Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c085180-9c0d-46df-8d8f-283057871dbf.roa
File:                     0c085180-9c0d-46df-8d8f-283057871dbf.roa (raw, json)
Hash identifier:          TXwpQzR81o+iUxA992reyGwJrFVd7uS0C4iYZDeitws=
Subject key identifier:   F3:AD:31:A6:66:D6:3C:3B:31:35:5C:3C:C1:43:B7:79:81:7D:36:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2683737DAA3BE1AE42268D4E045CACE173710741
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c085180-9c0d-46df-8d8f-283057871dbf.roa
Signing time:             Fri 03 Oct 2025 00:22:02 +0000
ROA not before:           Fri 03 Oct 2025 00:22:02 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:e000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:83:73:7d:aa:3b:e1:ae:42:26:8d:4e:04:5c:ac:e1:73:71:07:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:22:02 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=3db769d52516ee66b249bdc6e2ff619ae7d933c7caee5a54e494db192f4c30e5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:38:c9:de:32:75:e8:03:f8:e0:b7:a1:50:1a:
                    a8:bf:67:4e:94:1b:e9:43:dc:4a:0e:75:17:c6:f0:
                    b8:c1:0d:87:6d:1f:0d:40:9f:53:80:1c:0f:c2:d6:
                    cd:fa:ec:44:22:c9:e8:ef:3b:75:83:4e:8c:11:4a:
                    02:a4:a4:ba:26:8e:ca:e0:0c:06:b3:4c:fd:3a:30:
                    40:ca:af:45:08:29:22:22:a9:77:47:36:53:22:7d:
                    92:fd:be:b9:73:fc:17:fa:7c:5c:2e:90:38:15:52:
                    fe:f6:94:7d:ed:e4:c3:74:e7:00:2f:51:94:9b:1f:
                    97:63:b6:86:62:d4:85:9a:1f:4b:5f:01:b2:42:f4:
                    14:94:a2:9e:46:a2:79:3b:04:be:32:93:77:16:97:
                    4b:d8:61:51:d2:24:0d:dc:60:c3:e9:f2:99:c5:e1:
                    93:2f:bc:de:d8:34:da:43:80:f2:b1:0c:c9:e3:2e:
                    a2:6d:46:0c:2c:f5:05:b3:02:1d:6d:4d:55:ff:d1:
                    4c:4a:0a:0a:10:0a:01:dc:d6:cf:68:5a:a8:1b:9b:
                    bb:00:6f:a7:a8:89:56:13:cf:78:cb:45:1f:86:39:
                    54:c4:6d:cc:05:fe:3f:d8:d8:d7:fb:6a:47:3b:f3:
                    d3:70:92:11:e1:92:4a:dc:81:35:92:80:18:ee:27:
                    df:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:AD:31:A6:66:D6:3C:3B:31:35:5C:3C:C1:43:B7:79:81:7D:36:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c085180-9c0d-46df-8d8f-283057871dbf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b8:62:10:e4:c1:9a:98:47:f8:b6:42:10:b0:9c:25:99:2f:04:
         be:24:b9:34:31:7b:28:19:77:82:57:c4:40:c1:24:be:9a:d0:
         4f:35:db:50:77:34:c2:12:ec:74:2b:3a:71:2b:72:7f:95:f4:
         4c:25:5c:35:cb:95:c3:43:cd:10:1c:24:9d:90:f1:77:d6:41:
         6a:69:16:32:1e:79:86:5a:e3:73:88:cb:a7:b6:48:21:47:26:
         55:e7:bc:7f:5e:eb:c0:b6:aa:59:f2:eb:99:7b:ea:df:05:b3:
         63:56:a8:8c:8f:f4:a1:a4:f2:4b:27:88:4c:e8:d1:a6:b4:02:
         b4:8f:27:e4:ee:40:e1:f2:ee:48:8c:23:7d:78:8d:04:2e:f9:
         32:4d:fa:a9:ac:da:23:08:6c:20:c6:68:de:bb:d0:8b:7e:12:
         ec:ad:2f:96:6e:1b:75:21:fa:11:79:88:53:1b:33:45:63:41:
         ad:1d:8c:70:91:66:05:92:97:ce:28:e4:53:d2:03:3a:e6:d4:
         14:fa:71:ce:28:17:14:30:af:0d:5e:77:43:9e:13:7b:ae:49:
         be:fd:5b:bd:9a:3d:1a:ed:1a:ec:2e:f1:c6:fe:37:5a:f9:41:
         5e:26:a9:ab:5f:95:ba:73:bd:64:e7:c2:45:73:90:2b:97:53:
         9b:62:7c:df
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJoNzfao74a5CJo1OBFys4XNxB0EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAyMjAyWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZGI3NjlkNTI1MTZlZTY2YjI0OWJkYzZlMmZmNjE5YWU3
ZDkzM2M3Y2FlZTVhNTRlNDk0ZGIxOTJmNGMzMGU1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUOMneMnXoA/jgt6FQGqi/Z06UG+lD3EoOdRfG8LjBDYdt
Hw1An1OAHA/C1s367EQiyejvO3WDTowRSgKkpLomjsrgDAazTP06MEDKr0UIKSIi
qXdHNlMifZL9vrlz/Bf6fFwukDgVUv72lH3t5MN05wAvUZSbH5djtoZi1IWaH0tf
AbJC9BSUop5Gonk7BL4yk3cWl0vYYVHSJA3cYMPp8pnF4ZMvvN7YNNpDgPKxDMnj
LqJtRgws9QWzAh1tTVX/0UxKCgoQCgHc1s9oWqgbm7sAb6eoiVYTz3jLRR+GOVTE
bcwF/j/Y2Nf7akc789NwkhHhkkrcgTWSgBjuJ9+jAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU860xpmbWPDsxNVw8wUO3eYF9NrAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjMDg1MTgwLTljMGQtNDZkZi04ZDhmLTI4MzA1Nzg3MWRiZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/x4DANBgkqhkiG9w0BAQsFAAOCAQEAuGIQ5MGamEf4tkIQsJwlmS8E
viS5NDF7KBl3glfEQMEkvprQTzXbUHc0whLsdCs6cStyf5X0TCVcNcuVw0PNEBwk
nZDxd9ZBamkWMh55hlrjc4jLp7ZIIUcmVee8f17rwLaqWfLrmXvq3wWzY1aojI/0
oaTySyeITOjRprQCtI8n5O5A4fLuSIwjfXiNBC75Mk36qazaIwhsIMZo3rvQi34S
7K0vlm4bdSH6EXmIUxszRWNBrR2McJFmBZKXzijkU9IDOubUFPpxzigXFDCvDV53
Q54Te65Jvv1bvZo9Gu0a7C7xxv43WvlBXiapq1+VunO9ZOfCRXOQK5dTm2J83w==
-----END CERTIFICATE-----