Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c14546f-f38c-431d-9be7-a4ffe6127ae5.roa
File:                     4c14546f-f38c-431d-9be7-a4ffe6127ae5.roa (raw, json)
Hash identifier:          IgaZyjJNoTZfuOVQljpErG4DdWDRD0iI8ze4cGOSgJY=
Subject key identifier:   94:A8:CB:14:77:15:CF:3E:A1:0E:2B:2A:DC:40:87:81:5D:9B:BC:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72784F8C47F8AB02A274C5CFD9DD6BA6A185547E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c14546f-f38c-431d-9be7-a4ffe6127ae5.roa
Signing time:             Wed 09 Apr 2025 00:10:59 +0000
ROA not before:           Wed 09 Apr 2025 00:10:59 +0000
ROA not after:            Wed 14 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff8:a400::/40 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:78:4f:8c:47:f8:ab:02:a2:74:c5:cf:d9:dd:6b:a6:a1:85:54:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  9 00:10:59 2025 GMT
            Not After : May 14 23:59:59 2025 GMT
        Subject: serialNumber=5f542b918fdfc7b62a44f3df831c1a5cd5725623e8b1f839dfc922b9079e28a2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:dc:4e:00:7e:0f:bd:b4:a3:18:2d:d1:71:06:
                    1e:b6:37:75:59:7b:56:25:20:72:76:4f:ae:77:e7:
                    1e:4e:0e:dc:ff:78:98:d9:6f:58:bf:15:3a:58:3f:
                    56:7a:ce:2f:18:6f:d4:fb:69:52:59:59:12:a8:33:
                    71:79:c6:1a:78:fa:ac:1c:0a:fb:4a:cf:2a:ff:e5:
                    a7:1c:f0:ea:37:1a:74:00:37:be:41:d1:0f:d4:4f:
                    c3:87:dc:00:96:7e:48:20:26:75:e0:40:1d:79:3f:
                    37:41:cc:25:b3:2e:cb:fe:f4:97:ac:29:5e:33:98:
                    79:a8:54:f6:64:9c:29:68:9d:5a:9c:f4:1e:bb:d9:
                    8d:5b:fb:db:70:97:27:72:17:07:df:56:12:d9:97:
                    26:cd:ff:b8:1b:a6:51:62:94:bd:d4:54:dc:17:93:
                    56:94:a8:76:50:5f:10:23:92:00:55:d0:33:c8:1a:
                    39:58:42:20:12:74:8f:6d:f9:6f:56:28:5f:91:27:
                    f5:75:d8:26:f1:5b:7c:9d:c7:47:d0:b9:d2:f8:3e:
                    7a:42:67:0d:75:3a:a6:69:f9:8b:bb:70:81:60:81:
                    e8:f4:ea:db:25:34:46:33:97:01:cc:35:8f:02:96:
                    50:7b:ab:1c:07:35:82:88:1b:b0:f2:76:84:66:54:
                    05:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A8:CB:14:77:15:CF:3E:A1:0E:2B:2A:DC:40:87:81:5D:9B:BC:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c14546f-f38c-431d-9be7-a4ffe6127ae5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff8:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:7c:fe:aa:4a:02:37:a3:92:a1:54:03:9e:cf:27:a5:8e:dc:
         95:8c:68:ac:ce:a4:1b:78:91:08:1e:d3:89:ec:5e:c8:c4:57:
         3d:53:1c:7d:eb:cb:ce:7e:60:e0:e3:ca:65:9f:cb:4b:d5:36:
         41:98:6b:25:bf:05:be:90:85:fb:87:c1:f5:37:b8:5f:36:39:
         05:6b:ea:40:15:f8:c4:dd:f0:45:11:9a:39:2a:12:60:de:f9:
         15:b8:a2:af:ae:17:2c:e2:5e:1b:ac:2b:0e:b5:54:64:95:83:
         6e:5a:e8:2c:b8:9c:ff:27:78:56:28:92:ca:6f:59:6f:ed:b1:
         d2:a7:e1:cd:6a:64:21:ea:c2:2a:c7:1f:5b:0d:60:99:38:c0:
         d7:56:95:4c:66:9b:de:cd:6e:71:3b:e4:71:c6:1c:27:2f:5e:
         da:ce:64:6b:77:89:3b:e3:ba:8f:7a:ab:bb:6e:7c:38:30:7c:
         05:8f:c1:93:18:89:88:a3:f1:e0:28:b8:bf:95:d3:9a:a1:7c:
         2b:85:2b:a8:82:74:ae:a9:32:9b:50:1b:71:37:01:8f:73:b2:
         61:c1:eb:dd:6b:f9:41:61:79:c7:7d:b4:96:76:7f:12:d2:94:
         26:b5:3e:3d:6f:55:d0:0d:3e:b8:04:b1:c6:6e:73:6e:d9:63:
         9a:e9:8f:58
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUcnhPjEf4qwKidMXP2d1rpqGFVH4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA5MDAxMDU5WhcNMjUwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjU0MmI5MThmZGZjN2I2MmE0NGYzZGY4MzFjMWE1Y2Q1
NzI1NjIzZThiMWY4MzlkZmM5MjJiOTA3OWUyOGEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCk3E4Afg+9tKMYLdFxBh62N3VZe1YlIHJ2T6535x5ODtz/
eJjZb1i/FTpYP1Z6zi8Yb9T7aVJZWRKoM3F5xhp4+qwcCvtKzyr/5acc8Oo3GnQA
N75B0Q/UT8OH3ACWfkggJnXgQB15PzdBzCWzLsv+9JesKV4zmHmoVPZknClonVqc
9B672Y1b+9twlydyFwffVhLZlybN/7gbplFilL3UVNwXk1aUqHZQXxAjkgBV0DPI
GjlYQiASdI9t+W9WKF+RJ/V12CbxW3ydx0fQudL4PnpCZw11OqZp+Yu7cIFggej0
6tslNEYzlwHMNY8CllB7qxwHNYKIG7DydoRmVAVPAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUlKjLFHcVzz6hDisq3ECHgV2bvE8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjMTQ1NDZmLWYzOGMtNDMxZC05YmU3LWE0ZmZlNjEyN2FlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/4pDANBgkqhkiG9w0BAQsFAAOCAQEAKnz+qkoCN6OSoVQDns8npY7c
lYxorM6kG3iRCB7TiexeyMRXPVMcfevLzn5g4OPKZZ/LS9U2QZhrJb8FvpCF+4fB
9Te4XzY5BWvqQBX4xN3wRRGaOSoSYN75Fbiir64XLOJeG6wrDrVUZJWDblroLLic
/yd4ViiSym9Zb+2x0qfhzWpkIerCKscfWw1gmTjA11aVTGab3s1ucTvkccYcJy9e
2s5ka3eJO+O6j3qru258ODB8BY/BkxiJiKPx4Ci4v5XTmqF8K4UrqIJ0rqkym1Ab
cTcBj3OyYcHr3Wv5QWF5x320lnZ/EtKUJrU+PW9V0A0+uASxxm5zbtljmumPWA==
-----END CERTIFICATE-----