Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6790ee9a-7d7b-4416-9f0a-9fecab956ccf.roa
File:                     6790ee9a-7d7b-4416-9f0a-9fecab956ccf.roa (raw, json)
Hash identifier:          lTunvElhlhKCFbIAEe6cZTOcXlacSAoJKyz15w5dkQ8=
Subject key identifier:   24:BA:89:32:FA:6B:E5:6C:84:E6:9F:F3:F3:BA:F7:9E:96:85:F6:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15E02F4511330ECA13E77BDBD5E4DBF95119D7D8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6790ee9a-7d7b-4416-9f0a-9fecab956ccf.roa
Signing time:             Fri 28 Mar 2025 15:00:26 +0000
ROA not before:           Fri 28 Mar 2025 15:00:26 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ff6:2000::/40 maxlen: 40

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:e0:2f:45:11:33:0e:ca:13:e7:7b:db:d5:e4:db:f9:51:19:d7:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 15:00:26 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=888cb8c610fe6b432bfaaf58dd0d4eb800248163a5c4b135a2c501d68c36665d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5e:2c:48:a1:59:05:e1:62:f0:b5:21:0d:e8:
                    1e:a3:ea:3e:88:b5:7b:c5:ea:6f:d1:54:26:5c:72:
                    81:5e:28:c4:c7:85:81:5b:ce:db:18:32:b4:55:4e:
                    27:3b:22:cc:5d:92:be:74:36:61:7f:3e:22:ab:97:
                    89:30:d6:9a:8c:2d:9f:fe:ca:84:65:8d:a6:a3:eb:
                    bb:86:75:60:e3:13:2a:68:97:00:77:a2:39:21:48:
                    ce:6b:d5:e7:b5:4a:d1:96:ac:82:39:eb:d1:22:dc:
                    4e:42:78:8e:be:b3:7b:df:74:e1:f1:96:6c:dc:8a:
                    11:bc:f8:a4:69:b6:23:22:0f:18:31:f6:f3:c6:ce:
                    c7:6c:b4:c9:01:95:de:ec:8f:64:6c:8c:19:ad:e3:
                    57:b2:75:ed:8e:7f:bc:28:99:35:8d:a7:89:8a:71:
                    98:5f:8c:db:ca:a7:8e:20:bc:be:9a:16:49:8d:f9:
                    fa:60:22:4a:5c:35:d3:1a:d7:d8:0c:1e:a2:0c:96:
                    53:97:09:a5:74:f7:e9:ef:5f:0c:09:f8:88:34:d3:
                    87:0d:4c:85:be:5e:14:09:c1:9e:16:db:15:07:19:
                    b0:0e:89:f1:d3:45:bc:b4:e6:3b:d7:3e:92:86:9b:
                    f6:1a:6e:ac:53:4d:30:7c:20:fa:c9:c6:6a:62:17:
                    45:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:BA:89:32:FA:6B:E5:6C:84:E6:9F:F3:F3:BA:F7:9E:96:85:F6:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6790ee9a-7d7b-4416-9f0a-9fecab956ccf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         47:ae:f5:ca:61:2b:a0:e8:ef:83:d6:e8:5b:0a:d4:30:b6:38:
         85:37:8f:ef:a8:30:6d:94:65:11:95:db:59:ec:29:e1:f9:b4:
         fd:32:b0:44:4a:3f:da:ea:28:6d:03:1d:bf:9a:db:02:82:43:
         cb:16:31:bd:6f:72:e5:a9:8d:a7:c8:53:e7:20:ef:d0:03:67:
         0c:13:0c:c5:90:59:49:7d:79:7e:4e:2f:d3:2b:27:17:3e:20:
         17:d5:ee:e3:a4:f6:9f:db:2f:b7:76:af:de:36:59:7f:36:96:
         ca:62:7f:4f:50:be:08:f4:85:76:d2:1c:81:ce:3b:82:5c:8a:
         fc:2e:63:6b:9c:cf:26:8c:78:23:24:ec:00:da:ea:3e:c4:02:
         43:16:42:bd:80:79:9e:01:e9:12:23:3f:ab:1f:b6:38:92:a0:
         52:ec:a2:bb:32:bf:45:bb:d1:a2:b5:16:82:dc:3b:7c:38:44:
         0f:38:18:1a:4a:23:94:01:44:a9:ed:3e:e3:ee:f7:cf:fb:18:
         c0:57:7e:b6:38:bb:07:69:49:1c:15:b3:17:f8:7c:ec:d0:79:
         53:9c:42:19:77:38:44:cf:70:b8:46:7e:ad:28:4d:ff:49:96:
         2f:07:fa:9b:e8:3b:8c:78:a0:e4:b0:15:b8:86:03:19:f4:72:
         c0:6e:0d:f3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUFeAvRREzDsoT53vb1eTb+VEZ19gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTUwMDI2WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODhjYjhjNjEwZmU2YjQzMmJmYWFmNThkZDBkNGViODAw
MjQ4MTYzYTVjNGIxMzVhMmM1MDFkNjhjMzY2NjVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1XixIoVkF4WLwtSEN6B6j6j6ItXvF6m/RVCZccoFeKMTH
hYFbztsYMrRVTic7Isxdkr50NmF/PiKrl4kw1pqMLZ/+yoRljaaj67uGdWDjEypo
lwB3ojkhSM5r1ee1StGWrII569Ei3E5CeI6+s3vfdOHxlmzcihG8+KRptiMiDxgx
9vPGzsdstMkBld7sj2RsjBmt41eyde2Of7womTWNp4mKcZhfjNvKp44gvL6aFkmN
+fpgIkpcNdMa19gMHqIMllOXCaV09+nvXwwJ+Ig004cNTIW+XhQJwZ4W2xUHGbAO
ifHTRby05jvXPpKGm/YabqxTTTB8IPrJxmpiF0XvAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUJLqJMvpr5WyE5p/z87r3npaF9tkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY3OTBlZTlhLTdkN2ItNDQxNi05ZjBhLTlmZWNhYjk1NmNjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/2IDANBgkqhkiG9w0BAQsFAAOCAQEAR671ymEroOjvg9boWwrUMLY4
hTeP76gwbZRlEZXbWewp4fm0/TKwREo/2uoobQMdv5rbAoJDyxYxvW9y5amNp8hT
5yDv0ANnDBMMxZBZSX15fk4v0ysnFz4gF9Xu46T2n9svt3av3jZZfzaWymJ/T1C+
CPSFdtIcgc47glyK/C5ja5zPJox4IyTsANrqPsQCQxZCvYB5ngHpEiM/qx+2OJKg
UuyiuzK/RbvRorUWgtw7fDhEDzgYGkojlAFEqe0+4+73z/sYwFd+tji7B2lJHBWz
F/h87NB5U5xCGXc4RM9wuEZ+rShN/0mWLwf6m+g7jHig5LAVuIYDGfRywG4N8w==
-----END CERTIFICATE-----