Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/334d7931-2517-4a77-808a-686c04c88234.roa
File:                     334d7931-2517-4a77-808a-686c04c88234.roa (raw, json)
Hash identifier:          dgboCttOsissk6UbE6HbYXoL+QdB1W3PElxgZqNuYuU=
Subject key identifier:   71:E5:13:54:FE:5F:AA:74:6E:57:61:9B:C1:16:15:F1:4B:A0:43:17
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C1779A40780E379F79804D085CA000BD6C52D9A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/334d7931-2517-4a77-808a-686c04c88234.roa
Signing time:             Wed 08 Oct 2025 00:12:04 +0000
ROA not before:           Wed 08 Oct 2025 00:12:04 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff5:c000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:17:79:a4:07:80:e3:79:f7:98:04:d0:85:ca:00:0b:d6:c5:2d:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:12:04 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=c73be28b131e81780f40759ec444e39533bec263273cacc3519392b7331d7873, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:67:c3:f6:4e:ac:5b:83:60:50:6f:b9:89:51:
                    30:4e:cb:cd:84:56:cb:b0:b6:5f:33:0c:3f:78:9c:
                    f7:ca:ae:33:e9:1f:3f:17:25:10:fd:07:83:ff:96:
                    ab:d3:d9:04:fa:79:22:f9:cb:c6:07:f8:e8:2d:33:
                    b4:51:8c:64:1d:1d:90:fe:9e:36:17:1e:3e:c2:52:
                    4b:3d:fa:e2:da:f8:f2:ef:13:4c:09:1a:d7:a4:60:
                    d9:0e:73:89:38:0c:40:53:9f:8f:d4:8b:2b:3c:7f:
                    0f:d5:4d:13:9c:63:83:ff:53:af:2e:08:21:78:f7:
                    83:21:d5:6e:de:45:c9:3a:0a:d4:13:e1:a9:68:f5:
                    52:c4:3c:51:2e:60:e8:e8:8a:56:7e:85:f5:d6:26:
                    4b:4b:d6:e1:bb:3f:70:51:17:54:00:98:1c:a7:c6:
                    fd:f7:ff:78:ee:b5:48:47:81:96:6b:d7:31:7b:18:
                    28:ef:0e:bc:99:f1:1d:2c:90:74:d2:ae:80:0f:60:
                    22:f8:30:01:6c:cf:19:81:13:3a:d7:70:71:de:2e:
                    e6:d0:08:b1:20:95:8d:4e:56:f4:95:70:d0:ee:94:
                    11:b9:44:c6:64:a1:8f:fd:59:9f:2f:ff:64:7d:52:
                    23:7d:da:11:81:97:cd:b9:91:56:fa:1d:30:40:33:
                    91:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:E5:13:54:FE:5F:AA:74:6E:57:61:9B:C1:16:15:F1:4B:A0:43:17
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/334d7931-2517-4a77-808a-686c04c88234.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a4:01:ea:06:1b:d1:25:0f:6f:f6:5a:17:cd:de:f2:27:d7:6c:
         f4:38:0a:2e:68:82:82:06:e6:0b:f8:01:0c:81:b0:25:27:d0:
         79:92:f1:50:dc:c2:03:93:fb:db:56:55:d7:9a:ef:0d:ad:32:
         8b:f7:8d:67:2f:e1:02:b2:29:ea:51:2f:63:5f:26:d5:65:54:
         f1:96:17:1c:b1:bc:67:33:69:4a:4c:07:2b:a4:be:30:f8:54:
         4c:54:b8:71:e2:a0:7b:8e:e3:e2:a6:2e:6d:3f:72:cb:0d:df:
         9b:53:f4:fe:b8:24:8e:6d:0b:c5:ce:43:5c:87:26:86:2b:91:
         bb:f1:9b:50:1c:ff:08:e5:d2:53:06:26:f8:3c:07:be:c6:36:
         0c:e4:2d:8c:f2:1b:f1:a3:68:66:b9:9a:c8:7c:6c:91:74:93:
         8b:e7:f5:98:a8:86:b4:5f:40:85:47:f6:c2:98:01:8e:6a:0d:
         aa:fa:5c:80:d2:e0:79:0a:b6:93:10:3a:fe:92:f3:4f:94:37:
         36:63:3d:c5:b9:0c:61:d2:29:c5:5d:22:b8:4a:bc:9e:4a:bc:
         3d:50:42:2d:76:1c:70:54:ce:3a:42:fe:f4:97:a7:66:a0:ca:
         ca:e5:39:f1:a4:6f:9f:5f:a7:a9:4c:cf:98:7f:2b:7e:10:8e:
         d5:19:3e:be
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIULBd5pAeA43n3mATQhcoAC9bFLZowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAxMjA0WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzNiZTI4YjEzMWU4MTc4MGY0MDc1OWVjNDQ0ZTM5NTMz
YmVjMjYzMjczY2FjYzM1MTkzOTJiNzMzMWQ3ODczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRZ8P2Tqxbg2BQb7mJUTBOy82EVsuwtl8zDD94nPfKrjPp
Hz8XJRD9B4P/lqvT2QT6eSL5y8YH+OgtM7RRjGQdHZD+njYXHj7CUks9+uLa+PLv
E0wJGtekYNkOc4k4DEBTn4/Uiys8fw/VTROcY4P/U68uCCF494Mh1W7eRck6CtQT
4alo9VLEPFEuYOjoilZ+hfXWJktL1uG7P3BRF1QAmBynxv33/3jutUhHgZZr1zF7
GCjvDryZ8R0skHTSroAPYCL4MAFszxmBEzrXcHHeLubQCLEglY1OVvSVcNDulBG5
RMZkoY/9WZ8v/2R9UiN92hGBl825kVb6HTBAM5EXAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUceUTVP5fqnRuV2GbwRYV8UugQxcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzNGQ3OTMxLTI1MTctNGE3Ny04MDhhLTY4NmMwNGM4ODIzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/1wDANBgkqhkiG9w0BAQsFAAOCAQEApAHqBhvRJQ9v9loXzd7yJ9ds
9DgKLmiCggbmC/gBDIGwJSfQeZLxUNzCA5P721ZV15rvDa0yi/eNZy/hArIp6lEv
Y18m1WVU8ZYXHLG8ZzNpSkwHK6S+MPhUTFS4ceKge47j4qYubT9yyw3fm1P0/rgk
jm0Lxc5DXIcmhiuRu/GbUBz/COXSUwYm+DwHvsY2DOQtjPIb8aNoZrmayHxskXST
i+f1mKiGtF9AhUf2wpgBjmoNqvpcgNLgeQq2kxA6/pLzT5Q3NmM9xbkMYdIpxV0i
uEq8nkq8PVBCLXYccFTOOkL+9JenZqDKyuU58aRvn1+nqUzPmH8rfhCO1Rk+vg==
-----END CERTIFICATE-----