Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43963ea9-c865-4cb5-b075-eea3df535429.roa
File:                     43963ea9-c865-4cb5-b075-eea3df535429.roa (raw, json)
Hash identifier:          XpoRZn5h5yHiDGwnlOYsmYBE5VPaC4WQtZ4yrDmmasE=
Subject key identifier:   97:58:64:E3:3A:E4:C1:03:39:6C:A4:D6:B8:DB:03:79:8A:AE:E9:A1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A2EF542D1538A0B4B83F859AB2F71E38C81608D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43963ea9-c865-4cb5-b075-eea3df535429.roa
Signing time:             Wed 01 Oct 2025 00:12:03 +0000
ROA not before:           Wed 01 Oct 2025 00:12:03 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:83d2::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:2e:f5:42:d1:53:8a:0b:4b:83:f8:59:ab:2f:71:e3:8c:81:60:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:12:03 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=b99c6265eb1f19567b7bab29e79255eef3a306cb2c36e87259a40af51cc947be, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e9:1d:be:a9:8b:e0:8c:5e:fb:64:e5:b5:6b:
                    4b:54:de:c1:9b:ce:11:d0:e7:d8:ed:a8:9f:a4:8d:
                    4b:3d:57:76:25:8c:59:3c:0c:52:ac:8c:64:37:3d:
                    ee:14:8d:4b:1d:6d:d1:02:6d:c6:58:19:b6:78:6c:
                    32:31:21:48:51:c8:0f:40:d0:37:17:0f:95:01:28:
                    d8:39:54:21:8e:0d:03:a5:9f:f0:3f:dd:ef:b7:94:
                    3d:bc:23:f5:ef:bf:cf:87:34:df:32:f5:9d:d9:5d:
                    40:df:44:c6:ba:06:ef:e7:1f:26:f8:9d:b4:79:15:
                    b9:a3:e1:37:b2:73:21:9f:df:0a:1d:3a:39:38:59:
                    51:f2:8e:e3:91:0f:e0:cb:74:bc:f4:c2:78:f8:7e:
                    4e:c3:5c:ef:6f:88:a2:98:38:5a:ed:56:bb:52:9b:
                    9a:d9:68:a7:1c:13:37:39:53:6f:6a:e6:ce:06:46:
                    fe:c3:1c:33:c9:4b:32:bf:c4:26:21:26:8f:80:61:
                    a0:e9:0e:b7:4e:19:90:6c:a5:ce:4c:f2:30:7b:22:
                    5d:1c:12:ca:73:2f:74:cb:30:95:ee:17:e8:1e:fb:
                    b1:29:0c:a7:79:f7:95:d0:46:58:3f:96:8c:0f:65:
                    06:9f:d4:82:47:d0:73:ed:52:1e:1d:d7:45:bb:c2:
                    7c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:58:64:E3:3A:E4:C1:03:39:6C:A4:D6:B8:DB:03:79:8A:AE:E9:A1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43963ea9-c865-4cb5-b075-eea3df535429.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:83d2::/48

    Signature Algorithm: sha256WithRSAEncryption
         d0:2b:b1:53:8b:4f:65:a4:86:a2:e5:19:7c:85:e1:94:97:8c:
         2c:54:28:dc:06:ff:64:6d:cf:d5:8d:aa:6f:21:9d:54:d4:8a:
         d9:af:e4:f1:e0:ea:d1:2f:fe:f8:ce:cf:04:01:bf:35:7e:9a:
         78:53:47:7a:9b:f2:8d:fe:c7:64:84:10:ce:4e:0b:5d:db:f3:
         41:67:cb:ba:e3:61:8f:c9:33:88:ba:a8:62:4f:17:fa:a3:82:
         42:1e:b9:7f:b4:c1:72:36:e5:f1:72:a9:67:fb:e6:29:a2:af:
         5b:ac:c1:81:a1:70:a7:d5:3d:2f:c4:33:0a:34:29:51:ca:d8:
         09:73:cf:04:67:3e:4b:0a:c5:25:79:df:ad:ea:b3:5c:44:0e:
         8f:51:4e:f2:61:43:24:56:27:fb:cf:19:b9:1f:38:3a:6a:26:
         a9:c9:91:f9:3d:4c:3f:ac:5e:e9:93:cb:18:ac:7d:07:4b:22:
         e7:02:5a:d5:9e:d0:4c:f1:b5:db:4e:63:5e:a8:f6:63:e1:18:
         99:d5:a7:ba:fa:50:1e:92:a5:ed:87:37:29:7a:c6:ec:7d:dd:
         61:39:79:3d:ff:35:0d:10:2e:2d:27:b1:c4:6f:b4:30:cb:83:
         1d:77:bd:bc:06:c7:ad:88:2d:96:9f:e4:9d:f7:0b:09:ea:4a:
         40:a4:99:5f
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUai71QtFTigtLg/hZqy9x44yBYI0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAxMjAzWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTljNjI2NWViMWYxOTU2N2I3YmFiMjllNzkyNTVlZWYz
YTMwNmNiMmMzNmU4NzI1OWE0MGFmNTFjYzk0N2JlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDM6R2+qYvgjF77ZOW1a0tU3sGbzhHQ59jtqJ+kjUs9V3Yl
jFk8DFKsjGQ3Pe4UjUsdbdECbcZYGbZ4bDIxIUhRyA9A0DcXD5UBKNg5VCGODQOl
n/A/3e+3lD28I/Xvv8+HNN8y9Z3ZXUDfRMa6Bu/nHyb4nbR5Fbmj4TeycyGf3wod
Ojk4WVHyjuORD+DLdLz0wnj4fk7DXO9viKKYOFrtVrtSm5rZaKccEzc5U29q5s4G
Rv7DHDPJSzK/xCYhJo+AYaDpDrdOGZBspc5M8jB7Il0cEspzL3TLMJXuF+ge+7Ep
DKd595XQRlg/lowPZQaf1IJH0HPtUh4d10W7wnw1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUl1hk4zrkwQM5bKTWuNsDeYqu6aEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzOTYzZWE5LWM4NjUtNGNiNS1iMDc1LWVlYTNkZjUzNTQyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9g9IwDQYJKoZIhvcNAQELBQADggEBANArsVOLT2WkhqLlGXyF4ZSX
jCxUKNwG/2Rtz9WNqm8hnVTUitmv5PHg6tEv/vjOzwQBvzV+mnhTR3qb8o3+x2SE
EM5OC13b80Fny7rjYY/JM4i6qGJPF/qjgkIeuX+0wXI25fFyqWf75imir1uswYGh
cKfVPS/EMwo0KVHK2AlzzwRnPksKxSV5363qs1xEDo9RTvJhQyRWJ/vPGbkfODpq
JqnJkfk9TD+sXumTyxisfQdLIucCWtWe0EzxtdtOY16o9mPhGJnVp7r6UB6Spe2H
Nyl6xux93WE5eT3/NQ0QLi0nscRvtDDLgx13vbwGx62ILZaf5J33CwnqSkCkmV8=
-----END CERTIFICATE-----