Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32c0d88b-d373-4855-95c8-86da907113f3.roa
File:                     32c0d88b-d373-4855-95c8-86da907113f3.roa (raw, json)
Hash identifier:          FFDfBXvlY9X4VXCHkljOSIMoFy9xgiyxAWvSaVWvBJE=
Subject key identifier:   14:45:9F:BD:DA:8B:85:69:2E:30:72:BF:96:0C:45:CC:2A:85:A9:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       351D30BDCB55F79A21D54C49D07A7E7FC1DDBDF0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32c0d88b-d373-4855-95c8-86da907113f3.roa
Signing time:             Tue 07 Oct 2025 00:42:47 +0000
ROA not before:           Tue 07 Oct 2025 00:42:47 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fb9:7400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:1d:30:bd:cb:55:f7:9a:21:d5:4c:49:d0:7a:7e:7f:c1:dd:bd:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:42:47 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=c8bc4e38238b74a17a66c68c739c1905b7b408568375c77d943377b8c1b0a89b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:86:b4:39:e2:42:a4:d4:93:ea:ee:61:63:10:
                    72:1e:23:c0:cf:4c:f1:d4:54:ac:93:fe:0f:77:56:
                    91:46:4d:39:6b:9e:8f:a8:13:32:ae:03:a9:7a:ae:
                    1c:27:35:db:1f:1d:53:14:0f:b5:bd:98:88:5a:56:
                    19:fa:58:d8:79:04:92:29:d3:ce:2e:1e:71:8e:94:
                    07:74:e8:ce:85:32:fc:4a:62:0f:02:d1:ff:3a:e3:
                    32:52:4a:12:0c:86:01:e1:bc:dd:af:a8:d0:8f:f8:
                    91:83:9d:03:f2:43:b2:db:e5:b3:e5:88:cc:de:56:
                    a6:1c:02:90:4c:55:b7:51:27:dc:45:2a:e9:75:9f:
                    b4:77:3c:bf:32:7e:13:1a:55:fe:da:58:a9:5f:b5:
                    f4:e2:b6:30:27:73:32:26:12:f3:ff:fc:1e:ec:2f:
                    de:ad:c8:4f:a2:76:7a:ed:8c:8e:a7:a6:a0:5c:93:
                    41:f4:2d:af:f7:a2:1a:a1:41:70:1c:6e:55:aa:97:
                    63:71:9e:3c:21:d4:30:cf:1f:b6:96:83:68:23:0c:
                    1c:7c:30:59:10:6f:29:cb:91:f0:da:04:ba:66:03:
                    58:ee:e3:fd:54:a1:61:fb:e1:b7:08:1d:5c:13:32:
                    72:39:34:16:1a:11:8d:77:1a:57:48:b4:78:74:5f:
                    4c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:45:9F:BD:DA:8B:85:69:2E:30:72:BF:96:0C:45:CC:2A:85:A9:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32c0d88b-d373-4855-95c8-86da907113f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb9:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         57:05:66:fc:d1:ac:2a:81:7b:33:27:01:1c:b1:f3:77:26:7c:
         f3:30:59:51:78:b2:ea:4b:da:e9:8f:36:21:67:f1:2d:90:f2:
         7f:a8:b7:1e:35:a9:34:93:0f:47:93:89:0d:db:10:ec:8d:09:
         ac:ee:ce:02:47:0b:e7:5b:e7:e9:aa:1c:63:37:c1:67:05:2a:
         5e:50:11:df:b0:33:c7:b4:b0:85:0f:18:dd:8d:4f:f3:48:cb:
         1b:07:91:c4:7d:f4:09:0f:43:5b:82:2d:70:29:77:e9:5c:cb:
         b0:cc:eb:fc:5f:a5:c8:b0:9b:c9:db:39:b4:32:46:b0:cb:91:
         86:0b:c7:28:8d:ae:0e:6e:59:f0:09:57:6e:9b:ce:aa:4b:85:
         a8:fb:bf:57:db:d5:59:59:a4:3b:36:01:a9:76:4a:31:3a:5b:
         3b:92:a6:ed:66:d4:35:0c:36:d2:b7:83:34:78:48:48:47:8d:
         4b:13:2c:dc:59:6f:49:f7:c5:bd:9d:dd:76:ac:00:2f:b9:85:
         3e:0f:fb:99:0d:3e:ef:e0:3d:fc:bb:ff:ec:9d:28:79:28:90:
         33:15:69:44:fe:3c:d2:58:a7:af:f2:bb:3c:4f:8f:9a:3b:70:
         04:a4:61:e3:17:32:53:53:80:c1:8d:44:be:c1:39:49:62:c2:
         02:d3:9e:7c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUNR0wvctV95oh1UxJ0Hp+f8HdvfAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MjQ3WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjOGJjNGUzODIzOGI3NGExN2E2NmM2OGM3MzljMTkwNWI3
YjQwODU2ODM3NWM3N2Q5NDMzNzdiOGMxYjBhODliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCahrQ54kKk1JPq7mFjEHIeI8DPTPHUVKyT/g93VpFGTTlr
no+oEzKuA6l6rhwnNdsfHVMUD7W9mIhaVhn6WNh5BJIp084uHnGOlAd06M6FMvxK
Yg8C0f864zJSShIMhgHhvN2vqNCP+JGDnQPyQ7Lb5bPliMzeVqYcApBMVbdRJ9xF
Kul1n7R3PL8yfhMaVf7aWKlftfTitjAnczImEvP//B7sL96tyE+idnrtjI6npqBc
k0H0La/3ohqhQXAcblWql2Nxnjwh1DDPH7aWg2gjDBx8MFkQbynLkfDaBLpmA1ju
4/1UoWH74bcIHVwTMnI5NBYaEY13GldItHh0X0xLAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUFEWfvdqLhWkuMHK/lgxFzCqFqe0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMyYzBkODhiLWQzNzMtNDg1NS05NWM4LTg2ZGE5MDcxMTNmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+5dDANBgkqhkiG9w0BAQsFAAOCAQEAVwVm/NGsKoF7MycBHLHzdyZ8
8zBZUXiy6kva6Y82IWfxLZDyf6i3HjWpNJMPR5OJDdsQ7I0JrO7OAkcL51vn6aoc
YzfBZwUqXlAR37Azx7SwhQ8Y3Y1P80jLGweRxH30CQ9DW4ItcCl36VzLsMzr/F+l
yLCbyds5tDJGsMuRhgvHKI2uDm5Z8AlXbpvOqkuFqPu/V9vVWVmkOzYBqXZKMTpb
O5Km7WbUNQw20reDNHhISEeNSxMs3FlvSffFvZ3ddqwAL7mFPg/7mQ0+7+A9/Lv/
7J0oeSiQMxVpRP480linr/K7PE+PmjtwBKRh4xcyU1OAwY1EvsE5SWLCAtOefA==
-----END CERTIFICATE-----