Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e79e4cd6-9579-4b3e-b642-7cc756fcf427.roa
File:                     e79e4cd6-9579-4b3e-b642-7cc756fcf427.roa (raw, json)
Hash identifier:          E0yLioghJ0m8sFB6whQqSssbYCheE3wVEDMS1e9DQOA=
Subject key identifier:   4C:9F:13:43:5A:64:9D:32:9B:E8:A2:E7:AE:27:6B:50:5A:46:2F:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       66940C19C107495B8BA929FA0C0D8D5EBBD7A1C5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e79e4cd6-9579-4b3e-b642-7cc756fcf427.roa
Signing time:             Fri 04 Apr 2025 00:01:13 +0000
ROA not before:           Fri 04 Apr 2025 00:01:13 +0000
ROA not after:            Fri 09 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff6:81ff::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:94:0c:19:c1:07:49:5b:8b:a9:29:fa:0c:0d:8d:5e:bb:d7:a1:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  4 00:01:13 2025 GMT
            Not After : May  9 23:59:59 2025 GMT
        Subject: serialNumber=fd9b5987994183ae8cfe736cb8fc9d41315b78fc6b36a4bbd768406a33ada18a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:37:93:16:09:4d:7e:4d:54:a6:71:bc:41:53:
                    53:80:87:48:34:02:e6:84:92:13:07:60:4e:78:10:
                    9c:82:cd:cb:4e:1b:ec:ab:27:21:dc:54:aa:62:89:
                    e0:11:1b:58:87:5c:19:3f:83:64:58:90:29:78:7b:
                    f6:2a:94:7b:a0:68:16:d8:27:aa:40:78:f1:42:51:
                    43:d8:ac:83:7b:ab:73:11:7c:0b:4a:d1:c1:ab:67:
                    fd:70:e7:5e:b0:bb:b4:e0:3a:47:a3:76:51:9d:97:
                    06:bd:ca:a7:f7:19:52:47:96:6f:b4:9c:8f:b9:6e:
                    b4:a4:3e:82:3e:72:f5:24:e0:a0:26:c5:7b:10:10:
                    d3:6b:63:e5:80:ad:3c:88:7f:7d:fc:eb:db:68:3c:
                    16:9c:0f:c7:2a:a7:9d:7b:e0:bc:21:32:f7:3f:e9:
                    a4:4d:a2:a2:15:c5:9e:68:cd:00:b5:78:16:75:5a:
                    cc:73:43:ec:9d:9f:00:5b:fa:4b:59:33:e6:0a:a7:
                    ac:5e:f5:ab:27:17:0d:9d:4e:fe:5d:4f:b6:0a:f9:
                    89:b5:90:e4:1d:98:8b:03:20:59:d2:5b:40:62:0b:
                    01:18:d7:f6:ea:40:f8:b7:b4:13:92:a7:7c:76:2d:
                    c2:01:2f:2b:2a:6c:14:43:9c:33:2f:22:f4:8f:1e:
                    d5:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:9F:13:43:5A:64:9D:32:9B:E8:A2:E7:AE:27:6B:50:5A:46:2F:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e79e4cd6-9579-4b3e-b642-7cc756fcf427.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:81ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:12:e5:92:c3:4e:47:48:b7:21:33:c0:8a:5c:75:5f:84:c7:
         64:22:32:b6:ab:16:55:24:c8:a7:47:b0:fc:ac:fd:0a:bc:97:
         9a:ec:53:67:15:30:88:19:6e:3b:77:7f:f0:fa:55:49:98:c3:
         b0:53:e0:26:87:2d:42:6e:bd:0b:cb:57:a9:da:26:94:83:b2:
         00:37:64:99:2e:57:58:bf:2b:45:68:c3:90:38:de:09:07:11:
         1e:2f:90:c7:8b:d3:11:f0:32:91:5c:2e:5f:d6:c4:c4:fd:dd:
         f6:50:76:38:f7:3a:32:01:95:b7:38:c8:39:a2:93:99:b1:1c:
         7b:c9:8f:56:95:e7:cd:90:f3:ca:67:d3:90:1f:41:be:1f:1b:
         18:c9:18:b5:94:e0:44:86:b0:fa:5c:a1:7f:27:34:bd:7c:13:
         80:5f:9b:5e:04:25:9f:dd:a4:5e:0d:64:03:12:bb:7c:d8:3a:
         3c:a6:ef:31:72:29:68:bd:50:45:e3:0f:db:be:ed:73:b7:13:
         7b:d9:a5:2c:92:20:f6:68:da:84:7f:08:4e:86:c4:23:a1:85:
         ff:3e:c1:84:ef:d2:1c:4a:8b:a6:b5:91:cc:f4:5a:c7:11:7c:
         cb:4f:d8:b3:80:26:ad:bc:6d:8f:c8:90:0c:4f:d4:f7:53:1b:
         2d:1e:d3:c3
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUZpQMGcEHSVuLqSn6DA2NXrvXocUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA0MDAwMTEzWhcNMjUwNTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDliNTk4Nzk5NDE4M2FlOGNmZTczNmNiOGZjOWQ0MTMx
NWI3OGZjNmIzNmE0YmJkNzY4NDA2YTMzYWRhMThhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFN5MWCU1+TVSmcbxBU1OAh0g0AuaEkhMHYE54EJyCzctO
G+yrJyHcVKpiieARG1iHXBk/g2RYkCl4e/YqlHugaBbYJ6pAePFCUUPYrIN7q3MR
fAtK0cGrZ/1w516wu7TgOkejdlGdlwa9yqf3GVJHlm+0nI+5brSkPoI+cvUk4KAm
xXsQENNrY+WArTyIf33869toPBacD8cqp5174LwhMvc/6aRNoqIVxZ5ozQC1eBZ1
WsxzQ+ydnwBb+ktZM+YKp6xe9asnFw2dTv5dT7YK+Ym1kOQdmIsDIFnSW0BiCwEY
1/bqQPi3tBOSp3x2LcIBLysqbBRDnDMvIvSPHtWnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUTJ8TQ1pknTKb6KLnridrUFpGL4MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U3OWU0Y2Q2LTk1NzktNGIzZS1iNjQyLTdjYzc1NmZjZjQyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/2gf8wDQYJKoZIhvcNAQELBQADggEBAJAS5ZLDTkdItyEzwIpcdV+E
x2QiMrarFlUkyKdHsPys/Qq8l5rsU2cVMIgZbjt3f/D6VUmYw7BT4CaHLUJuvQvL
V6naJpSDsgA3ZJkuV1i/K0Vow5A43gkHER4vkMeL0xHwMpFcLl/WxMT93fZQdjj3
OjIBlbc4yDmik5mxHHvJj1aV582Q88pn05AfQb4fGxjJGLWU4ESGsPpcoX8nNL18
E4Bfm14EJZ/dpF4NZAMSu3zYOjym7zFyKWi9UEXjD9u+7XO3E3vZpSySIPZo2oR/
CE6GxCOhhf8+wYTv0hxKi6a1kcz0WscRfMtP2LOAJq28bY/IkAxP1PdTGy0e08M=
-----END CERTIFICATE-----