Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7f6d42-1aff-4690-874d-886d6e8ab667.roa
File:                     ef7f6d42-1aff-4690-874d-886d6e8ab667.roa (raw, json)
Hash identifier:          rOnEIXVy+yjq9OvY+rdthyfDmt6tMteD/BzSGbXJOh8=
Subject key identifier:   60:B5:9B:E2:F4:59:98:09:BC:CB:60:5E:CF:F5:F4:E1:8D:CD:C2:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       657EB78EB7CBDCCE9238633F52B6292E3E628D15
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7f6d42-1aff-4690-874d-886d6e8ab667.roa
Signing time:             Fri 28 Mar 2025 16:41:07 +0000
ROA not before:           Fri 28 Mar 2025 16:41:07 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f12:800::/38 maxlen: 38

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:7e:b7:8e:b7:cb:dc:ce:92:38:63:3f:52:b6:29:2e:3e:62:8d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 16:41:07 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=8e6be29d7f8a113d9c876466c5753c5925491770337f7f6d3a85b016ec246771, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:60:a8:f3:f3:d0:84:7b:2f:b8:78:b1:b3:ba:
                    6a:81:eb:e9:31:ea:b1:67:65:91:2c:a0:ad:a3:a7:
                    29:11:d5:03:f4:1e:ca:b6:c1:03:d0:78:09:05:11:
                    20:e0:e6:8b:eb:49:0e:36:53:65:f8:29:72:44:50:
                    31:0a:01:a4:e2:c2:a5:bc:7d:a1:ab:a0:7b:d2:c0:
                    65:62:6b:1d:4d:9c:dc:c3:7c:ff:0a:cc:a2:2d:10:
                    24:59:ed:cc:d8:50:96:c0:a9:50:db:6e:d4:36:24:
                    8c:7c:69:dc:fe:f0:f2:f6:98:fd:a3:7e:bd:b1:3a:
                    c9:9f:b3:56:df:28:95:66:17:2f:8c:b4:ce:0b:aa:
                    02:9a:f1:c8:9c:94:72:86:cc:d3:e4:79:0b:bd:3b:
                    11:0f:8e:18:df:2d:30:f1:13:55:50:18:9f:08:0a:
                    3b:14:c0:43:b1:3c:c6:cf:41:e6:93:a7:97:8a:0f:
                    bf:82:b9:47:1e:78:da:f9:01:de:18:2f:9f:f3:11:
                    5b:5a:9b:53:55:61:0c:78:34:dc:13:0a:5e:be:47:
                    48:63:5d:2d:04:47:5a:62:5b:77:25:95:07:ef:05:
                    e2:1c:38:8c:57:59:f0:46:3f:28:a2:42:51:88:90:
                    9b:b1:c0:ae:0f:f8:d1:ae:64:c1:aa:09:c5:88:3d:
                    25:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B5:9B:E2:F4:59:98:09:BC:CB:60:5E:CF:F5:F4:E1:8D:CD:C2:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7f6d42-1aff-4690-874d-886d6e8ab667.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f12:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         4c:37:52:12:97:20:6e:fb:8e:16:3d:2a:a9:55:ea:04:70:91:
         cd:71:7a:b1:a7:39:cb:0f:39:f2:fb:97:6f:21:31:5b:1f:ef:
         88:62:6a:33:bf:85:18:32:88:5e:11:12:f8:0e:97:59:2a:95:
         d8:ab:9d:46:fb:b3:19:6e:34:b6:bd:cc:01:6c:6c:e8:1d:02:
         23:1b:df:9e:e7:d4:8e:19:45:1f:86:3f:cc:0e:4f:b6:97:66:
         9b:76:23:4a:ec:bb:e5:fc:5c:a1:98:ba:b3:5c:c8:54:08:da:
         b0:ff:c3:46:6f:d7:11:75:50:63:7a:10:92:c3:05:7d:1e:c0:
         0b:1b:4a:48:1c:3a:7a:48:e8:37:4e:0a:c8:57:64:28:2c:18:
         aa:ee:15:62:37:84:55:e2:65:09:d5:61:3c:b4:b4:46:2b:6b:
         73:73:99:31:3d:c5:cb:82:42:a3:33:cf:b6:98:00:33:3e:83:
         4f:19:be:28:f3:26:2d:8e:c0:ab:c9:b4:52:52:30:d6:20:c5:
         cb:65:27:37:c0:29:09:84:e1:17:39:24:e2:6c:72:f9:8e:22:
         3d:9d:b1:94:61:2d:89:91:bb:cb:db:6d:9b:9f:2f:75:fa:84:
         dc:a6:26:c5:5f:70:9e:56:3a:6b:ea:17:bb:30:5c:e4:e2:d6:
         2d:f7:c9:42
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZX63jrfL3M6SOGM/UrYpLj5ijRUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MTY0MTA3WhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTZiZTI5ZDdmOGExMTNkOWM4NzY0NjZjNTc1M2M1OTI1
NDkxNzcwMzM3ZjdmNmQzYTg1YjAxNmVjMjQ2NzcxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxYKjz89CEey+4eLGzumqB6+kx6rFnZZEsoK2jpykR1QP0
Hsq2wQPQeAkFESDg5ovrSQ42U2X4KXJEUDEKAaTiwqW8faGroHvSwGViax1NnNzD
fP8KzKItECRZ7czYUJbAqVDbbtQ2JIx8adz+8PL2mP2jfr2xOsmfs1bfKJVmFy+M
tM4LqgKa8ciclHKGzNPkeQu9OxEPjhjfLTDxE1VQGJ8ICjsUwEOxPMbPQeaTp5eK
D7+CuUceeNr5Ad4YL5/zEVtam1NVYQx4NNwTCl6+R0hjXS0ER1piW3cllQfvBeIc
OIxXWfBGPyiiQlGIkJuxwK4P+NGuZMGqCcWIPSWFAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUYLWb4vRZmAm8y2Bez/X04Y3NwnEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmN2Y2ZDQyLTFhZmYtNDY5MC04NzRkLTg4NmQ2ZThhYjY2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgImAB8SCDANBgkqhkiG9w0BAQsFAAOCAQEATDdSEpcgbvuOFj0qqVXqBHCR
zXF6sac5yw858vuXbyExWx/viGJqM7+FGDKIXhES+A6XWSqV2KudRvuzGW40tr3M
AWxs6B0CIxvfnufUjhlFH4Y/zA5Ptpdmm3YjSuy75fxcoZi6s1zIVAjasP/DRm/X
EXVQY3oQksMFfR7ACxtKSBw6ekjoN04KyFdkKCwYqu4VYjeEVeJlCdVhPLS0Ritr
c3OZMT3Fy4JCozPPtpgAMz6DTxm+KPMmLY7Aq8m0UlIw1iDFy2UnN8ApCYThFzkk
4mxy+Y4iPZ2xlGEtiZG7y9ttm58vdfqE3KYmxV9wnlY6a+oXuzBc5OLWLffJQg==
-----END CERTIFICATE-----