Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7873fdb-b89a-4bdc-bc40-0995b97e1dd9.roa
File:                     c7873fdb-b89a-4bdc-bc40-0995b97e1dd9.roa (raw, json)
Hash identifier:          wbeccUKliTcaDqPD/kXSE9aMSnToVjUg7vPBGKG8OSU=
Subject key identifier:   4A:1B:A2:ED:D8:D5:0B:DB:18:23:1E:7D:40:12:4B:B2:F2:64:03:24
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0384B18A24316496BA7A508561D837E80E8BD1B6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7873fdb-b89a-4bdc-bc40-0995b97e1dd9.roa
Signing time:             Fri 28 Mar 2025 17:21:07 +0000
ROA not before:           Fri 28 Mar 2025 17:21:07 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f1f:4000::/36 maxlen: 36

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:84:b1:8a:24:31:64:96:ba:7a:50:85:61:d8:37:e8:0e:8b:d1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 17:21:07 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=cd7f6d9d110c6197b8c04c522eca7ed9571077aa4e7e4c36c6b34de534433a75, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ed:68:90:e3:bd:fc:17:19:bd:c6:6e:9e:85:
                    fd:ca:b4:93:d6:54:95:7c:b3:3f:bf:66:2c:67:4d:
                    2a:66:18:52:73:31:2b:8a:09:c0:02:32:f0:62:e7:
                    11:81:9e:42:f1:65:88:e1:e1:f6:ae:ca:bb:a8:d4:
                    d7:22:6b:9b:44:62:67:3b:4d:1b:fa:ad:f6:8c:7d:
                    0a:e6:0c:e3:50:8d:d0:3d:cc:8e:dc:41:e1:b2:ab:
                    c9:a0:ec:06:fc:c5:8b:c5:63:13:ca:f5:d3:e5:2d:
                    a3:92:62:94:f9:c3:8a:ee:1c:51:1f:c0:ce:70:56:
                    2e:23:85:8d:45:29:ec:aa:33:99:7e:ad:ac:b4:fb:
                    ce:12:38:4a:dd:67:ce:b6:91:d7:42:2a:be:68:16:
                    ef:19:5d:89:a6:72:7e:ed:96:63:c6:bd:0a:72:db:
                    83:30:fe:08:be:fa:03:f8:4e:9d:73:7b:7a:00:ea:
                    5f:a1:37:63:8d:19:16:96:e7:80:58:b9:37:e7:2c:
                    12:1f:78:79:a1:96:71:d6:de:0d:c3:e4:ed:3a:b8:
                    36:2f:17:23:ed:af:24:cc:82:95:de:38:34:52:57:
                    eb:ec:83:5d:1e:b7:a9:8a:66:8e:b1:74:f7:9c:87:
                    60:e4:7b:fe:2e:cd:10:57:06:3d:ce:55:0a:b6:23:
                    cf:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:1B:A2:ED:D8:D5:0B:DB:18:23:1E:7D:40:12:4B:B2:F2:64:03:24
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7873fdb-b89a-4bdc-bc40-0995b97e1dd9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1f:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3f:50:c2:9a:74:03:23:c9:4d:c8:4c:77:58:89:03:f6:06:53:
         e2:af:b2:f2:e3:4a:31:c3:c0:67:2e:da:28:3a:f6:48:95:a9:
         f5:ea:e3:33:57:37:0d:52:d5:5a:e3:b6:51:cc:3d:f9:47:42:
         bf:75:87:32:5e:66:6f:35:f3:9a:db:1b:23:ce:9f:23:e5:3a:
         74:2e:1e:2a:6a:d8:c9:3b:03:bb:a1:bb:4f:07:8b:ae:a2:8e:
         45:01:0f:54:5a:a1:2c:55:2c:42:a7:04:07:d0:3b:4b:fa:9f:
         c4:96:26:12:bd:47:c7:3a:91:fb:45:70:ff:a0:d5:eb:ff:12:
         05:1f:38:5a:18:80:95:8c:20:5c:99:90:c6:d8:d3:d8:19:36:
         f7:b1:9d:98:65:16:e0:aa:df:6c:6f:78:e9:b1:e1:2a:53:c2:
         c9:30:42:0e:de:15:22:1e:dc:a4:82:68:be:55:a4:83:8b:26:
         1a:44:c2:08:c7:48:55:22:b2:1d:29:15:1b:42:2d:57:a2:b5:
         43:10:62:ba:19:b2:8c:12:72:4c:38:30:f7:6a:d4:8e:e3:ab:
         25:61:9d:92:ed:6b:3b:6f:7c:22:fb:68:26:c6:41:e7:98:1f:
         6c:2e:1b:de:44:47:e6:08:4f:27:f2:bb:11:d1:34:27:d8:0e:
         f4:c9:c0:ce
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUA4SxiiQxZJa6elCFYdg36A6L0bYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTcyMTA3WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZDdmNmQ5ZDExMGM2MTk3YjhjMDRjNTIyZWNhN2VkOTU3
MTA3N2FhNGU3ZTRjMzZjNmIzNGRlNTM0NDMzYTc1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCa7WiQ4738Fxm9xm6ehf3KtJPWVJV8sz+/ZixnTSpmGFJz
MSuKCcACMvBi5xGBnkLxZYjh4fauyruo1Ncia5tEYmc7TRv6rfaMfQrmDONQjdA9
zI7cQeGyq8mg7Ab8xYvFYxPK9dPlLaOSYpT5w4ruHFEfwM5wVi4jhY1FKeyqM5l+
ray0+84SOErdZ862kddCKr5oFu8ZXYmmcn7tlmPGvQpy24Mw/gi++gP4Tp1ze3oA
6l+hN2ONGRaW54BYuTfnLBIfeHmhlnHW3g3D5O06uDYvFyPtryTMgpXeODRSV+vs
g10et6mKZo6xdPech2Dke/4uzRBXBj3OVQq2I8+vAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUShui7djVC9sYIx59QBJLsvJkAyQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3ODczZmRiLWI4OWEtNGJkYy1iYzQwLTA5OTViOTdlMWRkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8fQDANBgkqhkiG9w0BAQsFAAOCAQEAP1DCmnQDI8lNyEx3WIkD9gZT
4q+y8uNKMcPAZy7aKDr2SJWp9erjM1c3DVLVWuO2Ucw9+UdCv3WHMl5mbzXzmtsb
I86fI+U6dC4eKmrYyTsDu6G7TweLrqKORQEPVFqhLFUsQqcEB9A7S/qfxJYmEr1H
xzqR+0Vw/6DV6/8SBR84WhiAlYwgXJmQxtjT2Bk297GdmGUW4KrfbG946bHhKlPC
yTBCDt4VIh7cpIJovlWkg4smGkTCCMdIVSKyHSkVG0ItV6K1QxBiuhmyjBJyTDgw
92rUjuOrJWGdku1rO298IvtoJsZB55gfbC4b3kRH5ghPJ/K7EdE0J9gO9MnAzg==
-----END CERTIFICATE-----