Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbdd7149-1b63-485c-91e0-217a5a311a88.roa
File:                     dbdd7149-1b63-485c-91e0-217a5a311a88.roa (raw, json)
Hash identifier:          Jb/3tKbYOi7FmPCu+8Wxwa3SN9T4hvbTkK9ezpnlZPc=
Subject key identifier:   09:CF:AD:27:9E:88:96:06:18:AB:3C:F1:98:4E:40:8D:38:B9:8F:4D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F5983534ACA7537104D5641415297BC160CE6B7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbdd7149-1b63-485c-91e0-217a5a311a88.roa
Signing time:             Fri 28 Mar 2025 00:30:34 +0000
ROA not before:           Fri 28 Mar 2025 00:30:34 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f00:80f0::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:59:83:53:4a:ca:75:37:10:4d:56:41:41:52:97:bc:16:0c:e6:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:30:34 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=b047b01bf1aa70edef913cfc76891bcb1cc963677eadd2b21be210da6d06fd02, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:71:9a:87:83:92:ab:27:2b:73:7a:fa:a4:9f:
                    cc:4a:42:9e:c9:c0:03:a3:4d:e5:51:8c:98:bc:61:
                    86:71:86:06:a6:82:7f:1b:ac:95:e7:b7:b1:84:22:
                    f2:b4:01:43:54:92:a6:5a:0c:4b:b9:12:ea:b0:49:
                    bf:29:43:ce:87:ab:3b:5a:11:41:b3:1a:03:05:3c:
                    99:1a:b3:31:b0:c1:42:46:5c:5f:59:da:f5:e7:82:
                    e2:b0:72:e6:a0:75:a9:76:37:20:a2:61:6a:88:4f:
                    7e:75:e8:74:c3:eb:e5:96:0a:8b:e1:90:cc:b1:b4:
                    7d:b3:82:95:24:55:d6:73:1f:f8:44:55:9e:c9:0a:
                    73:15:66:a9:11:77:60:09:62:ea:19:38:57:f6:1c:
                    d5:2e:de:0f:21:78:9e:11:95:51:6e:dc:2e:e2:ca:
                    1d:20:fc:8d:5c:be:fa:13:19:72:94:06:cd:ed:4b:
                    1d:bc:9d:bf:9b:3c:fe:63:82:5c:70:f4:ae:55:cf:
                    ee:7a:23:1f:f6:1c:25:48:e5:47:d0:d3:1d:e9:f1:
                    4b:63:49:1b:12:d5:2e:f8:bf:c4:7a:ad:c3:65:52:
                    fc:3b:b3:86:61:a5:d6:74:58:90:cb:43:d0:01:19:
                    02:21:e7:5b:98:e2:06:37:c0:ff:9d:d4:4a:00:53:
                    ec:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:CF:AD:27:9E:88:96:06:18:AB:3C:F1:98:4E:40:8D:38:B9:8F:4D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbdd7149-1b63-485c-91e0-217a5a311a88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:80f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:23:21:46:6b:00:dd:d4:d5:a3:81:14:12:a6:fa:68:0b:8c:
         10:35:4c:f4:e6:90:e9:7f:a8:ed:b2:14:a2:76:01:cd:21:e6:
         f9:f8:70:67:60:f3:00:ca:f5:dd:7f:85:70:51:26:4d:67:f4:
         7a:54:71:80:01:bb:2b:18:30:9d:f5:e6:1d:ad:2e:a5:2c:73:
         7a:14:80:74:66:74:c8:64:f4:4e:dd:4f:87:e5:54:53:b5:5c:
         79:29:0a:04:68:5e:4e:89:cf:50:cd:db:86:56:79:e3:1f:22:
         a0:64:97:76:e4:bb:33:29:fd:4e:2c:f0:08:6e:bc:d2:a3:cd:
         23:db:02:70:5f:18:f2:96:10:11:fd:36:ea:dc:5d:6d:a1:de:
         6e:16:2c:5d:80:88:b3:2e:58:46:5e:06:c0:27:fd:82:c2:d2:
         c0:e1:8b:38:fe:63:8e:7a:8e:c3:17:0d:1f:d1:84:28:f6:b1:
         97:1c:6c:c8:b3:69:46:56:ff:72:28:e5:0e:3a:fe:2c:15:7b:
         b1:6b:96:7b:5c:83:4b:57:bc:7e:49:44:2c:08:7c:32:51:5a:
         de:ec:1a:ac:1f:61:45:4b:10:d6:29:1a:4d:52:ed:af:70:0b:
         18:f8:87:a2:9f:e0:46:0a:d6:ab:b1:08:d0:8c:bc:1f:4b:8e:
         70:6e:86:ba
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUf1mDU0rKdTcQTVZBQVKXvBYM5rcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAzMDM0WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDQ3YjAxYmYxYWE3MGVkZWY5MTNjZmM3Njg5MWJjYjFj
Yzk2MzY3N2VhZGQyYjIxYmUyMTBkYTZkMDZmZDAyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4cZqHg5KrJytzevqkn8xKQp7JwAOjTeVRjJi8YYZxhgam
gn8brJXnt7GEIvK0AUNUkqZaDEu5EuqwSb8pQ86HqztaEUGzGgMFPJkaszGwwUJG
XF9Z2vXnguKwcuagdal2NyCiYWqIT3516HTD6+WWCovhkMyxtH2zgpUkVdZzH/hE
VZ7JCnMVZqkRd2AJYuoZOFf2HNUu3g8heJ4RlVFu3C7iyh0g/I1cvvoTGXKUBs3t
Sx28nb+bPP5jglxw9K5Vz+56Ix/2HCVI5UfQ0x3p8UtjSRsS1S74v8R6rcNlUvw7
s4ZhpdZ0WJDLQ9ABGQIh51uY4gY3wP+d1EoAU+x9AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUCc+tJ56IlgYYqzzxmE5AjTi5j00wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiZGQ3MTQ5LTFiNjMtNDg1Yy05MWUwLTIxN2E1YTMxMWE4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AgPAwDQYJKoZIhvcNAQELBQADggEBALYjIUZrAN3U1aOBFBKm+mgL
jBA1TPTmkOl/qO2yFKJ2Ac0h5vn4cGdg8wDK9d1/hXBRJk1n9HpUcYABuysYMJ31
5h2tLqUsc3oUgHRmdMhk9E7dT4flVFO1XHkpCgRoXk6Jz1DN24ZWeeMfIqBkl3bk
uzMp/U4s8AhuvNKjzSPbAnBfGPKWEBH9NurcXW2h3m4WLF2AiLMuWEZeBsAn/YLC
0sDhizj+Y456jsMXDR/RhCj2sZccbMizaUZW/3Io5Q46/iwVe7Frlntcg0tXvH5J
RCwIfDJRWt7sGqwfYUVLENYpGk1S7a9wCxj4h6Kf4EYK1quxCNCMvB9LjnBuhro=
-----END CERTIFICATE-----