Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/020f6713-961a-446c-8dde-4a4231902f33.roa
File:                     020f6713-961a-446c-8dde-4a4231902f33.roa (raw, json)
Hash identifier:          +Tf44ECZt2tvie32XhesrEY7alkuk56yb8wLUE86lws=
Subject key identifier:   A7:06:74:7C:69:87:ED:A7:D8:D0:F9:42:73:5E:2D:FB:9F:B9:C7:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4824EB6E207D452CF59464695B8796BF665214BC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/020f6713-961a-446c-8dde-4a4231902f33.roa
Signing time:             Wed 08 Oct 2025 00:12:02 +0000
ROA not before:           Wed 08 Oct 2025 00:12:02 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff8:3400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:24:eb:6e:20:7d:45:2c:f5:94:64:69:5b:87:96:bf:66:52:14:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:12:02 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=753f6a37476956f150e3ee02b8788bb542e831b1759d962232dfb5fce98022a2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:39:7a:f3:c7:10:ec:69:d3:1c:00:fe:f1:ee:
                    c4:54:f8:d1:d9:4e:75:85:cd:f8:06:32:f1:86:1f:
                    64:5b:0b:d5:c5:90:9c:0f:1e:0f:40:33:2c:4b:e1:
                    ae:cb:08:cf:49:a3:11:ff:b5:44:bb:24:e9:59:31:
                    ce:21:c1:14:12:b7:f1:85:3f:08:84:67:a2:cb:4a:
                    f7:e4:ce:67:2a:79:6b:0a:ba:18:59:d7:03:f1:46:
                    2b:6f:e7:d1:2f:94:aa:ee:e8:b3:18:8d:56:2b:73:
                    a6:06:ca:41:f1:36:12:10:0c:df:22:21:82:b6:62:
                    93:c1:95:01:d7:7b:22:dd:cd:d2:bc:c9:9f:eb:14:
                    9e:74:15:61:fe:94:6d:6b:c4:e0:e7:3d:3f:d5:08:
                    5b:a1:23:d6:37:e4:2d:33:d9:d2:81:e7:b5:4b:1c:
                    43:c2:c3:96:11:d4:02:44:b3:d7:85:b3:cb:2c:0a:
                    c5:3d:48:03:4d:ef:f5:3c:02:c1:24:1e:d4:6d:ee:
                    33:6a:81:36:a7:ca:57:f2:f9:2f:66:31:ac:a1:aa:
                    67:aa:3e:b9:86:4e:b2:0e:b3:c9:bd:f5:06:db:33:
                    79:b0:e8:e1:89:cc:dd:84:bb:ff:fb:14:52:4c:ee:
                    f3:74:28:25:4b:df:ce:09:f9:20:0d:5b:e5:3e:5f:
                    1a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:06:74:7C:69:87:ED:A7:D8:D0:F9:42:73:5E:2D:FB:9F:B9:C7:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/020f6713-961a-446c-8dde-4a4231902f33.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff8:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         aa:a5:61:30:9f:d3:1a:c0:9e:77:69:08:7e:3f:75:a4:ca:b1:
         49:ae:ee:96:00:a5:f8:3a:df:2f:1f:25:34:3e:52:0d:6d:b3:
         eb:5d:1a:c1:9a:18:3f:ca:c7:0b:46:2f:cf:c7:1c:ce:e3:50:
         cc:f8:22:e9:8e:8c:62:5a:3e:4e:20:65:89:ba:1a:ab:29:e8:
         51:e2:d9:d2:b9:cd:09:43:4e:fa:d0:fd:50:4f:ba:1d:8e:4a:
         25:ff:9b:a4:f5:77:69:0c:a9:d3:ea:be:65:44:27:d1:50:4d:
         53:57:c5:57:b2:3c:95:97:1e:55:a1:1a:8e:66:e0:83:a0:cd:
         d1:f3:96:ae:b2:4c:a1:9d:ce:61:4c:18:53:c8:b4:3a:86:f6:
         b7:f1:56:d2:38:96:5a:2a:e8:cd:e9:6d:0f:12:3b:4f:04:51:
         c7:2f:e4:9b:70:ae:7e:e2:87:a2:04:ca:d6:c1:90:b0:8d:27:
         cf:e8:f7:3c:ff:fc:7a:42:94:d9:1e:69:1c:69:fb:f2:ee:04:
         11:46:ae:8e:68:0e:75:94:30:27:66:a4:79:f6:04:18:02:2c:
         63:c9:49:6b:20:b7:0d:9c:12:31:71:e2:25:4f:fe:8d:2e:ef:
         ab:36:96:4c:81:df:6f:09:1e:62:f6:38:0c:59:84:61:de:86:
         2a:07:99:07
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUSCTrbiB9RSz1lGRpW4eWv2ZSFLwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAxMjAyWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTNmNmEzNzQ3Njk1NmYxNTBlM2VlMDJiODc4OGJiNTQy
ZTgzMWIxNzU5ZDk2MjIzMmRmYjVmY2U5ODAyMmEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2OXrzxxDsadMcAP7x7sRU+NHZTnWFzfgGMvGGH2RbC9XF
kJwPHg9AMyxL4a7LCM9JoxH/tUS7JOlZMc4hwRQSt/GFPwiEZ6LLSvfkzmcqeWsK
uhhZ1wPxRitv59EvlKru6LMYjVYrc6YGykHxNhIQDN8iIYK2YpPBlQHXeyLdzdK8
yZ/rFJ50FWH+lG1rxODnPT/VCFuhI9Y35C0z2dKB57VLHEPCw5YR1AJEs9eFs8ss
CsU9SANN7/U8AsEkHtRt7jNqgTanylfy+S9mMayhqmeqPrmGTrIOs8m99QbbM3mw
6OGJzN2Eu//7FFJM7vN0KCVL384J+SANW+U+XxpnAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUpwZ0fGmH7afY0PlCc14t+5+5xzwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyMGY2NzEzLTk2MWEtNDQ2Yy04ZGRlLTRhNDIzMTkwMmYzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/4NDANBgkqhkiG9w0BAQsFAAOCAQEAqqVhMJ/TGsCed2kIfj91pMqx
Sa7ulgCl+DrfLx8lND5SDW2z610awZoYP8rHC0Yvz8cczuNQzPgi6Y6MYlo+TiBl
iboaqynoUeLZ0rnNCUNO+tD9UE+6HY5KJf+bpPV3aQyp0+q+ZUQn0VBNU1fFV7I8
lZceVaEajmbgg6DN0fOWrrJMoZ3OYUwYU8i0Oob2t/FW0jiWWirozeltDxI7TwRR
xy/km3CufuKHogTK1sGQsI0nz+j3PP/8ekKU2R5pHGn78u4EEUaujmgOdZQwJ2ak
efYEGAIsY8lJayC3DZwSMXHiJU/+jS7vqzaWTIHfbwkeYvY4DFmEYd6GKgeZBw==
-----END CERTIFICATE-----