d:c9:dc:48:be:40:92:35:8c:db:0d:f1:cb:fd:8d:19:
         f6:04:19:c4:a2:e5:ea:62:70:62:5f:e1:c0:60:23:05:49:8e:
         82:31:dd:86:e2:b2:8d:97:0a:79:81:81:6b:a4:a0:df:15:7c:
         b4:cc:1f:bf:1d:63:85:d4:b2:2c:f5:e5:45:77:56:99:31:35:
         84:4b:26:dd:3c:5c:a0:c9:c4:b1:32:38:ca:ab:24:be:79:9e:
         20:18:53:7c:b1:5f:5a:f3:34:f9:6c:0d:00:c6:37:94:b0:ae:
         da:06:5a:da:09:92:5b:aa:3e:7d:d7:9c:32:7a:e4:ba:00:d7:
         9e:c3:66:07:7d:71:23:6d:c1:e1:49:30:75:76:22:62:6f:bf:
         71:0c:35:a1:22:2f:2c:0d:2c:05:56:07:ec:b6:1b:48:ef:4d:
         82:e4:2a:1a:e8:51:8f:b5:cd:8c:e5:ff:9a:c7:a4:42:ed:13:
         8a:09:0e:07:bf:99:63:88:4b:42:ec:17:e5:61:bc:4b:c1:73:
         a4:34:7c:fc:92:32:25:f5:57:62:d7:a3:aa:63:9e:e7:27:9d:
         4d:1c:b6:0e:fc:a6:81:99:06:46:c1:56:db:24:8b:94:43:1d:
         e8:50:07:de
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUceWtLS3ELDxlWmmgLSbDl7+QpFkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI1MTc0MTE0WhcNMjUwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDgxYjdkZWYzZmJkOGVhMTVkZGRhY2NlYjBjODdlOGE2
MWU4NjA5NThkOGYyNjVmMmY5ZDY5Yjg0Y2RlMjhhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1NyjkqRQdFuceA+oZfm6YWQwUv89mIztx0qUCrNkBTOGB
UqhD+tCuO4u+TniZx0KHWkL61G8O+b/b4spCwU9dxjEisw4W/CXcPPIzjCAMRHx8
GEJfqIwFF9DlEI7aEHiQnWWgPn3N1BCEj+rw862Ye2xSGeMtuu8lc/BDFIsh+oSR
CXmOZ8yUkj2Riq7qbF+zEnG3rQ0hLQg93EXW+Z09woI0RswL6J9aMaQmtPJOXEmP
bDlgEqBPNmep4eYtOcTaumodESrC/9w8pVWrzTxNqzECqrRyI9uuoLz+T3UNT/1B
9SfqAzEwRcwK6i4VLm2XZNjmOn4C/CR6I4WGfYrhAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUVmzU/bL285g4j7LgamTW0gz9VykwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzNzRlMDIyLTk1NzAtNDlhMy1hYjZmLTc2YTQwNTkwYzE1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//geAwDQYJKoZIhvcNAQELBQADggEBADepMOaX9seTlL+mB2WmplMy
gdcgncncSL5AkjWM2w3xy/2NGfYEGcSi5epicGJf4cBgIwVJjoIx3Ybiso2XCnmB
gWukoN8VfLTMH78dY4XUsiz15UV3VpkxNYRLJt08XKDJxLEyOMqrJL55niAYU3yx
X1rzNPlsDQDGN5SwrtoGWtoJkluqPn3XnDJ65LoA157DZgd9cSNtweFJMHV2ImJv
v3EMNaEiLywNLAVWB+y2G0jvTYLkKhroUY+1zYzl/5rHpELtE4oJDge/mWOIS0Ls
F+VhvEvBc6Q0fPySMiX1V2LXo6pjnucnnU0ctg78poGZBkbBVtski5RDHehQB94=
-----END CERTIFICATE-----