Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2af3cff2-866a-4113-89c5-1f4d664924c6.roa
File:                     2af3cff2-866a-4113-89c5-1f4d664924c6.roa (raw, json)
Hash identifier:          8uQTzF+pt01uY/haYriSihA+UoGtPHjJuSrcsRMEAhM=
Subject key identifier:   90:47:21:F6:EF:8D:80:BB:2F:17:73:C7:70:C1:DC:E3:0C:88:29:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3247D71F9826EBC010CAD997E5A3152B3D91F268
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2af3cff2-866a-4113-89c5-1f4d664924c6.roa
Signing time:             Tue 08 Apr 2025 00:10:30 +0000
ROA not before:           Tue 08 Apr 2025 00:10:30 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f01:4806::/47 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:47:d7:1f:98:26:eb:c0:10:ca:d9:97:e5:a3:15:2b:3d:91:f2:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  8 00:10:30 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=27b53ca662f8d5087daadea9a8abd8d8724de7fe6ec21769920ccd54564a28bb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:78:bb:e0:83:6a:f2:ec:96:1d:c2:de:dd:aa:
                    b9:c8:98:72:92:9f:b9:c3:d6:f8:3e:7d:9a:ea:d9:
                    af:95:47:2c:f4:c0:70:6a:dc:b4:a1:e5:79:77:58:
                    a9:52:96:5d:25:7f:11:ed:eb:39:93:ae:eb:3a:3b:
                    7a:ca:c9:2b:96:b1:b1:55:5c:5c:68:52:65:67:e4:
                    58:18:eb:95:b6:d9:31:fe:29:ad:e4:f9:06:84:f0:
                    ab:2f:3a:d8:41:95:11:c3:f0:f1:f1:d0:6c:18:f4:
                    55:bb:e6:30:d4:c6:78:3c:8d:89:ee:6b:06:16:47:
                    c9:21:8c:f4:74:e5:7f:36:7a:59:02:c7:3c:05:27:
                    58:84:cc:7f:da:70:6f:17:3f:5e:a2:32:17:a5:49:
                    64:f4:c5:89:13:6b:e8:83:fe:2a:04:e0:3f:1d:61:
                    36:ff:59:8d:7c:98:42:e8:74:73:81:3a:9a:56:b4:
                    03:d6:27:34:53:0b:b4:43:1e:f5:78:1d:70:d0:b1:
                    63:8a:83:9a:4f:0c:34:3a:41:8e:c0:03:95:b8:1c:
                    11:a8:1c:ed:27:b6:c7:7b:57:7f:63:1c:bd:20:7a:
                    7e:a6:ee:ed:de:0e:a7:89:74:ab:1f:31:24:b3:38:
                    fd:8d:01:c5:8e:7d:c5:2e:48:cf:ea:8d:77:d7:38:
                    9a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:47:21:F6:EF:8D:80:BB:2F:17:73:C7:70:C1:DC:E3:0C:88:29:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2af3cff2-866a-4113-89c5-1f4d664924c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f01:4806::/47

    Signature Algorithm: sha256WithRSAEncryption
         b8:b5:22:c6:58:68:39:6d:68:05:1c:4e:3c:f1:41:41:cd:17:
         6b:d3:f4:da:0d:2f:5e:94:53:0c:ae:c3:d6:56:7a:27:cb:0a:
         ce:cf:6a:10:f6:94:48:ed:50:2b:3f:89:5b:5d:8d:79:f8:c6:
         ee:f0:d8:79:0c:3f:00:51:b8:07:ca:5b:6c:62:78:64:11:16:
         f0:ad:6e:cb:9e:85:fd:3b:62:5b:a4:13:44:56:09:ab:12:85:
         16:b1:ae:15:74:45:87:1b:da:73:2c:dd:5d:a2:2d:02:d1:2d:
         51:75:0b:5a:97:c8:e5:f7:66:43:cd:aa:75:bf:7e:e0:97:d2:
         24:74:dc:a8:73:d2:52:42:ba:86:c2:5b:74:a0:4d:6f:a5:01:
         27:43:ab:1a:81:97:13:3d:39:b6:23:02:49:75:6b:49:fa:11:
         3c:bb:34:a7:74:26:62:ce:d3:d5:a7:73:53:a0:6d:7f:a0:1e:
         72:e2:b2:ef:1d:77:05:6d:c2:2b:d6:97:51:7c:98:45:a1:9c:
         a5:75:42:bc:86:78:3f:e0:d5:d7:6f:10:8f:ce:ad:0d:3f:54:
         7c:3e:fb:4e:95:49:0f:ec:b9:41:66:3d:ea:f5:a8:19:2c:83:
         48:66:1a:f7:5e:5a:ac:e1:8b:3a:10:4a:c7:4d:0a:7f:39:1a:
         eb:bb:6c:46
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUMkfXH5gm68AQytmX5aMVKz2R8mgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA4MDAxMDMwWhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyN2I1M2NhNjYyZjhkNTA4N2RhYWRlYTlhOGFiZDhkODcy
NGRlN2ZlNmVjMjE3Njk5MjBjY2Q1NDU2NGEyOGJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5eLvgg2ry7JYdwt7dqrnImHKSn7nD1vg+fZrq2a+VRyz0
wHBq3LSh5Xl3WKlSll0lfxHt6zmTrus6O3rKySuWsbFVXFxoUmVn5FgY65W22TH+
Ka3k+QaE8KsvOthBlRHD8PHx0GwY9FW75jDUxng8jYnuawYWR8khjPR05X82elkC
xzwFJ1iEzH/acG8XP16iMhelSWT0xYkTa+iD/ioE4D8dYTb/WY18mELodHOBOppW
tAPWJzRTC7RDHvV4HXDQsWOKg5pPDDQ6QY7AA5W4HBGoHO0ntsd7V39jHL0gen6m
7u3eDqeJdKsfMSSzOP2NAcWOfcUuSM/qjXfXOJpTAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUkEch9u+NgLsvF3PHcMHc4wyIKSYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJhZjNjZmYyLTg2NmEtNDExMy04OWM1LTFmNGQ2NjQ5MjRjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAB8BSAYwDQYJKoZIhvcNAQELBQADggEBALi1IsZYaDltaAUcTjzxQUHN
F2vT9NoNL16UUwyuw9ZWeifLCs7PahD2lEjtUCs/iVtdjXn4xu7w2HkMPwBRuAfK
W2xieGQRFvCtbsuehf07YlukE0RWCasShRaxrhV0RYcb2nMs3V2iLQLRLVF1C1qX
yOX3ZkPNqnW/fuCX0iR03Khz0lJCuobCW3SgTW+lASdDqxqBlxM9ObYjAkl1a0n6
ETy7NKd0JmLO09Wnc1OgbX+gHnLisu8ddwVtwivWl1F8mEWhnKV1QryGeD/g1ddv
EI/OrQ0/VHw++06VSQ/suUFmPer1qBksg0hmGvdeWqzhizoQSsdNCn85Guu7bEY=
-----END CERTIFICATE-----