Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30083b55-0236-4f8d-8387-e3015b3d58d8.roa
File:                     30083b55-0236-4f8d-8387-e3015b3d58d8.roa (raw, json)
Hash identifier:          Iwssl3xGG7+Yms43p5qqjJbft7sZE6lHM2dnJUWgybQ=
Subject key identifier:   7B:1B:EF:1F:B5:CA:A0:CE:2B:F0:60:5F:B9:A0:F2:6F:BE:15:2C:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6787F151E3DBF5AC9C8EECCA0411D6ABB687EE1B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30083b55-0236-4f8d-8387-e3015b3d58d8.roa
Signing time:             Tue 14 Oct 2025 15:52:37 +0000
ROA not before:           Tue 14 Oct 2025 15:52:37 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffc::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:87:f1:51:e3:db:f5:ac:9c:8e:ec:ca:04:11:d6:ab:b6:87:ee:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 15:52:37 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=607deaa894801092f1b437d637dc685be583355bc6fa906154ba0eba39caeabb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:48:ce:86:e5:ed:62:21:74:ed:12:a4:23:08:
                    ee:ad:59:ce:90:fa:c0:4b:f4:af:38:b2:0c:39:7f:
                    16:06:09:ed:a2:31:73:cb:59:08:b8:69:17:be:3c:
                    ed:36:b7:11:e9:65:54:21:c8:67:a1:17:a6:c0:ba:
                    69:96:60:c2:d9:10:10:63:83:1d:b3:6a:83:82:65:
                    5a:48:1b:a6:b0:f2:b1:72:b6:13:5c:d9:35:05:f4:
                    b6:71:44:6b:60:c0:d0:ef:ae:5f:c6:1a:02:c2:f2:
                    2e:f2:cc:7d:5d:0b:fc:f7:4b:ae:fc:ba:47:6d:37:
                    b8:c7:a1:98:7e:3f:50:02:48:c8:b1:2a:4d:9d:62:
                    51:bf:0a:35:c7:af:e1:3c:63:cf:81:6d:3d:c8:25:
                    98:6c:70:03:e6:8f:be:d7:b5:ac:21:67:f8:45:30:
                    7d:26:5a:e6:e0:f1:6b:28:41:26:cd:32:6d:ef:31:
                    a2:2b:ae:6e:45:00:c4:2a:59:86:b0:5a:8c:a9:05:
                    29:b1:69:53:36:68:c2:9e:25:bc:dc:0b:4c:8c:25:
                    f1:28:c2:43:99:96:dc:df:f9:fe:fd:13:d2:b9:cd:
                    51:7e:a0:8c:3c:73:9b:00:e2:30:b2:fd:e8:8d:e7:
                    59:2c:74:24:69:f1:15:ff:13:b6:5e:3a:db:58:3f:
                    5a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1B:EF:1F:B5:CA:A0:CE:2B:F0:60:5F:B9:A0:F2:6F:BE:15:2C:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30083b55-0236-4f8d-8387-e3015b3d58d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffc::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:7b:56:11:ae:77:01:d7:19:96:b1:48:ba:59:90:72:30:6b:
         5c:e8:da:32:f8:b4:6f:a5:41:22:41:58:38:f4:77:19:22:45:
         70:3d:96:33:0d:b7:91:f2:37:3f:79:30:5e:53:3b:2d:fa:55:
         56:c7:42:01:95:14:9e:3a:99:40:3d:73:b7:3e:d0:7c:cf:b6:
         69:bb:ce:5d:46:62:0f:14:cf:25:c8:ff:a6:45:d6:9f:f1:e7:
         97:0e:07:23:29:3d:2b:23:23:60:02:54:40:9a:87:36:c0:9f:
         e2:d5:ca:7c:a5:39:96:fa:08:db:5b:86:ff:31:b7:98:14:06:
         c8:9e:c9:0e:60:e7:4f:e8:55:f6:ae:66:85:49:a1:cc:44:07:
         49:c8:fb:bf:b2:2e:22:b8:74:5a:e9:11:8a:f5:3e:9e:83:bc:
         69:50:a9:4d:67:3b:d8:85:da:95:c6:58:96:53:8a:f5:2a:df:
         f0:24:77:29:73:34:96:9d:93:7a:77:2f:32:1a:0c:a7:1a:d3:
         ce:94:eb:66:aa:0c:92:a1:38:0e:e2:4a:cb:95:63:ca:3f:95:
         01:13:11:9b:09:79:b3:0c:3a:11:92:07:9a:18:5f:39:61:5b:
         8e:70:9c:a2:27:1e:a9:44:46:d3:37:fb:58:34:12:19:89:78:
         99:d7:2f:fa
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUZ4fxUePb9aycjuzKBBHWq7aH7hswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTU1MjM3WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDdkZWFhODk0ODAxMDkyZjFiNDM3ZDYzN2RjNjg1YmU1
ODMzNTViYzZmYTkwNjE1NGJhMGViYTM5Y2FlYWJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKSM6G5e1iIXTtEqQjCO6tWc6Q+sBL9K84sgw5fxYGCe2i
MXPLWQi4aRe+PO02txHpZVQhyGehF6bAummWYMLZEBBjgx2zaoOCZVpIG6aw8rFy
thNc2TUF9LZxRGtgwNDvrl/GGgLC8i7yzH1dC/z3S678ukdtN7jHoZh+P1ACSMix
Kk2dYlG/CjXHr+E8Y8+BbT3IJZhscAPmj77XtawhZ/hFMH0mWubg8WsoQSbNMm3v
MaIrrm5FAMQqWYawWoypBSmxaVM2aMKeJbzcC0yMJfEowkOZltzf+f79E9K5zVF+
oIw8c5sA4jCy/eiN51ksdCRp8RX/E7ZeOttYP1rtAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUexvvH7XKoM4r8GBfuaDyb74VLIcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMwMDgzYjU1LTAyMzYtNGY4ZC04Mzg3LWUzMDE1YjNkNThkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB/8MA0GCSqGSIb3DQEBCwUAA4IBAQAee1YRrncB1xmWsUi6WZByMGtc
6Noy+LRvpUEiQVg49HcZIkVwPZYzDbeR8jc/eTBeUzst+lVWx0IBlRSeOplAPXO3
PtB8z7Zpu85dRmIPFM8lyP+mRdaf8eeXDgcjKT0rIyNgAlRAmoc2wJ/i1cp8pTmW
+gjbW4b/MbeYFAbInskOYOdP6FX2rmaFSaHMRAdJyPu/si4iuHRa6RGK9T6eg7xp
UKlNZzvYhdqVxliWU4r1Kt/wJHcpczSWnZN6dy8yGgynGtPOlOtmqgySoTgO4krL
lWPKP5UBExGbCXmzDDoRkgeaGF85YVuOcJyiJx6pREbTN/tYNBIZiXiZ1y/6
-----END CERTIFICATE-----