Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26b55cb8-f721-470c-8d92-772c9c57d579.roa
File:                     26b55cb8-f721-470c-8d92-772c9c57d579.roa (raw, json)
Hash identifier:          fB6WMQD+HegRO4+LmlOr5dIXAqhsuvVC8xGGnkSnXKs=
Subject key identifier:   B2:EC:CF:91:0B:52:22:77:17:30:38:10:33:23:80:C1:92:A7:FF:6C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       332D243E2CD42A3E9C648837012F15BF8C8D78B1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26b55cb8-f721-470c-8d92-772c9c57d579.roa
Signing time:             Sat 12 Apr 2025 00:10:47 +0000
ROA not before:           Sat 12 Apr 2025 00:10:47 +0000
ROA not after:            Sat 17 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff5:1000::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:2d:24:3e:2c:d4:2a:3e:9c:64:88:37:01:2f:15:bf:8c:8d:78:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 12 00:10:47 2025 GMT
            Not After : May 17 23:59:59 2025 GMT
        Subject: serialNumber=96d7b1b1b38bce5f871b5c20d8c51d30e7ed4da9328f80b94d39a01dbd3ce6cd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6a:e0:02:c8:f4:a3:aa:d2:3f:32:39:8f:a2:
                    ed:09:fe:f4:f1:4f:50:71:4d:12:b9:bd:b9:0b:da:
                    e1:b6:d8:7d:38:89:c7:6c:e6:44:8a:60:86:9c:5e:
                    44:c9:0c:2a:55:85:95:16:84:c4:23:f3:ae:7f:56:
                    12:67:33:2a:3f:4d:a2:15:24:36:c4:5c:b3:ef:ef:
                    c1:09:8f:05:95:7b:69:b5:9c:01:97:35:62:f9:45:
                    ff:ca:d2:58:ae:f3:b5:9d:67:98:1e:f0:8d:e5:ef:
                    69:f9:b1:93:24:4c:66:15:a5:5a:52:31:a1:1f:5e:
                    14:bf:21:02:26:ae:72:80:6b:f2:e8:7a:40:68:e2:
                    64:19:e0:de:e9:f8:83:59:4a:04:97:fb:c9:40:74:
                    37:d4:b3:a2:29:82:ac:46:ec:a6:55:20:c0:43:b8:
                    4e:13:74:63:1c:0b:b3:b1:50:4a:4c:66:7b:c1:50:
                    3d:7e:ce:a7:23:c0:b3:ac:4a:d7:9c:c1:63:60:65:
                    72:b0:a5:6a:c3:a5:11:c0:b4:40:73:3f:53:ce:05:
                    ed:db:de:e8:cf:7b:f5:49:0d:66:26:61:5e:08:22:
                    73:d6:47:30:90:a2:3b:47:81:74:21:40:c4:ee:1d:
                    78:26:5f:1b:f4:51:73:b5:a3:95:b4:22:f8:98:15:
                    c1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:EC:CF:91:0B:52:22:77:17:30:38:10:33:23:80:C1:92:A7:FF:6C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26b55cb8-f721-470c-8d92-772c9c57d579.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         11:74:ec:71:cc:4d:fe:57:ad:88:a6:84:0e:82:88:6f:32:61:
         b7:4a:d8:7a:e9:ef:43:bc:ac:82:84:16:e5:e4:2a:7b:37:9c:
         fe:9d:9f:26:4f:cf:be:e8:1a:a4:12:4f:0d:4b:f0:82:1b:1d:
         2a:6e:e6:b0:20:87:5d:ec:6d:49:d3:fd:fe:d6:83:9f:64:7d:
         c0:ba:7e:53:90:e9:3d:98:03:5e:ba:93:0c:c2:d0:da:dc:11:
         f0:04:87:6f:6a:d6:26:aa:67:ae:92:a5:76:7c:70:1a:a8:3e:
         30:0b:99:16:a8:fa:ec:a7:ad:f2:3a:21:44:2a:b0:2e:81:ab:
         2d:e2:fc:46:c4:ba:91:c9:bc:2e:eb:58:be:34:96:ac:e6:51:
         c8:6f:57:7d:cd:74:09:44:57:fc:5b:73:a5:43:6c:d4:c4:66:
         4f:63:5c:25:e4:8d:78:be:c6:4b:d8:13:e2:19:0c:66:e7:a9:
         fc:1d:aa:38:4d:98:55:ed:24:28:34:9f:b0:35:12:7f:dd:6a:
         52:f9:83:38:d2:ff:5e:d4:c7:95:48:85:a2:d7:f3:76:90:ca:
         c9:56:17:db:08:d5:d1:59:52:d0:b6:3e:95:18:d3:5d:5c:65:
         78:f8:0a:49:e3:b5:55:f9:50:c9:13:41:bc:f1:6c:fb:a7:c2:
         27:35:d1:fc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMy0kPizUKj6cZIg3AS8Vv4yNeLEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDEyMDAxMDQ3WhcNMjUwNTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NmQ3YjFiMWIzOGJjZTVmODcxYjVjMjBkOGM1MWQzMGU3
ZWQ0ZGE5MzI4ZjgwYjk0ZDM5YTAxZGJkM2NlNmNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEauACyPSjqtI/MjmPou0J/vTxT1BxTRK5vbkL2uG22H04
icds5kSKYIacXkTJDCpVhZUWhMQj865/VhJnMyo/TaIVJDbEXLPv78EJjwWVe2m1
nAGXNWL5Rf/K0liu87WdZ5ge8I3l72n5sZMkTGYVpVpSMaEfXhS/IQImrnKAa/Lo
ekBo4mQZ4N7p+INZSgSX+8lAdDfUs6IpgqxG7KZVIMBDuE4TdGMcC7OxUEpMZnvB
UD1+zqcjwLOsStecwWNgZXKwpWrDpRHAtEBzP1POBe3b3ujPe/VJDWYmYV4IInPW
RzCQojtHgXQhQMTuHXgmXxv0UXO1o5W0IviYFcH9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUsuzPkQtSIncXMDgQMyOAwZKn/2wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI2YjU1Y2I4LWY3MjEtNDcwYy04ZDkyLTc3MmM5YzU3ZDU3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/1EDANBgkqhkiG9w0BAQsFAAOCAQEAEXTsccxN/letiKaEDoKIbzJh
t0rYeunvQ7ysgoQW5eQqezec/p2fJk/PvugapBJPDUvwghsdKm7msCCHXextSdP9
/taDn2R9wLp+U5DpPZgDXrqTDMLQ2twR8ASHb2rWJqpnrpKldnxwGqg+MAuZFqj6
7Ket8johRCqwLoGrLeL8RsS6kcm8LutYvjSWrOZRyG9Xfc10CURX/FtzpUNs1MRm
T2NcJeSNeL7GS9gT4hkMZuep/B2qOE2YVe0kKDSfsDUSf91qUvmDONL/XtTHlUiF
otfzdpDKyVYX2wjV0VlS0LY+lRjTXVxlePgKSeO1VflQyRNBvPFs+6fCJzXR/A==
-----END CERTIFICATE-----