Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7be8e0-62e6-4871-94e0-6104edf9cbfc.roa
File:                     ef7be8e0-62e6-4871-94e0-6104edf9cbfc.roa (raw, json)
Hash identifier:          FhtkmMeVbu6ilGoj3pKOA+blOoYIgL2fRK8H8PrRDhE=
Subject key identifier:   D3:31:E9:6C:46:75:45:60:41:2D:7B:1B:44:2B:10:B9:A9:50:2A:AB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       152D61C31EA5E978D30BDE57D11C1880BBB32BC1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7be8e0-62e6-4871-94e0-6104edf9cbfc.roa
Signing time:             Fri 28 Mar 2025 16:20:40 +0000
ROA not before:           Fri 28 Mar 2025 16:20:40 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f36:2000::/40 maxlen: 40

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:2d:61:c3:1e:a5:e9:78:d3:0b:de:57:d1:1c:18:80:bb:b3:2b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:20:40 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=f2e4aeb6175152088704f80f5fb9c07773c54afa9dda04a94d05d3a44e494af1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:37:ba:4f:1e:95:d7:26:4e:14:a3:e1:83:59:
                    4f:99:c6:58:8e:19:d6:c0:9a:b6:65:11:e9:f3:fa:
                    9a:bd:ce:ff:0f:b1:91:db:99:04:20:81:13:b3:62:
                    8e:fc:07:34:4a:c4:5a:33:53:5e:17:64:cd:9b:1d:
                    87:64:fc:7a:e9:52:79:a2:50:8a:2b:ce:2f:e4:9c:
                    91:7b:67:f1:07:fb:1b:16:7c:43:96:bb:e3:bf:26:
                    45:9b:eb:d6:6d:fa:b3:03:f0:09:d9:31:4f:97:f7:
                    76:cd:49:46:51:cd:1b:3c:94:40:fe:df:96:d6:03:
                    d3:f0:80:03:c4:ab:4d:cc:08:d0:68:13:d5:91:d7:
                    40:ed:3a:89:7e:4e:3f:1e:d3:77:16:d1:24:a3:78:
                    41:cb:00:cd:f5:34:2d:a0:d8:f0:7f:11:84:9f:16:
                    4a:17:b2:60:88:f8:de:08:68:3b:67:b0:d9:fc:b3:
                    ba:15:0f:f3:01:65:f5:90:e1:db:8b:82:10:f8:c8:
                    7d:ff:35:6e:5c:3f:3d:a6:90:29:c0:2b:9d:e6:e9:
                    36:1d:94:1b:f9:97:03:31:a9:2e:1d:26:70:5e:29:
                    fc:39:de:44:70:2b:c6:ef:46:fd:52:53:44:68:78:
                    53:f3:ef:18:f5:69:6d:6e:ad:46:36:41:ab:7f:be:
                    7d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:31:E9:6C:46:75:45:60:41:2D:7B:1B:44:2B:10:B9:A9:50:2A:AB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7be8e0-62e6-4871-94e0-6104edf9cbfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f36:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         16:4f:1d:53:d1:2e:b5:d7:ac:e6:20:63:c4:12:9b:25:a9:82:
         f9:22:a9:2b:67:4a:13:c0:9e:ca:6a:57:9b:56:71:8b:d1:49:
         72:d2:eb:99:66:68:dc:89:17:1d:e3:a6:e1:d7:50:eb:22:bd:
         90:3d:03:bd:e3:aa:a3:27:e1:b8:fb:ef:79:2e:14:66:53:f8:
         71:49:32:1d:ba:12:ab:ad:a7:c6:33:72:99:20:e5:05:9d:23:
         48:06:1a:0a:9a:76:09:96:c2:c5:a0:a7:1e:e9:ed:ae:5a:1f:
         5e:31:a2:aa:60:37:c9:0e:95:e6:7a:60:bf:93:31:86:03:88:
         d0:bf:2d:38:0a:64:13:a4:39:a6:90:98:c0:15:2a:b4:27:d9:
         91:55:bc:fb:78:d0:e0:79:a8:e6:6d:00:3c:0b:f3:e3:86:8b:
         ac:95:0b:9f:8c:b4:8a:8c:12:21:d6:94:06:dd:80:05:34:f9:
         e9:6e:36:cc:d8:22:d7:7f:0e:03:d7:14:2b:ee:76:10:7c:2c:
         bb:74:b0:51:20:b6:99:4b:15:68:74:a0:a2:9a:b9:c1:de:f2:
         48:aa:1e:54:16:9b:9f:f9:67:2d:98:ca:bd:2c:13:86:82:a1:
         67:61:17:fc:3a:8b:34:78:92:01:d6:4c:5f:d9:30:3d:25:ca:
         f7:95:16:32
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUFS1hwx6l6XjTC95X0RwYgLuzK8EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTYyMDQwWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMmU0YWViNjE3NTE1MjA4ODcwNGY4MGY1ZmI5YzA3Nzcz
YzU0YWZhOWRkYTA0YTk0ZDA1ZDNhNDRlNDk0YWYxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVN7pPHpXXJk4Uo+GDWU+ZxliOGdbAmrZlEenz+pq9zv8P
sZHbmQQggROzYo78BzRKxFozU14XZM2bHYdk/HrpUnmiUIorzi/knJF7Z/EH+xsW
fEOWu+O/JkWb69Zt+rMD8AnZMU+X93bNSUZRzRs8lED+35bWA9PwgAPEq03MCNBo
E9WR10DtOol+Tj8e03cW0SSjeEHLAM31NC2g2PB/EYSfFkoXsmCI+N4IaDtnsNn8
s7oVD/MBZfWQ4duLghD4yH3/NW5cPz2mkCnAK53m6TYdlBv5lwMxqS4dJnBeKfw5
3kRwK8bvRv1SU0RoeFPz7xj1aW1urUY2Qat/vn1/AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU0zHpbEZ1RWBBLXsbRCsQualQKqswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmN2JlOGUwLTYyZTYtNDg3MS05NGUwLTYxMDRlZGY5Y2JmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB82IDANBgkqhkiG9w0BAQsFAAOCAQEAFk8dU9Eutdes5iBjxBKbJamC
+SKpK2dKE8CeympXm1Zxi9FJctLrmWZo3IkXHeOm4ddQ6yK9kD0DveOqoyfhuPvv
eS4UZlP4cUkyHboSq62nxjNymSDlBZ0jSAYaCpp2CZbCxaCnHuntrlofXjGiqmA3
yQ6V5npgv5MxhgOI0L8tOApkE6Q5ppCYwBUqtCfZkVW8+3jQ4Hmo5m0APAvz44aL
rJULn4y0iowSIdaUBt2ABTT56W42zNgi138OA9cUK+52EHwsu3SwUSC2mUsVaHSg
opq5wd7ySKoeVBabn/lnLZjKvSwThoKhZ2EX/DqLNHiSAdZMX9kwPSXK95UWMg==
-----END CERTIFICATE-----