Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/93e28015-6dec-4af0-a5c0-8184c89fffb8.roa
File:                     93e28015-6dec-4af0-a5c0-8184c89fffb8.roa (raw, json)
Hash identifier:          Xu4N9uu3J3SI33Yjm2w9kF5P3osQU6wkI8gGg6EkjKY=
Subject key identifier:   09:A1:62:49:7B:5D:E8:CB:FD:2B:6F:37:B4:C4:98:0A:2C:DF:6F:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0FFA0C82D892F00DEE50D53C3E3C38C56F22A9C5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/93e28015-6dec-4af0-a5c0-8184c89fffb8.roa
Signing time:             Fri 28 Mar 2025 16:01:02 +0000
ROA not before:           Fri 28 Mar 2025 16:01:02 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f69:8000::/39 maxlen: 39

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:fa:0c:82:d8:92:f0:0d:ee:50:d5:3c:3e:3c:38:c5:6f:22:a9:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:01:02 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=af13da8c24b102b9b14cf8d7770a40186188f128aaf8bf7ce48a30d5d1e2f208, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a8:f2:c0:93:a1:d5:11:fb:7b:22:cd:62:fc:
                    a7:f5:15:fb:3d:96:4e:39:f6:03:86:38:f3:23:d7:
                    45:5b:0e:c9:1e:6e:8b:de:1d:75:94:54:fc:89:3f:
                    93:d2:9b:76:92:41:65:1b:c2:a8:be:e2:a9:a8:c6:
                    a6:b5:d7:1c:ec:30:12:df:6a:e3:d2:a9:15:ad:59:
                    f4:bd:64:da:4a:be:2c:82:bc:28:95:cb:ba:f3:e5:
                    ae:ae:5e:74:5b:b9:cd:90:29:1c:2b:7b:66:12:33:
                    74:42:bd:4b:6f:c3:43:23:14:5b:40:20:a9:d8:ba:
                    3f:2d:2e:35:6b:1e:92:7a:ca:84:13:62:33:7e:a4:
                    0f:76:a2:71:06:71:a1:bd:14:48:46:48:e6:7b:18:
                    35:40:5d:43:90:da:9f:d1:19:75:59:32:f2:ea:e7:
                    3b:f4:6f:01:dc:cb:4b:67:a0:ac:5c:4a:6d:1f:cf:
                    e5:c3:63:b4:3c:26:75:27:8e:0c:01:bc:7b:3d:7b:
                    a1:db:05:8b:9e:0b:45:ac:92:e2:96:df:ef:26:d7:
                    3f:2f:ec:ed:45:94:90:1a:5b:7f:de:a3:2c:e0:ce:
                    0a:ac:98:35:d7:a9:d1:10:28:a9:02:8e:44:ed:28:
                    30:ae:a3:97:56:a1:55:8d:64:a3:6d:b7:36:21:40:
                    96:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A1:62:49:7B:5D:E8:CB:FD:2B:6F:37:B4:C4:98:0A:2C:DF:6F:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/93e28015-6dec-4af0-a5c0-8184c89fffb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         70:1b:6e:e2:c8:26:04:55:35:81:a2:82:fd:5a:b5:c9:e2:87:
         15:e7:fc:96:52:61:5c:59:cc:e5:79:a1:30:62:57:b5:39:22:
         2c:92:3f:ef:e5:e1:0c:9c:aa:92:6e:29:86:0b:72:bf:1f:6e:
         59:eb:5c:67:97:46:0c:57:77:f2:ea:9e:57:f6:7a:29:df:0f:
         e5:8a:68:c5:58:62:21:3e:9f:08:2d:7e:ef:a8:96:28:4c:be:
         6b:e3:08:44:66:7d:f5:51:58:64:e3:19:20:eb:d0:21:34:94:
         82:9c:8e:1c:af:75:15:39:33:2b:84:70:eb:37:38:df:bc:51:
         e7:95:2b:d1:16:5d:35:87:b4:9d:77:17:e1:70:34:1b:9d:51:
         ba:d7:d4:8f:fd:cd:a7:4b:08:51:95:6b:f5:5e:f9:57:7b:17:
         24:01:9b:d6:fb:18:35:47:11:21:f6:15:c0:c9:3e:c4:8c:9a:
         68:82:a5:65:1e:f7:57:00:7d:10:a1:02:7f:6e:5a:cb:d5:35:
         77:6a:d9:a2:95:55:7e:1c:0b:f2:69:7e:33:ba:8e:a8:5b:13:
         4d:5c:8a:48:61:9f:d7:3e:5e:68:e1:5e:cb:a9:a2:4d:8e:c0:
         cf:d8:f0:21:86:2e:ee:12:1d:e4:00:ea:66:83:ec:63:dc:d1:
         d3:e1:0a:9d
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUD/oMgtiS8A3uUNU8Pjw4xW8iqcUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYwMTAyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZjEzZGE4YzI0YjEwMmI5YjE0Y2Y4ZDc3NzBhNDAxODYx
ODhmMTI4YWFmOGJmN2NlNDhhMzBkNWQxZTJmMjA4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiqPLAk6HVEft7Is1i/Kf1Ffs9lk459gOGOPMj10VbDske
boveHXWUVPyJP5PSm3aSQWUbwqi+4qmoxqa11xzsMBLfauPSqRWtWfS9ZNpKviyC
vCiVy7rz5a6uXnRbuc2QKRwre2YSM3RCvUtvw0MjFFtAIKnYuj8tLjVrHpJ6yoQT
YjN+pA92onEGcaG9FEhGSOZ7GDVAXUOQ2p/RGXVZMvLq5zv0bwHcy0tnoKxcSm0f
z+XDY7Q8JnUnjgwBvHs9e6HbBYueC0WskuKW3+8m1z8v7O1FlJAaW3/eoyzgzgqs
mDXXqdEQKKkCjkTtKDCuo5dWoVWNZKNttzYhQJb9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUCaFiSXtd6Mv9K283tMSYCizfb+swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkzZTI4MDE1LTZkZWMtNGFmMC1hNWMwLTgxODRjODlmZmZiOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB9pgDANBgkqhkiG9w0BAQsFAAOCAQEAcBtu4sgmBFU1gaKC/Vq1yeKH
Fef8llJhXFnM5XmhMGJXtTkiLJI/7+XhDJyqkm4phgtyvx9uWetcZ5dGDFd38uqe
V/Z6Kd8P5YpoxVhiIT6fCC1+76iWKEy+a+MIRGZ99VFYZOMZIOvQITSUgpyOHK91
FTkzK4Rw6zc437xR55Ur0RZdNYe0nXcX4XA0G51RutfUj/3Np0sIUZVr9V75V3sX
JAGb1vsYNUcRIfYVwMk+xIyaaIKlZR73VwB9EKECf25ay9U1d2rZopVVfhwL8ml+
M7qOqFsTTVyKSGGf1z5eaOFey6miTY7Az9jwIYYu7hId5ADqZoPsY9zR0+EKnQ==
-----END CERTIFICATE-----