Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/535ea099-1417-4f80-aa37-e10c92ee2b94.roa
File:                     535ea099-1417-4f80-aa37-e10c92ee2b94.roa (raw, json)
Hash identifier:          hrEEj4d/mO0lzpHUi2/UIZNWhoLPJJf1G0ncRoU1cSA=
Subject key identifier:   D8:FA:02:E9:E0:B9:6F:6C:4D:C3:0F:77:97:8E:C6:AB:72:FB:66:9B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1AF61E1377F52FF4E23666D8ACCF50869996F878
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/535ea099-1417-4f80-aa37-e10c92ee2b94.roa
Signing time:             Fri 28 Mar 2025 17:20:19 +0000
ROA not before:           Fri 28 Mar 2025 17:20:19 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f25:4000::/36 maxlen: 36

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:f6:1e:13:77:f5:2f:f4:e2:36:66:d8:ac:cf:50:86:99:96:f8:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 17:20:19 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=e002ef60e1bf77c23dcb2da29aa67999789b256974af2b46cb60841e0713201d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bb:ff:42:d2:da:cf:22:23:c0:bb:23:4e:63:
                    d3:73:80:9e:7f:06:21:2a:9d:a8:3c:3c:ac:12:fb:
                    c9:04:03:10:b6:5a:f6:d5:9f:78:a3:8c:90:30:e7:
                    b9:8c:f9:82:e5:71:e2:9f:85:dd:72:aa:ce:bd:fb:
                    94:c9:1a:11:a4:c3:f4:7b:43:e5:fd:46:e0:59:db:
                    94:be:b8:e8:11:32:29:f9:77:49:5c:96:f4:e5:ef:
                    81:e0:41:f9:c3:19:4d:ef:5b:d6:57:99:44:48:c8:
                    71:63:2c:17:ef:4d:17:8d:00:8d:08:f2:98:59:38:
                    8a:fc:24:69:8e:d6:18:11:d5:2b:b6:54:13:d4:5f:
                    ef:30:74:b8:fa:8b:87:cd:d2:fe:85:aa:7b:20:95:
                    03:1a:ce:11:bb:7d:10:10:ac:26:de:b7:61:db:09:
                    f5:80:41:2c:34:44:88:45:2c:f9:22:68:f3:a1:0b:
                    50:de:76:07:fc:80:2b:5a:0d:87:1c:89:96:86:c6:
                    89:23:81:81:56:f7:e6:7e:68:00:93:05:54:f0:6f:
                    74:b1:fb:18:b1:37:22:c5:54:3d:c3:e4:fc:81:8e:
                    aa:4b:7a:71:31:63:13:3f:3a:90:42:99:59:fb:5b:
                    39:be:77:77:e9:72:8e:fa:4d:6d:14:d7:37:97:ea:
                    74:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:FA:02:E9:E0:B9:6F:6C:4D:C3:0F:77:97:8E:C6:AB:72:FB:66:9B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/535ea099-1417-4f80-aa37-e10c92ee2b94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f25:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         6a:a6:54:8e:28:ad:73:c5:ab:d4:72:d7:02:6d:3c:df:fb:e0:
         73:29:5e:b2:db:44:ca:ac:70:c2:81:95:57:e3:12:a3:cf:2e:
         02:b0:46:bf:29:b4:44:82:ae:74:f8:47:d8:f0:96:9e:c8:a4:
         16:b3:f1:76:6a:6d:6e:08:c0:60:71:0b:f1:d3:ef:48:f0:bb:
         d7:6d:b4:31:66:b4:48:62:a1:0a:aa:ab:a9:96:8d:43:14:1f:
         d9:4a:55:73:41:d3:7c:6a:20:6c:bc:90:6f:a7:99:50:86:b3:
         35:a2:98:fc:25:fd:d2:8e:3e:54:17:33:05:d9:d8:d9:e8:8f:
         db:f9:c4:63:34:e5:06:d1:41:02:f6:4c:04:86:d3:4a:8b:74:
         2b:32:57:0a:99:e6:f2:fb:26:8f:28:2a:fc:6f:50:8a:7c:c5:
         d2:60:ad:e6:29:e9:19:88:04:e0:77:6b:c9:c3:2b:46:e5:4c:
         3a:47:de:3b:0f:22:b0:69:4b:70:c1:70:c5:33:ad:c0:d1:cb:
         f7:da:e4:f9:04:74:6a:27:a9:dd:07:f0:06:b5:0c:5f:b9:39:
         02:ff:92:c7:62:ec:7f:7c:c0:75:66:af:bc:dd:8e:20:87:d2:
         63:d7:23:a5:b7:bd:92:40:b0:b0:56:6a:44:48:26:6c:e0:7c:
         e9:bf:f6:33
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGvYeE3f1L/TiNmbYrM9QhpmW+HgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTcyMDE5WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMDAyZWY2MGUxYmY3N2MyM2RjYjJkYTI5YWE2Nzk5OTc4
OWIyNTY5NzRhZjJiNDZjYjYwODQxZTA3MTMyMDFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0u/9C0trPIiPAuyNOY9NzgJ5/BiEqnag8PKwS+8kEAxC2
WvbVn3ijjJAw57mM+YLlceKfhd1yqs69+5TJGhGkw/R7Q+X9RuBZ25S+uOgRMin5
d0lclvTl74HgQfnDGU3vW9ZXmURIyHFjLBfvTReNAI0I8phZOIr8JGmO1hgR1Su2
VBPUX+8wdLj6i4fN0v6FqnsglQMazhG7fRAQrCbet2HbCfWAQSw0RIhFLPkiaPOh
C1Dedgf8gCtaDYcciZaGxokjgYFW9+Z+aACTBVTwb3Sx+xixNyLFVD3D5PyBjqpL
enExYxM/OpBCmVn7Wzm+d3fpco76TW0U1zeX6nTTAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU2PoC6eC5b2xNww93l47Gq3L7ZpswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzNWVhMDk5LTE0MTctNGY4MC1hYTM3LWUxMGM5MmVlMmI5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8lQDANBgkqhkiG9w0BAQsFAAOCAQEAaqZUjiitc8Wr1HLXAm083/vg
cylesttEyqxwwoGVV+MSo88uArBGvym0RIKudPhH2PCWnsikFrPxdmptbgjAYHEL
8dPvSPC71220MWa0SGKhCqqrqZaNQxQf2UpVc0HTfGogbLyQb6eZUIazNaKY/CX9
0o4+VBczBdnY2eiP2/nEYzTlBtFBAvZMBIbTSot0KzJXCpnm8vsmjygq/G9QinzF
0mCt5inpGYgE4HdrycMrRuVMOkfeOw8isGlLcMFwxTOtwNHL99rk+QR0aiep3Qfw
BrUMX7k5Av+Sx2Lsf3zAdWavvN2OIIfSY9cjpbe9kkCwsFZqREgmbOB86b/2Mw==
-----END CERTIFICATE-----