Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46edd7ff-96c0-4dcb-a72e-2dd489d695eb.roa
File:                     46edd7ff-96c0-4dcb-a72e-2dd489d695eb.roa (raw, json)
Hash identifier:          IXHpwLsdk8pHAHG25KSZ9yrNzigiRXrVYpBLB6WQKfI=
Subject key identifier:   DA:EF:73:CC:1D:B9:5E:60:07:E9:B1:B9:72:55:81:03:86:4E:CC:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D1F7ED6881969CA2166A9C77E667DB02D0EE15C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46edd7ff-96c0-4dcb-a72e-2dd489d695eb.roa
Signing time:             Wed 01 Oct 2025 00:12:45 +0000
ROA not before:           Wed 01 Oct 2025 00:12:45 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:a400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:1f:7e:d6:88:19:69:ca:21:66:a9:c7:7e:66:7d:b0:2d:0e:e1:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:12:45 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=9698e0088f350786c89f35856e4e19f3b53f7a7dbfda64eddd1147347dcc86e9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d5:d9:6b:50:cf:0f:57:1d:3e:05:0e:2b:6f:
                    22:bc:3d:9e:a5:bb:13:34:0e:12:a8:36:cf:98:c6:
                    d3:64:57:65:56:04:b3:48:d0:26:1e:46:b0:da:0f:
                    ef:4e:5f:c5:77:4a:f9:57:9f:b5:5a:83:ff:1c:8e:
                    d2:89:dd:2c:bd:e4:51:32:1f:a1:cc:c0:9b:c9:0a:
                    25:a1:e9:36:d8:e0:e3:e2:0c:86:f4:37:a9:99:5d:
                    41:80:be:6b:58:aa:e2:ea:35:25:f3:0d:18:6f:db:
                    12:4b:93:93:d4:c6:4a:4c:6f:8b:33:5c:99:97:29:
                    36:03:d4:c9:ca:81:41:4b:8a:4e:01:99:c9:be:38:
                    ab:14:98:67:bb:bc:df:ed:a3:3e:40:3b:40:a1:5b:
                    bf:0c:3c:94:8d:76:47:a8:c6:e6:ff:9f:a8:18:cd:
                    ca:f5:7c:fa:88:85:0b:a0:d3:36:ad:1d:b2:bd:14:
                    1c:c3:e6:1c:00:0e:89:6a:2d:4e:0a:b5:b2:76:b0:
                    0d:14:32:ee:e5:d5:ca:aa:40:18:ef:b9:f0:4d:f8:
                    a6:97:f2:c6:9c:31:6e:b4:c2:3a:04:e0:dc:fc:03:
                    63:32:1f:81:bf:50:32:f5:fd:e5:34:71:7d:30:b8:
                    73:09:40:c3:ad:92:ef:75:23:e8:83:40:f1:9d:d4:
                    0f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:EF:73:CC:1D:B9:5E:60:07:E9:B1:B9:72:55:81:03:86:4E:CC:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46edd7ff-96c0-4dcb-a72e-2dd489d695eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:6c:19:51:c8:ea:cb:83:a7:21:b9:fc:58:02:fb:3c:83:9b:
         5a:1f:c1:7e:54:80:e9:8e:29:0d:bb:7e:36:00:0f:47:d5:03:
         67:12:e3:6c:63:b5:62:58:41:5c:12:dd:fd:69:2c:7b:9e:12:
         a4:2f:e1:c5:c2:6b:9c:e2:09:87:36:e2:82:93:cd:b2:5a:0a:
         70:1b:33:f0:a4:19:31:52:ab:54:ed:5a:2f:6a:8d:76:d4:3e:
         13:8e:8a:52:8b:cc:c5:27:ba:9e:b7:05:90:06:62:e1:7b:41:
         9f:f7:3d:f3:f1:01:f3:87:b1:6c:42:b7:50:d7:ee:a6:6f:31:
         9b:41:a0:8c:10:d0:8e:06:98:d9:a2:e9:1d:d1:e4:60:9f:13:
         76:17:31:f9:2a:c6:fc:dd:0e:84:51:3b:22:bf:be:a3:f9:5b:
         54:f0:55:15:92:9c:00:11:d5:0c:ce:5a:53:fe:a0:4f:02:bb:
         5c:39:83:48:f1:fd:1d:3f:77:09:93:0a:bc:67:3f:4a:ae:52:
         9f:f0:5e:ce:10:8d:3e:77:b5:88:f1:ab:0a:b0:f4:77:c1:d4:
         eb:46:99:94:60:a7:ac:a3:e9:9b:58:1b:fa:a5:2c:13:76:24:
         27:db:0f:09:0e:d4:a8:6b:97:ec:91:91:f8:a7:65:89:64:17:
         cd:ce:c4:5f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTR9+1ogZacohZqnHfmZ9sC0O4VwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAxMjQ1WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Njk4ZTAwODhmMzUwNzg2Yzg5ZjM1ODU2ZTRlMTlmM2I1
M2Y3YTdkYmZkYTY0ZWRkZDExNDczNDdkY2M4NmU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe1dlrUM8PVx0+BQ4rbyK8PZ6luxM0DhKoNs+YxtNkV2VW
BLNI0CYeRrDaD+9OX8V3SvlXn7Vag/8cjtKJ3Sy95FEyH6HMwJvJCiWh6TbY4OPi
DIb0N6mZXUGAvmtYquLqNSXzDRhv2xJLk5PUxkpMb4szXJmXKTYD1MnKgUFLik4B
mcm+OKsUmGe7vN/toz5AO0ChW78MPJSNdkeoxub/n6gYzcr1fPqIhQug0zatHbK9
FBzD5hwADolqLU4KtbJ2sA0UMu7l1cqqQBjvufBN+KaX8sacMW60wjoE4Nz8A2My
H4G/UDL1/eU0cX0wuHMJQMOtku91I+iDQPGd1A+zAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU2u9zzB25XmAH6bG5clWBA4ZOzNgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2ZWRkN2ZmLTk2YzAtNGRjYi1hNzJlLTJkZDQ4OWQ2OTVlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/xpDANBgkqhkiG9w0BAQsFAAOCAQEAJGwZUcjqy4OnIbn8WAL7PIOb
Wh/BflSA6Y4pDbt+NgAPR9UDZxLjbGO1YlhBXBLd/Wkse54SpC/hxcJrnOIJhzbi
gpPNsloKcBsz8KQZMVKrVO1aL2qNdtQ+E46KUovMxSe6nrcFkAZi4XtBn/c98/EB
84exbEK3UNfupm8xm0GgjBDQjgaY2aLpHdHkYJ8Tdhcx+SrG/N0OhFE7Ir++o/lb
VPBVFZKcABHVDM5aU/6gTwK7XDmDSPH9HT93CZMKvGc/Sq5Sn/BezhCNPne1iPGr
CrD0d8HU60aZlGCnrKPpm1gb+qUsE3YkJ9sPCQ7UqGuX7JGR+KdliWQXzc7EXw==
-----END CERTIFICATE-----