Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0853223-d8a6-44c9-890f-c69fed185aac.roa
File:                     d0853223-d8a6-44c9-890f-c69fed185aac.roa (raw, json)
Hash identifier:          TKp6iAo8r2+f2ML3SDnAw2eheqEUtknlNDrh/wdpFP8=
Subject key identifier:   FB:37:D7:B7:D9:DD:98:ED:01:66:A5:22:8E:A4:AA:EC:C9:2F:66:9A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       459C9E370E1A751DE82B7A70413D63C6F19052F1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0853223-d8a6-44c9-890f-c69fed185aac.roa
Signing time:             Mon 31 Mar 2025 15:30:21 +0000
ROA not before:           Mon 31 Mar 2025 15:30:21 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f27:8000::/36 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:9c:9e:37:0e:1a:75:1d:e8:2b:7a:70:41:3d:63:c6:f1:90:52:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 31 15:30:21 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=d273bcf3a981920d147f7a2091b0f5ff0c3fe6e33319a614a81b2783f7982ed7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d5:46:1c:ae:6e:54:2d:11:7e:35:dd:35:17:
                    7b:de:17:bd:a6:79:16:1f:4c:9c:fa:49:da:46:6f:
                    48:a8:19:77:aa:4a:c0:73:72:5e:6a:fe:e7:c4:0b:
                    d6:60:db:72:f9:87:00:5a:58:d8:65:bb:a2:0e:30:
                    6f:cc:a8:23:ea:8d:2a:7f:9d:0f:14:04:86:c7:64:
                    a0:52:6b:4f:7c:30:07:b9:eb:ca:72:52:29:bf:c2:
                    1d:dc:38:5a:90:e8:01:69:df:17:ec:bc:f8:2c:2f:
                    db:81:3e:e5:b0:9e:d8:c2:de:e0:76:db:82:f4:84:
                    ea:5f:f4:8a:66:fe:d3:0c:52:97:69:ba:87:71:44:
                    5d:8e:ee:18:90:1f:56:b4:f0:ff:17:e5:26:12:92:
                    f2:87:f2:9c:21:15:df:60:1e:66:49:8e:60:16:53:
                    42:e4:e0:3c:cd:e2:58:5d:cd:7e:66:11:5e:c2:3b:
                    40:55:18:f8:33:42:88:7b:1a:81:36:f5:b1:8c:9d:
                    c7:16:8b:fe:a7:07:f0:16:e5:ca:ad:53:99:60:49:
                    74:3d:50:3f:36:d4:99:01:62:ff:8d:00:b0:ee:6c:
                    b6:c0:b7:49:06:d3:9c:3b:41:00:62:35:bc:26:4a:
                    ae:8f:46:c2:0a:6f:49:0a:bb:c3:59:1d:ad:1a:8c:
                    cd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:37:D7:B7:D9:DD:98:ED:01:66:A5:22:8E:A4:AA:EC:C9:2F:66:9A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0853223-d8a6-44c9-890f-c69fed185aac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f27:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         4e:32:52:75:ae:84:22:54:bd:70:8f:56:93:93:18:1f:47:db:
         9d:9a:88:35:f5:8e:23:ad:f3:77:42:d0:39:66:51:ef:ec:a4:
         eb:e6:71:35:e3:bd:48:01:ab:1d:29:e8:57:86:78:af:87:1f:
         b0:5d:16:6c:0d:9c:ed:a6:59:59:45:d9:75:c8:22:ae:74:8d:
         cd:60:f4:23:8e:0f:54:1f:63:62:44:ec:7d:31:73:13:56:23:
         f7:07:52:28:74:59:bd:13:26:be:b2:49:c6:78:d9:93:20:4c:
         f9:ac:30:a6:ac:71:5c:e7:6b:08:02:7e:62:11:49:a8:b2:dc:
         0f:27:bc:5e:6e:45:91:1e:c4:31:d1:72:85:40:5c:6e:a7:1d:
         dc:a1:4e:2f:fa:dd:f9:ff:b6:a7:2b:6e:3a:23:cd:87:47:de:
         76:3b:d6:d9:d9:aa:5a:60:34:02:0c:f7:c5:4a:e4:b6:27:8e:
         ed:f5:2f:6a:20:4a:43:fe:4a:d8:15:47:27:69:ee:77:c4:7b:
         be:1d:2a:9c:0e:c6:28:06:ef:ef:0f:0f:bb:f8:ef:fc:0a:d1:
         85:f5:11:c4:e5:0d:9e:e5:0c:a8:46:8e:5a:6c:0e:56:9f:16:
         a6:96:49:0a:7c:da:c1:5d:38:fb:db:82:78:c7:16:b7:e4:37:
         7f:f1:5b:88
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIURZyeNw4adR3oK3pwQT1jxvGQUvEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzMxMTUzMDIxWhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMjczYmNmM2E5ODE5MjBkMTQ3ZjdhMjA5MWIwZjVmZjBj
M2ZlNmUzMzMxOWE2MTRhODFiMjc4M2Y3OTgyZWQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDA1UYcrm5ULRF+Nd01F3veF72meRYfTJz6SdpGb0ioGXeq
SsBzcl5q/ufEC9Zg23L5hwBaWNhlu6IOMG/MqCPqjSp/nQ8UBIbHZKBSa098MAe5
68pyUim/wh3cOFqQ6AFp3xfsvPgsL9uBPuWwntjC3uB224L0hOpf9Ipm/tMMUpdp
uodxRF2O7hiQH1a08P8X5SYSkvKH8pwhFd9gHmZJjmAWU0Lk4DzN4lhdzX5mEV7C
O0BVGPgzQoh7GoE29bGMnccWi/6nB/AW5cqtU5lgSXQ9UD821JkBYv+NALDubLbA
t0kG05w7QQBiNbwmSq6PRsIKb0kKu8NZHa0ajM3pAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU+zfXt9ndmO0BZqUijqSq7MkvZpowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwODUzMjIzLWQ4YTYtNDRjOS04OTBmLWM2OWZlZDE4NWFhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8ngDANBgkqhkiG9w0BAQsFAAOCAQEATjJSda6EIlS9cI9Wk5MYH0fb
nZqINfWOI63zd0LQOWZR7+yk6+ZxNeO9SAGrHSnoV4Z4r4cfsF0WbA2c7aZZWUXZ
dcgirnSNzWD0I44PVB9jYkTsfTFzE1Yj9wdSKHRZvRMmvrJJxnjZkyBM+awwpqxx
XOdrCAJ+YhFJqLLcDye8Xm5FkR7EMdFyhUBcbqcd3KFOL/rd+f+2pytuOiPNh0fe
djvW2dmqWmA0Agz3xUrktieO7fUvaiBKQ/5K2BVHJ2nud8R7vh0qnA7GKAbv7w8P
u/jv/ArRhfURxOUNnuUMqEaOWmwOVp8WppZJCnzawV04+9uCeMcWt+Q3f/FbiA==
-----END CERTIFICATE-----