Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f18d1fe-3be4-46b5-8c45-f26a31912e5e.roa
File:                     0f18d1fe-3be4-46b5-8c45-f26a31912e5e.roa (raw, json)
Hash identifier:          5hiGuEnUFZN1BMEygy1aGCSM+K0gfBdzHQH4Upz465I=
Subject key identifier:   77:A9:48:E8:95:71:01:71:8E:4D:96:DF:B9:F2:AD:8C:5C:D0:8E:C7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2AB599C5B10BE9D26A4FCB1587FE17833B4A3072
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f18d1fe-3be4-46b5-8c45-f26a31912e5e.roa
Signing time:             Fri 10 Oct 2025 00:12:46 +0000
ROA not before:           Fri 10 Oct 2025 00:12:46 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff4:4000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:b5:99:c5:b1:0b:e9:d2:6a:4f:cb:15:87:fe:17:83:3b:4a:30:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:12:46 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=b19a23b91b34bf249f786d3edae3c4a019eb793b8a1276016c0b4d09f0145295, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:96:d9:e0:d7:a3:11:2e:18:f2:dc:32:c2:27:
                    01:ed:57:d2:d6:a0:48:c7:5c:55:0c:91:c3:23:fe:
                    46:3e:5d:73:38:a4:b6:4b:71:59:23:53:58:74:3e:
                    38:be:cf:3d:31:ad:64:58:80:b4:66:51:17:eb:ce:
                    7a:83:8c:94:09:54:32:71:41:cc:51:8d:14:b1:60:
                    e0:63:62:6f:19:99:42:86:45:ce:4c:c3:0e:28:8e:
                    c5:73:08:a6:b6:70:7e:75:f2:50:dc:f1:26:75:e5:
                    ff:3a:30:a0:eb:d7:86:ba:62:8d:d4:19:0d:28:c8:
                    6a:1f:b9:5b:d1:50:1a:25:a4:77:6e:1d:6d:8f:63:
                    6e:22:70:3f:f5:91:29:8b:20:74:18:26:2a:17:cd:
                    2e:61:2e:4a:65:3e:c9:57:5d:03:f7:a7:9e:55:cb:
                    8a:be:21:9b:36:aa:22:cc:88:e0:32:f8:93:ef:00:
                    4c:53:fa:92:53:d6:c9:ad:29:81:b9:04:92:8a:67:
                    2e:67:07:ff:4a:a5:08:40:a9:aa:34:04:78:6a:fa:
                    13:a5:1b:c8:d3:9f:0a:52:c3:b1:9e:a8:57:76:cf:
                    ee:00:18:c1:18:c8:e1:5c:fc:74:54:cb:fe:c3:08:
                    ec:53:53:62:ac:0b:41:ab:6f:28:f6:44:95:f5:99:
                    5f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:A9:48:E8:95:71:01:71:8E:4D:96:DF:B9:F2:AD:8C:5C:D0:8E:C7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f18d1fe-3be4-46b5-8c45-f26a31912e5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         d7:f4:0c:22:4d:cb:64:f6:b9:19:6f:42:74:c8:6c:f6:18:b2:
         0b:0c:d9:31:49:a5:57:f5:95:f7:cc:a3:53:6b:be:f1:ac:d9:
         22:3f:52:18:9d:79:df:7e:dc:f2:1a:28:0d:6b:64:20:7e:2e:
         c3:8c:1a:7f:ed:da:aa:9e:99:2e:32:d0:d2:1a:1a:fb:53:f3:
         4e:18:a6:35:70:91:c0:30:84:be:f0:91:2d:8c:2d:b2:24:f3:
         6e:51:2f:af:2f:2a:0a:c3:a8:f8:52:b0:26:45:15:a7:e6:e4:
         96:3a:f6:0c:d1:4a:25:23:14:f5:73:1b:a5:ed:1b:f3:b2:86:
         da:97:19:08:7e:6e:f4:72:53:9f:a2:6a:8a:8d:22:cb:49:bf:
         1c:bb:8a:5a:fb:3e:66:7a:77:2e:e0:29:30:e1:ad:e2:76:42:
         53:5e:6a:31:d9:1c:48:7c:7e:8e:44:76:23:16:76:7f:fe:31:
         6f:a4:ef:7b:38:67:0c:d4:3e:35:3e:d1:82:a3:ea:f1:b1:bb:
         a2:27:64:87:cd:64:e2:cd:cf:bf:2e:99:2f:1d:d5:58:2f:9e:
         92:f0:d0:80:16:99:02:58:a4:cc:f3:94:53:ba:65:03:c2:65:
         f9:8f:77:da:d5:6b:69:22:04:48:2a:82:45:2f:e4:af:77:76:
         64:5f:6f:9e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKrWZxbEL6dJqT8sVh/4XgztKMHIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAxMjQ2WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTlhMjNiOTFiMzRiZjI0OWY3ODZkM2VkYWUzYzRhMDE5
ZWI3OTNiOGExMjc2MDE2YzBiNGQwOWYwMTQ1Mjk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCultng16MRLhjy3DLCJwHtV9LWoEjHXFUMkcMj/kY+XXM4
pLZLcVkjU1h0Pji+zz0xrWRYgLRmURfrznqDjJQJVDJxQcxRjRSxYOBjYm8ZmUKG
Rc5Mww4ojsVzCKa2cH518lDc8SZ15f86MKDr14a6Yo3UGQ0oyGofuVvRUBolpHdu
HW2PY24icD/1kSmLIHQYJioXzS5hLkplPslXXQP3p55Vy4q+IZs2qiLMiOAy+JPv
AExT+pJT1smtKYG5BJKKZy5nB/9KpQhAqao0BHhq+hOlG8jTnwpSw7GeqFd2z+4A
GMEYyOFc/HRUy/7DCOxTU2KsC0Grbyj2RJX1mV+xAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUd6lI6JVxAXGOTZbfufKtjFzQjscwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBmMThkMWZlLTNiZTQtNDZiNS04YzQ1LWYyNmEzMTkxMmU1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/0QDANBgkqhkiG9w0BAQsFAAOCAQEA1/QMIk3LZPa5GW9CdMhs9hiy
CwzZMUmlV/WV98yjU2u+8azZIj9SGJ15337c8hooDWtkIH4uw4waf+3aqp6ZLjLQ
0hoa+1PzThimNXCRwDCEvvCRLYwtsiTzblEvry8qCsOo+FKwJkUVp+bkljr2DNFK
JSMU9XMbpe0b87KG2pcZCH5u9HJTn6Jqio0iy0m/HLuKWvs+Znp3LuApMOGt4nZC
U15qMdkcSHx+jkR2IxZ2f/4xb6TvezhnDNQ+NT7RgqPq8bG7oidkh81k4s3Pvy6Z
Lx3VWC+ekvDQgBaZAlikzPOUU7plA8Jl+Y932tVraSIESCqCRS/kr3d2ZF9vng==
-----END CERTIFICATE-----