Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7d7a322b-9790-4bc8-bd49-493feaff35d5.roa
File:                     7d7a322b-9790-4bc8-bd49-493feaff35d5.roa (raw, json)
Hash identifier:          J43F6fTqY83exzh34fRyD24bj9e8A+JBRklR9QaKPec=
Subject key identifier:   5D:0C:12:E8:A9:CC:5B:7E:77:FA:FD:80:34:AD:49:83:35:4F:BF:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7FA9C491B8F4135AE4B05D2509CA5F4BFC9D6C9C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7d7a322b-9790-4bc8-bd49-493feaff35d5.roa
Signing time:             Tue 08 Apr 2025 00:21:58 +0000
ROA not before:           Tue 08 Apr 2025 00:21:58 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff8:8000::/39 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:a9:c4:91:b8:f4:13:5a:e4:b0:5d:25:09:ca:5f:4b:fc:9d:6c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  8 00:21:58 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=342f104e548fd2dff0d1ed468f04e9f05463e6d95e5d92d07049303014d8009d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:43:3b:0a:63:af:cc:cc:a4:bc:6d:de:86:63:
                    3a:7f:c4:0b:08:1d:17:19:4b:99:75:d1:ae:cf:22:
                    8f:f8:be:38:b3:e5:fc:d8:40:b5:bf:7a:ca:9d:a6:
                    a1:0c:ee:ea:7f:05:ed:f5:93:99:a7:ef:18:8e:bf:
                    30:f4:64:d3:e6:f9:15:40:8b:d1:d1:b4:a0:f4:33:
                    3e:ad:f0:f0:b4:cf:74:8b:bf:f1:92:99:9f:3e:88:
                    07:d9:81:76:ee:9c:02:5d:36:42:0c:58:1b:1d:b7:
                    6a:1f:77:30:aa:da:c4:97:61:fa:d7:7f:04:4f:0a:
                    87:76:d1:63:bb:b4:92:6f:69:8c:d9:85:38:2d:de:
                    7d:e7:bd:8c:8a:42:a8:90:21:12:d1:33:49:87:e7:
                    1b:a5:f7:95:c6:00:b8:4e:c0:4b:02:4b:a3:13:77:
                    c5:c1:8c:2f:a9:26:d2:8e:5a:cc:7a:f8:13:9e:1e:
                    52:17:d1:9a:cf:7e:70:cd:68:c5:5c:2f:c0:40:95:
                    21:02:54:f4:36:7d:f6:7a:bf:57:ab:f1:57:6b:ac:
                    66:12:4c:81:9c:33:3f:02:bc:d3:79:47:a5:cb:0c:
                    fe:6d:94:36:a6:33:51:e9:bc:aa:94:71:e7:06:46:
                    f0:fb:64:23:53:7f:9c:da:a0:11:b0:6a:c2:40:95:
                    99:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:0C:12:E8:A9:CC:5B:7E:77:FA:FD:80:34:AD:49:83:35:4F:BF:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7d7a322b-9790-4bc8-bd49-493feaff35d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff8:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         99:8c:a5:d4:3a:b5:13:ef:0c:9f:9a:f6:52:ac:f4:7a:31:f7:
         2b:24:c8:03:16:3e:69:6b:60:24:65:5c:b8:01:05:96:4e:a8:
         02:c8:cc:ce:6d:30:0d:d3:70:fe:40:04:6d:2c:43:37:58:cc:
         ab:18:33:c9:9d:42:11:a3:39:4a:aa:60:0c:90:40:6e:c0:ae:
         7d:0d:14:ad:b8:9c:34:ef:61:53:b8:19:60:d9:65:f8:b8:99:
         ae:ea:ff:ab:c3:ff:34:96:c7:72:24:73:5d:83:18:14:0c:39:
         e0:6b:a9:42:b8:3e:48:ab:55:fc:40:70:8f:7a:1a:33:82:84:
         5d:f9:04:92:6f:27:dd:9f:78:36:43:f8:60:dc:cf:32:0e:90:
         4a:6d:66:89:5d:17:09:a2:09:4c:c2:87:45:2a:56:d9:de:8b:
         1b:dc:40:99:21:39:55:ef:e4:f6:25:f9:26:6c:d8:d4:69:ae:
         eb:22:1a:13:85:15:34:10:b1:ee:eb:bb:81:2b:84:2a:d5:b3:
         12:25:ee:d2:c3:96:65:3f:09:0e:83:8f:a7:06:ab:c7:f9:55:
         71:18:30:6f:83:cc:90:64:b1:1f:d5:94:46:69:9b:c4:d9:2c:
         c7:ae:63:c7:51:de:54:95:66:07:e1:20:46:ff:ef:47:a2:27:
         77:c9:04:46
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUf6nEkbj0E1rksF0lCcpfS/ydbJwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA4MDAyMTU4WhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDJmMTA0ZTU0OGZkMmRmZjBkMWVkNDY4ZjA0ZTlmMDU0
NjNlNmQ5NWU1ZDkyZDA3MDQ5MzAzMDE0ZDgwMDlkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiQzsKY6/MzKS8bd6GYzp/xAsIHRcZS5l10a7PIo/4vjiz
5fzYQLW/esqdpqEM7up/Be31k5mn7xiOvzD0ZNPm+RVAi9HRtKD0Mz6t8PC0z3SL
v/GSmZ8+iAfZgXbunAJdNkIMWBsdt2ofdzCq2sSXYfrXfwRPCod20WO7tJJvaYzZ
hTgt3n3nvYyKQqiQIRLRM0mH5xul95XGALhOwEsCS6MTd8XBjC+pJtKOWsx6+BOe
HlIX0ZrPfnDNaMVcL8BAlSECVPQ2ffZ6v1er8VdrrGYSTIGcMz8CvNN5R6XLDP5t
lDamM1HpvKqUcecGRvD7ZCNTf5zaoBGwasJAlZkLAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUXQwS6KnMW353+v2ANK1JgzVPv+0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdkN2EzMjJiLTk3OTAtNGJjOC1iZDQ5LTQ5M2ZlYWZmMzVkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/4gDANBgkqhkiG9w0BAQsFAAOCAQEAmYyl1Dq1E+8Mn5r2Uqz0ejH3
KyTIAxY+aWtgJGVcuAEFlk6oAsjMzm0wDdNw/kAEbSxDN1jMqxgzyZ1CEaM5Sqpg
DJBAbsCufQ0UrbicNO9hU7gZYNll+LiZrur/q8P/NJbHciRzXYMYFAw54GupQrg+
SKtV/EBwj3oaM4KEXfkEkm8n3Z94NkP4YNzPMg6QSm1miV0XCaIJTMKHRSpW2d6L
G9xAmSE5Ve/k9iX5JmzY1Gmu6yIaE4UVNBCx7uu7gSuEKtWzEiXu0sOWZT8JDoOP
pwarx/lVcRgwb4PMkGSxH9WURmmbxNksx65jx1HeVJVmB+EgRv/vR6Ind8kERg==
-----END CERTIFICATE-----