Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/026d9e0e-e9f3-4245-8184-2f5a17b3204e.roa
File:                     026d9e0e-e9f3-4245-8184-2f5a17b3204e.roa (raw, json)
Hash identifier:          /p9HFTjJoYhrZp7lH4ORIpDvnE3bxvYjzyr1enuzAAE=
Subject key identifier:   35:0C:8A:77:A2:FD:E0:58:2E:E8:71:89:D4:57:E7:23:64:92:AB:65
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       35C27316FB39DAB6BED77787AEFC38A1F7C18F48
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/026d9e0e-e9f3-4245-8184-2f5a17b3204e.roa
Signing time:             Fri 03 Oct 2025 00:12:51 +0000
ROA not before:           Fri 03 Oct 2025 00:12:51 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:e000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:c2:73:16:fb:39:da:b6:be:d7:77:87:ae:fc:38:a1:f7:c1:8f:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:12:51 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=b8da3cdfa219699b73c5d2a8beb3c26059853dde734a676bacb12e33f916554e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b3:0a:6a:93:a3:fb:56:fe:cb:d7:e7:78:d1:
                    f1:91:cc:42:0b:6f:7e:cc:40:51:3f:b0:ae:9c:19:
                    6f:be:a9:b7:f5:dc:2f:dd:c4:a4:35:ce:56:8b:06:
                    87:be:be:f1:31:92:5c:22:b3:bd:62:4d:a2:37:d3:
                    8a:75:99:39:35:6f:f8:67:0b:6c:9d:56:c4:b7:05:
                    e7:bb:d4:47:6c:5b:85:ff:b4:d7:64:42:2b:c6:a1:
                    5a:5c:4e:06:fe:9c:62:25:2f:41:fc:43:be:ca:09:
                    c6:d9:19:05:cf:c9:63:ef:54:84:7d:92:90:2b:24:
                    77:55:9b:70:1d:3b:55:49:a4:fb:1d:a4:16:4b:89:
                    10:f8:e2:8e:59:54:37:6b:1b:2a:be:15:55:92:f9:
                    a2:75:ea:f8:80:d3:59:d3:b8:bc:20:11:1d:c7:be:
                    e8:b4:7d:4f:09:79:b7:5d:83:5c:24:5f:e3:24:25:
                    00:bd:88:ac:81:9f:38:01:41:63:84:17:fc:f9:b2:
                    c6:2e:d3:f3:bc:e2:f3:cc:ab:ef:c0:c9:a4:35:a9:
                    7d:34:71:cd:5c:1a:bd:0b:e6:2a:31:17:3a:e3:ea:
                    5f:34:81:c7:bd:a2:5b:49:45:c4:60:56:16:ae:a7:
                    e6:62:39:00:77:ce:ec:91:60:e2:55:6a:d3:60:bc:
                    f3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:0C:8A:77:A2:FD:E0:58:2E:E8:71:89:D4:57:E7:23:64:92:AB:65
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/026d9e0e-e9f3-4245-8184-2f5a17b3204e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3d:8e:bb:fe:00:3b:79:12:5d:19:33:b0:74:e5:30:35:5c:55:
         01:b5:0c:0f:a9:75:82:ed:a2:2b:12:c3:e7:c5:3c:81:70:5f:
         bc:77:6d:bb:57:48:de:27:eb:02:67:ea:75:73:30:f7:34:0f:
         62:2c:e0:d8:9a:ae:64:17:80:77:79:27:65:a8:f3:f5:59:53:
         b2:f4:6d:6f:e7:75:c7:a7:b6:e0:f3:47:9d:f0:f9:59:cf:db:
         fc:f8:43:04:66:90:83:6c:47:d7:0d:a2:a0:73:5c:96:b3:42:
         f1:03:d7:51:f3:1a:1b:3d:24:40:00:16:1e:68:8b:00:ab:15:
         a3:18:0b:78:8d:05:f4:b3:5f:40:bb:23:a7:0c:52:1c:2c:c0:
         e2:37:15:e4:7f:a8:76:11:83:35:25:d1:a7:40:d2:41:07:c1:
         2f:c1:62:62:43:de:62:6a:10:fd:91:21:ea:4b:10:de:56:f2:
         9d:2a:51:48:f3:41:a1:79:46:6e:79:24:85:0b:e5:a9:b8:dd:
         0d:ce:4f:5c:ff:54:93:fb:cf:72:ca:ce:07:24:ae:66:ef:75:
         b6:ae:0c:ff:4d:12:85:eb:52:4c:80:da:6f:0e:7b:01:03:42:
         76:74:90:10:47:78:a2:4a:e7:ca:31:b7:29:fd:79:9f:9c:eb:
         7a:ee:ec:05
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUNcJzFvs52ra+13eHrvw4offBj0gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAxMjUxWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOGRhM2NkZmEyMTk2OTliNzNjNWQyYThiZWIzYzI2MDU5
ODUzZGRlNzM0YTY3NmJhY2IxMmUzM2Y5MTY1NTRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClswpqk6P7Vv7L1+d40fGRzEILb37MQFE/sK6cGW++qbf1
3C/dxKQ1zlaLBoe+vvExklwis71iTaI304p1mTk1b/hnC2ydVsS3Bee71EdsW4X/
tNdkQivGoVpcTgb+nGIlL0H8Q77KCcbZGQXPyWPvVIR9kpArJHdVm3AdO1VJpPsd
pBZLiRD44o5ZVDdrGyq+FVWS+aJ16viA01nTuLwgER3Hvui0fU8Jebddg1wkX+Mk
JQC9iKyBnzgBQWOEF/z5ssYu0/O84vPMq+/AyaQ1qX00cc1cGr0L5ioxFzrj6l80
gce9oltJRcRgVhaup+ZiOQB3zuyRYOJVatNgvPMfAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUNQyKd6L94Fgu6HGJ1FfnI2SSq2UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyNmQ5ZTBlLWU5ZjMtNDI0NS04MTg0LTJmNWExN2IzMjA0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8y4DANBgkqhkiG9w0BAQsFAAOCAQEAPY67/gA7eRJdGTOwdOUwNVxV
AbUMD6l1gu2iKxLD58U8gXBfvHdtu1dI3ifrAmfqdXMw9zQPYizg2JquZBeAd3kn
Zajz9VlTsvRtb+d1x6e24PNHnfD5Wc/b/PhDBGaQg2xH1w2ioHNclrNC8QPXUfMa
Gz0kQAAWHmiLAKsVoxgLeI0F9LNfQLsjpwxSHCzA4jcV5H+odhGDNSXRp0DSQQfB
L8FiYkPeYmoQ/ZEh6ksQ3lbynSpRSPNBoXlGbnkkhQvlqbjdDc5PXP9Uk/vPcsrO
BySuZu91tq4M/00ShetSTIDabw57AQNCdnSQEEd4okrnyjG3Kf15n5zreu7sBQ==
-----END CERTIFICATE-----