Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a1c06e57-fc5f-4705-8c07-450199fb8ad7.roa
File:                     a1c06e57-fc5f-4705-8c07-450199fb8ad7.roa (raw, json)
Hash identifier:          2RHhtD8pLbiawOudn+ex5/xUuzf3jk44MIFbs/+2f0E=
Subject key identifier:   64:D4:72:06:25:85:92:7B:18:99:CD:E5:AF:3F:D0:D5:FC:77:D0:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70AB9DD80BB4A7C400AD572AB2CDAE4566D658AF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a1c06e57-fc5f-4705-8c07-450199fb8ad7.roa
Signing time:             Tue 25 Mar 2025 17:32:15 +0000
ROA not before:           Tue 25 Mar 2025 17:32:15 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f00:81c0::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:ab:9d:d8:0b:b4:a7:c4:00:ad:57:2a:b2:cd:ae:45:66:d6:58:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 25 17:32:15 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=ad67c143f86ebc5dedddb31b1940732e009d98fe158fbf8d60df12844a525ed3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b7:be:bc:82:71:11:0f:a9:63:08:b9:4d:8d:
                    5e:3e:c6:ff:07:e5:22:bd:1f:99:ad:e2:c2:61:f0:
                    3b:d9:00:23:cf:9b:33:29:62:7a:f3:ce:97:22:75:
                    06:a9:d7:5b:fe:57:e7:bf:68:af:46:f4:7c:04:a3:
                    a7:83:e6:b7:91:98:fa:88:49:06:04:5a:6e:38:2b:
                    22:51:eb:db:e8:3a:fb:3f:ce:33:00:c9:8d:dd:c2:
                    43:9a:b5:a2:10:0c:14:35:06:41:15:38:8f:48:3f:
                    f7:dc:27:0f:89:12:62:99:a5:58:3e:bb:2b:e1:49:
                    67:c2:92:56:71:06:9e:02:ab:c6:85:b9:a7:7f:af:
                    09:0b:81:fe:d1:9e:a1:80:c9:a8:53:d5:20:71:c3:
                    f7:31:43:a4:96:3b:c7:1e:a1:07:08:18:5c:e4:ac:
                    e9:4e:29:a6:a5:a0:a3:44:a7:4a:61:71:f5:67:9e:
                    e9:a4:9f:44:80:70:21:57:7b:c7:40:62:67:86:06:
                    a1:63:47:b4:af:c2:8c:30:80:15:d9:08:cf:10:50:
                    2a:b6:52:83:75:2e:29:b7:0b:a2:ee:59:7a:43:8b:
                    5c:b4:88:c7:20:7b:f9:de:80:be:b8:68:a3:6d:72:
                    35:4b:d4:30:89:0b:eb:06:bd:51:41:19:f7:13:5d:
                    fc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:D4:72:06:25:85:92:7B:18:99:CD:E5:AF:3F:D0:D5:FC:77:D0:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a1c06e57-fc5f-4705-8c07-450199fb8ad7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:81c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:f5:00:5c:e8:bb:79:c7:f0:71:05:14:11:bb:11:3d:7a:0e:
         58:39:b9:f6:52:f3:7d:07:97:33:cb:14:88:0b:22:dd:01:c8:
         8f:6e:b6:5c:88:d5:e4:5e:93:14:2c:b2:a1:a9:65:b6:29:d8:
         43:54:b3:80:c5:22:a3:6b:ec:6e:43:90:d9:e5:88:69:bf:a6:
         fa:25:ae:45:07:f9:2b:63:e0:ec:44:16:4e:79:c9:19:c5:84:
         c2:af:12:14:9e:61:7c:a8:57:74:1f:6a:6b:14:f6:30:61:77:
         ab:f6:3e:ac:77:ae:1b:16:25:72:ff:d9:80:54:3b:e6:9b:7b:
         e1:b7:10:3f:9b:7a:af:38:be:67:a3:1a:89:af:38:e7:9a:f1:
         0f:5a:1e:c6:81:f3:66:e6:12:b5:f2:ab:b5:89:87:55:bf:3f:
         ae:d5:ca:db:d2:03:a6:36:14:83:90:2f:a8:64:7c:93:fd:cf:
         95:8f:43:22:da:a6:69:4c:d7:95:78:76:18:7c:7e:e6:c8:64:
         91:f5:40:58:b9:d4:bb:e7:6c:5f:14:98:ea:46:67:f0:fd:84:
         a1:ff:4e:a5:80:56:42:9b:42:bd:e9:c6:ae:18:3e:4a:41:c5:
         4c:39:2b:39:5a:dd:07:d2:52:16:fc:55:6e:5b:e3:1d:85:d1:
         c8:ff:d2:14
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcKud2Au0p8QArVcqss2uRWbWWK8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI1MTczMjE1WhcNMjUwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDY3YzE0M2Y4NmViYzVkZWRkZGIzMWIxOTQwNzMyZTAw
OWQ5OGZlMTU4ZmJmOGQ2MGRmMTI4NDRhNTI1ZWQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxt768gnERD6ljCLlNjV4+xv8H5SK9H5mt4sJh8DvZACPP
mzMpYnrzzpcidQap11v+V+e/aK9G9HwEo6eD5reRmPqISQYEWm44KyJR69voOvs/
zjMAyY3dwkOataIQDBQ1BkEVOI9IP/fcJw+JEmKZpVg+uyvhSWfCklZxBp4Cq8aF
uad/rwkLgf7RnqGAyahT1SBxw/cxQ6SWO8ceoQcIGFzkrOlOKaaloKNEp0phcfVn
numkn0SAcCFXe8dAYmeGBqFjR7SvwowwgBXZCM8QUCq2UoN1Lim3C6LuWXpDi1y0
iMcge/negL64aKNtcjVL1DCJC+sGvVFBGfcTXfxrAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUZNRyBiWFknsYmc3lrz/Q1fx30D0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ExYzA2ZTU3LWZjNWYtNDcwNS04YzA3LTQ1MDE5OWZiOGFkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AgcAwDQYJKoZIhvcNAQELBQADggEBALb1AFzou3nH8HEFFBG7ET16
Dlg5ufZS830HlzPLFIgLIt0ByI9utlyI1eRekxQssqGpZbYp2ENUs4DFIqNr7G5D
kNnliGm/pvolrkUH+Stj4OxEFk55yRnFhMKvEhSeYXyoV3QfamsU9jBhd6v2Pqx3
rhsWJXL/2YBUO+abe+G3ED+beq84vmejGomvOOea8Q9aHsaB82bmErXyq7WJh1W/
P67VytvSA6Y2FIOQL6hkfJP9z5WPQyLapmlM15V4dhh8fubIZJH1QFi51LvnbF8U
mOpGZ/D9hKH/TqWAVkKbQr3pxq4YPkpBxUw5Kzla3QfSUhb8VW5b4x2F0cj/0hQ=
-----END CERTIFICATE-----