Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f40aa3f-2702-44df-96d3-c95e3159f70c.roa
File:                     2f40aa3f-2702-44df-96d3-c95e3159f70c.roa (raw, json)
Hash identifier:          6gsVuIEULUCie1H+TPSU+ba2SKrbaPVgFzvrgMNn/rc=
Subject key identifier:   6A:7A:A8:FB:CC:3C:8B:38:2B:FA:1E:3B:06:AE:B0:AF:A2:22:4A:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       217A5EB37F87A2B88D8C524FEEE3A36619207640
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f40aa3f-2702-44df-96d3-c95e3159f70c.roa
Signing time:             Sat 18 Oct 2025 03:01:02 +0000
ROA not before:           Sat 18 Oct 2025 03:01:02 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f61:5000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:7a:5e:b3:7f:87:a2:b8:8d:8c:52:4f:ee:e3:a3:66:19:20:76:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 03:01:02 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=cac0bb1a7e896868443f2b0feff068228e253d30b1e1bca7b16de3d85f0bf1e2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:86:e8:0b:f5:3f:10:b3:80:6f:cd:01:76:8c:
                    47:ef:86:84:0a:1b:ba:8e:67:1a:e7:64:4e:e3:9a:
                    4f:97:0e:bb:78:ae:be:05:14:ad:20:77:71:8b:fe:
                    a3:63:dd:56:73:85:eb:e8:23:1a:e1:81:71:b2:3c:
                    c7:c6:3c:1d:9e:5b:cf:79:db:2b:a0:31:99:37:e0:
                    8e:1a:94:20:ea:da:84:16:85:99:b5:34:da:77:7a:
                    49:94:8d:bb:f6:41:e0:08:f7:77:1a:b0:91:30:e5:
                    25:b7:d3:0e:2e:b6:38:32:50:17:54:b6:3d:7e:d7:
                    68:86:76:6e:09:a2:25:45:d2:e1:51:11:22:19:30:
                    46:70:15:0b:0d:11:5c:e2:1e:48:48:dd:7b:2e:a3:
                    16:87:d2:8a:3b:f0:27:6b:c4:a2:06:8a:2f:f2:5e:
                    5f:58:d0:17:2e:29:5a:bb:c6:2e:5f:db:8c:61:97:
                    60:50:0a:d8:db:e5:14:b0:61:b5:c0:ae:4f:55:95:
                    8a:7a:27:ad:ad:8e:8f:7b:e5:80:92:af:94:aa:d7:
                    ef:b0:5d:bb:ba:28:4f:73:80:18:08:12:23:9a:fb:
                    71:4d:18:81:57:45:82:57:c1:fe:d5:e6:61:26:e5:
                    90:8c:12:39:26:8e:35:78:e0:3e:46:a9:f6:6b:67:
                    1d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:7A:A8:FB:CC:3C:8B:38:2B:FA:1E:3B:06:AE:B0:AF:A2:22:4A:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f40aa3f-2702-44df-96d3-c95e3159f70c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a8:6a:dd:7c:2b:2f:5a:50:19:af:aa:4f:c6:13:e5:11:82:14:
         49:a2:4a:51:25:89:5c:81:35:79:87:82:c5:5d:97:af:f3:07:
         91:32:17:4f:88:d3:c0:e2:74:d0:f6:6e:6d:19:97:02:c8:bf:
         06:aa:26:cd:68:df:5a:4e:8a:9d:0f:79:5c:0a:15:6f:ce:38:
         e7:d0:52:78:82:93:0e:72:79:7e:b1:64:2a:9b:36:37:3a:ac:
         18:6a:e5:2a:6a:46:21:61:2e:2b:bd:3a:0a:e8:86:85:a9:fd:
         53:48:36:1a:fb:92:b7:c1:1c:87:58:3c:6a:bc:9f:7d:1d:58:
         dd:0e:b9:71:ee:a3:71:58:8e:1d:ec:eb:02:6c:d1:7c:79:ad:
         7b:44:0d:a3:d4:f7:2e:63:33:b8:9a:b9:03:d0:6f:82:97:10:
         e5:67:c2:b1:55:35:f7:18:1e:55:01:f3:6c:71:f3:31:2f:08:
         d5:0a:84:21:2f:98:05:40:20:dc:57:6f:15:31:2f:07:93:a6:
         33:29:52:64:03:d2:84:7c:95:3c:d4:a8:d8:04:bd:62:56:35:
         b5:5d:33:15:46:6b:c9:8e:50:8d:76:58:51:2f:a2:df:e6:b3:
         01:a2:16:a9:29:54:8b:80:d0:1c:12:ea:f6:b3:9f:63:0b:af:
         45:47:c2:3a
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUIXpes3+HoriNjFJP7uOjZhkgdkAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDMwMTAyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWMwYmIxYTdlODk2ODY4NDQzZjJiMGZlZmYwNjgyMjhl
MjUzZDMwYjFlMWJjYTdiMTZkZTNkODVmMGJmMWUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdhugL9T8Qs4BvzQF2jEfvhoQKG7qOZxrnZE7jmk+XDrt4
rr4FFK0gd3GL/qNj3VZzhevoIxrhgXGyPMfGPB2eW8952yugMZk34I4alCDq2oQW
hZm1NNp3ekmUjbv2QeAI93casJEw5SW30w4utjgyUBdUtj1+12iGdm4JoiVF0uFR
ESIZMEZwFQsNEVziHkhI3XsuoxaH0oo78CdrxKIGii/yXl9Y0BcuKVq7xi5f24xh
l2BQCtjb5RSwYbXArk9VlYp6J62tjo975YCSr5Sq1++wXbu6KE9zgBgIEiOa+3FN
GIFXRYJXwf7V5mEm5ZCMEjkmjjV44D5GqfZrZx0xAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUanqo+8w8izgr+h47Bq6wr6IiSk4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmNDBhYTNmLTI3MDItNDRkZi05NmQzLWM5NWUzMTU5ZjcwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9hUDANBgkqhkiG9w0BAQsFAAOCAQEAqGrdfCsvWlAZr6pPxhPlEYIU
SaJKUSWJXIE1eYeCxV2Xr/MHkTIXT4jTwOJ00PZubRmXAsi/BqomzWjfWk6KnQ95
XAoVb84459BSeIKTDnJ5frFkKps2NzqsGGrlKmpGIWEuK706CuiGhan9U0g2GvuS
t8Ech1g8aryffR1Y3Q65ce6jcViOHezrAmzRfHmte0QNo9T3LmMzuJq5A9BvgpcQ
5WfCsVU19xgeVQHzbHHzMS8I1QqEIS+YBUAg3FdvFTEvB5OmMylSZAPShHyVPNSo
2AS9YlY1tV0zFUZryY5QjXZYUS+i3+azAaIWqSlUi4DQHBLq9rOfYwuvRUfCOg==
-----END CERTIFICATE-----