Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/36cc3065-2c35-4b7d-9e8a-999fdd971024.roa
File:                     36cc3065-2c35-4b7d-9e8a-999fdd971024.roa (raw, json)
Hash identifier:          OdeqYetfUWgGJumsu4xaCUZ0u82wXrptlVc0fcum3e0=
Subject key identifier:   7C:06:1E:4A:00:C4:FF:57:F0:DC:62:E6:63:C7:C3:8F:5B:3D:57:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26CBF98FAD54CAADFF211C4E17F45ACDC0CC1E36
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/36cc3065-2c35-4b7d-9e8a-999fdd971024.roa
Signing time:             Sat 18 Oct 2025 01:31:46 +0000
ROA not before:           Sat 18 Oct 2025 01:31:46 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff5:8000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:cb:f9:8f:ad:54:ca:ad:ff:21:1c:4e:17:f4:5a:cd:c0:cc:1e:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:31:46 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=bef468272e951bd5e58a839e3390e91768e704fafed7ba7edda8d64ef090131a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ec:39:84:79:20:29:a2:23:7d:5a:2c:84:21:
                    52:73:75:2e:ed:ba:76:2c:0e:e4:43:c3:0b:86:59:
                    7d:16:e2:ff:44:86:56:3e:bf:cb:65:6d:50:76:c0:
                    77:c0:aa:61:75:d1:e4:6b:34:8e:f1:b9:cf:2a:d0:
                    ec:64:38:69:1e:ad:02:89:2c:e2:02:9b:97:dd:71:
                    ab:aa:0b:16:e9:62:de:55:9d:70:42:70:e3:19:3b:
                    1d:4b:ef:f2:78:20:c7:03:63:23:0f:1b:74:64:95:
                    b4:3d:2c:5e:9b:c9:69:34:91:d6:38:ce:df:e8:65:
                    e9:bb:42:c8:47:c6:5c:dc:03:1a:ba:eb:a0:d7:7f:
                    14:40:5a:fb:df:6a:9b:80:b7:ef:3e:5f:2d:21:21:
                    6a:b6:b1:71:fd:16:8b:91:3f:2e:89:bb:6f:7a:ce:
                    2d:41:0e:28:72:81:68:c2:99:91:65:e5:ed:e4:75:
                    2f:19:a5:db:82:31:15:40:d0:6e:1c:d2:03:39:0f:
                    db:5f:c8:c7:ca:46:27:5f:77:a4:46:72:77:8c:0b:
                    49:10:31:a7:f8:96:77:1a:f0:ba:9c:b8:42:e1:fa:
                    d0:a1:85:a2:d7:ef:e5:2f:b7:61:d6:fa:02:3c:9e:
                    3e:58:60:e2:5b:e5:c9:f2:b8:3d:f5:8e:38:0e:15:
                    b5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:06:1E:4A:00:C4:FF:57:F0:DC:62:E6:63:C7:C3:8F:5B:3D:57:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/36cc3065-2c35-4b7d-9e8a-999fdd971024.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         66:d8:c2:da:15:aa:ae:d9:d3:88:01:13:a8:13:21:55:dc:f8:
         06:91:2b:46:a2:82:fb:a9:11:03:5e:7f:78:5a:08:be:1a:2c:
         19:36:1e:0a:6e:03:00:4b:eb:d9:0a:75:c6:01:fa:94:d1:3b:
         0e:35:a0:18:e3:a7:3f:00:e2:6f:5f:56:b8:ef:3c:fa:2f:f0:
         45:54:7a:0a:1f:4a:65:63:6b:83:d2:2c:ac:ac:2d:a9:c6:89:
         93:67:e8:76:39:16:01:af:93:a6:34:78:8a:b4:14:31:94:08:
         d1:30:b3:8b:65:ee:47:08:a5:57:7b:e7:ff:8e:47:c9:25:02:
         92:63:d5:1d:ec:28:bf:94:aa:34:9d:98:e6:fc:72:c7:be:1d:
         24:0f:bc:ed:7f:c7:19:70:35:f5:6f:a2:a6:ce:78:21:96:93:
         21:75:c2:22:0f:55:9a:70:af:fe:c7:b1:56:8a:99:1f:e0:0f:
         be:bf:2e:ef:ae:c9:bf:a3:5f:ed:4c:92:31:e2:bb:57:e9:16:
         f7:71:e9:36:74:0f:ed:d9:33:1e:2a:42:64:43:7c:d5:23:56:
         eb:f4:6c:20:87:94:7c:f0:70:44:99:01:86:3f:5d:01:b0:e6:
         56:a1:9f:b0:03:86:81:34:3c:4f:c1:4a:fe:08:a5:c5:7f:9e:
         14:45:45:18
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJsv5j61Uyq3/IRxOF/RazcDMHjYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDEzMTQ2WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZWY0NjgyNzJlOTUxYmQ1ZTU4YTgzOWUzMzkwZTkxNzY4
ZTcwNGZhZmVkN2JhN2VkZGE4ZDY0ZWYwOTAxMzFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC57DmEeSApoiN9WiyEIVJzdS7tunYsDuRDwwuGWX0W4v9E
hlY+v8tlbVB2wHfAqmF10eRrNI7xuc8q0OxkOGkerQKJLOICm5fdcauqCxbpYt5V
nXBCcOMZOx1L7/J4IMcDYyMPG3RklbQ9LF6byWk0kdY4zt/oZem7QshHxlzcAxq6
66DXfxRAWvvfapuAt+8+Xy0hIWq2sXH9FouRPy6Ju296zi1BDihygWjCmZFl5e3k
dS8ZpduCMRVA0G4c0gM5D9tfyMfKRidfd6RGcneMC0kQMaf4lnca8LqcuELh+tCh
haLX7+Uvt2HW+gI8nj5YYOJb5cnyuD31jjgOFbX7AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUfAYeSgDE/1fw3GLmY8fDj1s9V78wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM2Y2MzMDY1LTJjMzUtNGI3ZC05ZThhLTk5OWZkZDk3MTAyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/1gDANBgkqhkiG9w0BAQsFAAOCAQEAZtjC2hWqrtnTiAETqBMhVdz4
BpErRqKC+6kRA15/eFoIvhosGTYeCm4DAEvr2Qp1xgH6lNE7DjWgGOOnPwDib19W
uO88+i/wRVR6Ch9KZWNrg9IsrKwtqcaJk2fodjkWAa+TpjR4irQUMZQI0TCzi2Xu
RwilV3vn/45HySUCkmPVHewov5SqNJ2Y5vxyx74dJA+87X/HGXA19W+ips54IZaT
IXXCIg9VmnCv/sexVoqZH+APvr8u767Jv6Nf7UySMeK7V+kW93HpNnQP7dkzHipC
ZEN81SNW6/RsIIeUfPBwRJkBhj9dAbDmVqGfsAOGgTQ8T8FK/gilxX+eFEVFGA==
-----END CERTIFICATE-----