Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/073eb97d-e872-4ff0-ad8a-a334146b45e0.roa
File:                     073eb97d-e872-4ff0-ad8a-a334146b45e0.roa (raw, json)
Hash identifier:          Q+E0Xgt7CFdXbir2fP+U2RseHPoHrUD7Gwe7LJBsVYA=
Subject key identifier:   9A:62:55:8A:96:75:08:4B:C1:FC:83:D4:03:77:E0:64:39:0C:44:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EA5749E109C92B28DEDECA98F928F7B35016A53
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/073eb97d-e872-4ff0-ad8a-a334146b45e0.roa
Signing time:             Fri 03 Oct 2025 00:11:59 +0000
ROA not before:           Fri 03 Oct 2025 00:11:59 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff9:2000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:a5:74:9e:10:9c:92:b2:8d:ed:ec:a9:8f:92:8f:7b:35:01:6a:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:11:59 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=054fd375318c04e503bddcf1322b06d2e92fd688d534ca79b321a410a75d7939, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d6:c2:7e:b0:93:cc:3b:1c:11:57:88:04:f4:
                    ef:58:8a:16:91:05:e1:97:47:8f:cb:a8:df:23:6f:
                    df:57:9d:2b:37:70:ba:d5:9f:73:35:4d:13:ba:62:
                    45:04:5a:33:57:06:2a:8e:8a:6e:59:93:de:a4:74:
                    98:8f:f1:f8:78:a0:74:7a:91:ef:40:16:01:ce:2c:
                    a0:a9:6f:de:37:70:77:2d:38:ea:44:3c:e0:0b:e6:
                    0c:73:b8:84:93:4d:13:c2:cd:58:26:9a:79:51:c6:
                    73:51:35:3e:d1:94:9c:99:5d:21:05:1e:4a:ec:55:
                    ea:61:ff:0b:8d:df:6c:c0:cf:54:93:7e:64:c4:2a:
                    5e:36:07:ec:64:62:49:99:09:c1:65:5d:a4:0c:ef:
                    f9:5e:ad:d5:bd:86:b4:c1:87:0e:64:bb:40:a8:2f:
                    53:fb:09:d8:0d:ec:e4:95:50:ce:d7:9f:46:9e:7d:
                    54:ea:c6:94:10:57:46:cf:2c:77:0c:e1:b6:a4:07:
                    b3:42:92:bb:67:1a:e1:3f:0e:93:51:20:0e:d2:51:
                    3f:0a:e2:9d:4b:e8:84:05:32:44:bb:6a:3c:c5:ce:
                    84:fa:c0:22:65:cc:bc:31:7e:a3:b3:a7:0d:2c:79:
                    12:26:6a:65:ac:1c:5f:0c:64:38:04:ae:ae:5a:18:
                    7a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:62:55:8A:96:75:08:4B:C1:FC:83:D4:03:77:E0:64:39:0C:44:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/073eb97d-e872-4ff0-ad8a-a334146b45e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff9:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         6a:39:66:81:36:70:9d:d8:1c:cc:88:0c:c1:99:e5:fb:40:eb:
         a5:ca:9a:59:13:ea:ad:6f:1d:ca:1e:ff:19:f7:06:21:53:f3:
         84:3f:b3:44:d5:5c:c8:3d:c2:7f:4a:54:73:2e:31:3f:6f:f4:
         74:2f:ae:7a:eb:1b:e2:a4:30:a3:33:31:eb:12:06:d7:d9:27:
         23:97:5b:c6:42:2a:87:e7:5b:f7:bc:3b:05:7a:78:82:a9:2e:
         7a:e2:36:8a:ad:02:13:39:e9:74:f5:df:d3:6d:f4:65:2c:33:
         62:a7:d9:85:fb:19:5a:28:a7:f6:27:ee:98:c9:ce:84:03:13:
         2e:69:5c:01:f9:da:e3:5a:ef:b0:26:1b:f4:be:97:bf:d0:83:
         5b:84:85:09:53:47:f0:71:5e:9f:36:3f:db:1d:a5:4a:6c:5a:
         84:97:89:49:54:44:b9:e6:18:19:b2:1f:65:c3:1b:70:14:49:
         c0:7d:e2:3c:68:a0:44:32:2c:1b:a6:95:64:44:b4:08:99:58:
         9f:5b:25:44:0f:6d:43:33:ae:cf:1f:c6:52:c2:01:ce:d7:b8:
         1c:30:94:5c:5d:12:d3:87:74:57:27:d1:5d:9c:dc:08:d2:2d:
         2d:41:60:78:36:ce:99:3a:ab:20:98:77:dc:23:d8:2a:54:8d:
         da:2f:58:5e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTqV0nhCckrKN7eypj5KPezUBalMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAxMTU5WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTRmZDM3NTMxOGMwNGU1MDNiZGRjZjEzMjJiMDZkMmU5
MmZkNjg4ZDUzNGNhNzliMzIxYTQxMGE3NWQ3OTM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC91sJ+sJPMOxwRV4gE9O9YihaRBeGXR4/LqN8jb99XnSs3
cLrVn3M1TRO6YkUEWjNXBiqOim5Zk96kdJiP8fh4oHR6ke9AFgHOLKCpb943cHct
OOpEPOAL5gxzuISTTRPCzVgmmnlRxnNRNT7RlJyZXSEFHkrsVeph/wuN32zAz1ST
fmTEKl42B+xkYkmZCcFlXaQM7/lerdW9hrTBhw5ku0CoL1P7CdgN7OSVUM7Xn0ae
fVTqxpQQV0bPLHcM4bakB7NCkrtnGuE/DpNRIA7SUT8K4p1L6IQFMkS7ajzFzoT6
wCJlzLwxfqOzpw0seRImamWsHF8MZDgErq5aGHpJAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUmmJVipZ1CEvB/IPUA3fgZDkMRDEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA3M2ViOTdkLWU4NzItNGZmMC1hZDhhLWEzMzQxNDZiNDVlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/5IDANBgkqhkiG9w0BAQsFAAOCAQEAajlmgTZwndgczIgMwZnl+0Dr
pcqaWRPqrW8dyh7/GfcGIVPzhD+zRNVcyD3Cf0pUcy4xP2/0dC+ueusb4qQwozMx
6xIG19knI5dbxkIqh+db97w7BXp4gqkueuI2iq0CEznpdPXf0230ZSwzYqfZhfsZ
Wiin9ifumMnOhAMTLmlcAfna41rvsCYb9L6Xv9CDW4SFCVNH8HFenzY/2x2lSmxa
hJeJSVREueYYGbIfZcMbcBRJwH3iPGigRDIsG6aVZES0CJlYn1slRA9tQzOuzx/G
UsIBzte4HDCUXF0S04d0VyfRXZzcCNItLUFgeDbOmTqrIJh33CPYKlSN2i9YXg==
-----END CERTIFICATE-----