Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eaf82949-c277-48eb-a60e-5a42e5840364.roa
File:                     eaf82949-c277-48eb-a60e-5a42e5840364.roa (raw, json)
Hash identifier:          gaEn1glBr94ByVD6iS3aK0B9XhFgxLD0sT/Z4XK4acY=
Subject key identifier:   5D:AC:83:C3:A2:62:9C:04:C2:26:8E:06:D3:AE:DF:B5:01:46:72:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4685B2F1CE9A840CE97CDF980D3DDFB4BE055131
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eaf82949-c277-48eb-a60e-5a42e5840364.roa
Signing time:             Fri 28 Mar 2025 00:41:11 +0000
ROA not before:           Fri 28 Mar 2025 00:41:11 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f00:81d0::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:85:b2:f1:ce:9a:84:0c:e9:7c:df:98:0d:3d:df:b4:be:05:51:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:41:11 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=861456d3d05242ce931abb411470ba5a8192fe1bf18aaead4306bf98bdd89d41, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:df:e4:c4:36:d2:3f:47:b3:9f:58:5e:a3:44:
                    73:63:5d:54:96:e2:27:95:e7:c1:02:5f:ed:cb:ae:
                    80:eb:0b:a6:75:d9:22:24:3a:10:3e:89:72:85:8d:
                    dd:37:3f:2c:a4:12:a3:5a:c3:03:c6:7a:e2:7d:b6:
                    90:50:c1:3f:e9:65:40:66:10:39:a4:aa:51:7b:6f:
                    26:6d:83:fe:b3:a0:28:aa:16:4a:50:6b:e5:7f:bc:
                    4d:ef:6a:9d:72:a6:92:aa:07:c7:80:3d:06:ed:e4:
                    6c:01:d5:1f:a0:d8:87:7b:6f:de:61:78:34:cf:e9:
                    42:cc:34:75:83:74:8a:88:d4:6e:44:48:ed:3d:c0:
                    ad:6a:54:ff:81:79:95:09:a4:86:d0:12:90:dc:e2:
                    58:8b:91:ab:b7:77:41:86:06:86:31:e0:83:e0:81:
                    4f:09:bc:90:b2:62:90:45:2d:6c:f1:a7:68:a9:c9:
                    51:f3:3e:81:cb:eb:73:76:a1:8b:c1:24:db:c9:84:
                    11:9e:d8:f8:ac:5c:6d:46:80:5a:e7:73:ee:b8:cb:
                    23:7d:f9:56:3c:c8:b1:0d:4c:4f:5a:d4:11:98:96:
                    5b:70:09:6c:4e:8f:ad:fb:db:5e:c4:81:a4:8a:9e:
                    c9:9c:8b:6f:62:cb:31:e9:11:24:60:6d:10:10:67:
                    6c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:AC:83:C3:A2:62:9C:04:C2:26:8E:06:D3:AE:DF:B5:01:46:72:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eaf82949-c277-48eb-a60e-5a42e5840364.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:81d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:d9:3b:4a:2d:da:8a:ed:12:35:89:f7:e5:b0:3d:7f:20:66:
         70:ad:0c:81:b6:6f:49:33:40:a8:f9:74:87:06:ba:49:1f:3c:
         e9:8a:63:90:4a:cb:f9:ce:51:f5:7e:5d:ff:0a:29:2d:43:81:
         d6:e4:dd:40:b5:1e:d8:2c:9d:6c:e3:50:f4:64:03:91:91:6b:
         4d:37:08:f3:2f:d1:11:26:8e:0f:ce:a5:60:1b:eb:c3:dc:97:
         5a:60:18:98:29:09:39:88:3a:2f:ea:9c:44:a9:97:b9:e0:e0:
         0c:d6:e6:90:79:4c:3c:82:ba:c4:3c:04:ea:11:87:a3:5f:5b:
         f6:9e:d1:46:53:51:a8:b2:a3:d3:91:27:60:26:ad:af:f9:dc:
         39:1a:d5:9d:d2:aa:3f:1d:e2:34:a7:fb:8c:b4:39:ab:a9:15:
         3e:20:04:7f:42:05:d1:1c:e8:d2:4a:60:f2:3a:16:36:13:65:
         cf:cf:0f:27:2d:37:ee:d2:f4:1c:ec:d0:1a:ba:f0:63:26:9b:
         21:79:91:44:23:b6:7d:89:51:eb:c3:16:70:51:63:72:60:da:
         8d:cb:38:5b:36:e5:52:44:df:99:b4:f9:4d:6e:42:92:ee:b5:
         ef:5f:e0:d5:d3:4e:af:fb:db:59:91:78:22:0b:54:79:47:79:
         e1:2f:54:d1
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIURoWy8c6ahAzpfN+YDT3ftL4FUTEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDA0MTExWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjE0NTZkM2QwNTI0MmNlOTMxYWJiNDExNDcwYmE1YTgx
OTJmZTFiZjE4YWFlYWQ0MzA2YmY5OGJkZDg5ZDQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+3+TENtI/R7OfWF6jRHNjXVSW4ieV58ECX+3LroDrC6Z1
2SIkOhA+iXKFjd03PyykEqNawwPGeuJ9tpBQwT/pZUBmEDmkqlF7byZtg/6zoCiq
FkpQa+V/vE3vap1yppKqB8eAPQbt5GwB1R+g2Id7b95heDTP6ULMNHWDdIqI1G5E
SO09wK1qVP+BeZUJpIbQEpDc4liLkau3d0GGBoYx4IPggU8JvJCyYpBFLWzxp2ip
yVHzPoHL63N2oYvBJNvJhBGe2PisXG1GgFrnc+64yyN9+VY8yLENTE9a1BGYlltw
CWxOj637217EgaSKnsmci29iyzHpESRgbRAQZ2ypAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUXayDw6JinATCJo4G067ftQFGckYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VhZjgyOTQ5LWMyNzctNDhlYi1hNjBlLTVhNDJlNTg0MDM2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AgdAwDQYJKoZIhvcNAQELBQADggEBAGzZO0ot2ortEjWJ9+WwPX8g
ZnCtDIG2b0kzQKj5dIcGukkfPOmKY5BKy/nOUfV+Xf8KKS1Dgdbk3UC1HtgsnWzj
UPRkA5GRa003CPMv0REmjg/OpWAb68Pcl1pgGJgpCTmIOi/qnESpl7ng4AzW5pB5
TDyCusQ8BOoRh6NfW/ae0UZTUaiyo9ORJ2Amra/53Dka1Z3Sqj8d4jSn+4y0Oaup
FT4gBH9CBdEc6NJKYPI6FjYTZc/PDyctN+7S9Bzs0Bq68GMmmyF5kUQjtn2JUevD
FnBRY3Jg2o3LOFs25VJE35m0+U1uQpLute9f4NXTTq/721mReCILVHlHeeEvVNE=
-----END CERTIFICATE-----