Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4967c52f-4fce-4524-95f6-4f8414082188.roa
File:                     4967c52f-4fce-4524-95f6-4f8414082188.roa (raw, json)
Hash identifier:          GRBUhUNHTWoxDckb/nSZQD9q6iic7z8xBy0R41Q063k=
Subject key identifier:   3E:46:64:F9:24:E4:A1:13:60:23:C8:7D:F8:CA:DB:D3:29:B5:62:D6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E3E3BA75B1944137E2B91C2C76A4D21D1248F0F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4967c52f-4fce-4524-95f6-4f8414082188.roa
Signing time:             Fri 17 Oct 2025 20:11:18 +0000
ROA not before:           Fri 17 Oct 2025 20:11:18 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:4040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:3e:3b:a7:5b:19:44:13:7e:2b:91:c2:c7:6a:4d:21:d1:24:8f:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 20:11:18 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=8e109ddddc18661ef88748d68c40014aac980ccc8d234da369b757840f8c584f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d6:eb:4b:a1:50:ce:98:86:fe:88:63:95:93:
                    ba:82:b5:01:81:a2:a5:63:9c:8e:7d:a5:22:22:99:
                    ef:45:a2:7f:bb:d0:7f:6e:94:92:77:a9:23:e6:8c:
                    9e:1f:4a:f6:ee:22:3d:5a:fb:6b:bf:a1:33:c6:c7:
                    72:95:e1:fe:7f:e2:c1:a6:20:4a:ac:15:da:1d:a7:
                    11:e0:78:21:05:46:89:c0:c5:6f:72:fb:82:9e:1e:
                    05:7e:e7:ed:e6:3b:3f:10:88:ee:25:3a:df:09:7c:
                    e9:52:e4:73:e0:87:89:f3:d0:09:c1:73:25:b4:2e:
                    30:8e:70:99:5e:c3:c4:44:ef:12:e8:b0:4b:c2:2f:
                    8e:d6:84:de:bb:25:1a:e7:45:57:ce:71:20:bf:d3:
                    31:a0:51:06:c0:c8:83:29:fd:ef:a8:f3:1a:ed:c1:
                    25:d5:9f:09:81:3a:50:00:8e:89:86:5e:34:5f:b2:
                    f2:49:b4:21:98:ce:7f:fc:91:f4:49:70:ff:a6:8f:
                    82:a6:fa:1e:54:96:f5:94:98:5d:bd:78:16:1e:45:
                    1a:8a:02:51:e1:da:25:f2:ce:71:a9:55:d6:48:9d:
                    77:8c:03:62:be:25:79:34:08:3c:f3:99:26:47:bc:
                    5b:26:53:ce:a9:4f:60:43:1f:84:25:7b:54:b0:42:
                    ba:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:46:64:F9:24:E4:A1:13:60:23:C8:7D:F8:CA:DB:D3:29:B5:62:D6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4967c52f-4fce-4524-95f6-4f8414082188.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:4040::/48

    Signature Algorithm: sha256WithRSAEncryption
         d7:03:f4:e0:0f:b6:0f:e3:65:8d:28:1a:10:b8:18:95:56:73:
         06:4f:97:eb:55:d9:02:03:10:c3:4d:de:83:80:3c:95:6a:e1:
         41:d0:09:ef:2e:c2:13:03:30:68:04:90:f7:03:c7:c2:65:3d:
         16:ff:81:9a:4d:a8:99:0e:2b:18:2f:ae:7f:6b:45:c4:8d:b1:
         87:63:01:e9:94:5a:ff:8e:a3:7e:61:a2:d5:6a:df:c8:03:91:
         1c:b6:7c:fc:74:ce:9d:87:92:ab:e0:ae:dd:06:b3:63:ec:24:
         f0:e0:48:e1:bf:c9:c3:11:51:c0:d8:2e:24:1f:59:71:a0:71:
         96:84:ed:72:ae:21:b8:55:aa:3a:92:0b:aa:98:e0:43:8e:4d:
         ef:53:f8:4d:f5:77:10:ae:f0:60:23:4c:15:e4:11:4d:78:e1:
         65:20:c0:a1:79:e8:bd:cf:0f:61:90:81:68:33:8f:e3:c9:ae:
         8b:82:e8:36:7b:49:d5:aa:f9:70:19:6e:90:3e:36:d9:3f:dd:
         d3:05:c9:d3:7a:a7:59:6a:a6:7d:11:c5:d1:aa:58:89:85:c7:
         d5:55:2a:25:c9:0b:5a:52:a2:65:1f:19:2e:31:9c:b3:ff:3d:
         2f:7c:f1:e2:16:f1:31:95:01:94:18:a6:33:3b:a5:64:6d:72:
         ad:7d:fe:92
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUPj47p1sZRBN+K5HCx2pNIdEkjw8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjAxMTE4WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTEwOWRkZGRjMTg2NjFlZjg4NzQ4ZDY4YzQwMDE0YWFj
OTgwY2NjOGQyMzRkYTM2OWI3NTc4NDBmOGM1ODRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC41utLoVDOmIb+iGOVk7qCtQGBoqVjnI59pSIime9Fon+7
0H9ulJJ3qSPmjJ4fSvbuIj1a+2u/oTPGx3KV4f5/4sGmIEqsFdodpxHgeCEFRonA
xW9y+4KeHgV+5+3mOz8QiO4lOt8JfOlS5HPgh4nz0AnBcyW0LjCOcJlew8RE7xLo
sEvCL47WhN67JRrnRVfOcSC/0zGgUQbAyIMp/e+o8xrtwSXVnwmBOlAAjomGXjRf
svJJtCGYzn/8kfRJcP+mj4Km+h5UlvWUmF29eBYeRRqKAlHh2iXyznGpVdZInXeM
A2K+JXk0CDzzmSZHvFsmU86pT2BDH4Qle1SwQroZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUPkZk+STkoRNgI8h9+Mrb0ym1YtYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5NjdjNTJmLTRmY2UtNDUyNC05NWY2LTRmODQxNDA4MjE4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//QEAwDQYJKoZIhvcNAQELBQADggEBANcD9OAPtg/jZY0oGhC4GJVW
cwZPl+tV2QIDEMNN3oOAPJVq4UHQCe8uwhMDMGgEkPcDx8JlPRb/gZpNqJkOKxgv
rn9rRcSNsYdjAemUWv+Oo35hotVq38gDkRy2fPx0zp2Hkqvgrt0Gs2PsJPDgSOG/
ycMRUcDYLiQfWXGgcZaE7XKuIbhVqjqSC6qY4EOOTe9T+E31dxCu8GAjTBXkEU14
4WUgwKF56L3PD2GQgWgzj+PJrouC6DZ7SdWq+XAZbpA+Ntk/3dMFydN6p1lqpn0R
xdGqWImFx9VVKiXJC1pSomUfGS4xnLP/PS988eIW8TGVAZQYpjM7pWRtcq19/pI=
-----END CERTIFICATE-----