Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4ab60691-7879-446e-aa4e-a667e99c0727.roa
File:                     4ab60691-7879-446e-aa4e-a667e99c0727.roa (raw, json)
Hash identifier:          j08qRe/ubIs+K2+qosum5qxCyThYs5kJk001A/407Do=
Subject key identifier:   51:51:89:9F:03:CC:3F:54:26:81:8F:B1:0A:7E:2C:21:5E:3F:8F:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32A41A25DB9DB0B30301D4AA60F3FD4E4AA56735
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4ab60691-7879-446e-aa4e-a667e99c0727.roa
Signing time:             Tue 07 Oct 2025 00:42:03 +0000
ROA not before:           Tue 07 Oct 2025 00:42:03 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff4:a400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:a4:1a:25:db:9d:b0:b3:03:01:d4:aa:60:f3:fd:4e:4a:a5:67:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:42:03 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=ce05bb66bc5b6d84db209423f8c0e3e796abcc07dd875c1052225ccb271f3c34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:67:2e:4c:04:da:ee:9c:6c:f7:f5:44:a3:49:
                    07:4d:6a:43:df:0f:d5:02:ba:cc:63:35:9a:d9:3b:
                    9b:d8:d4:33:a9:1f:7d:5b:5d:18:92:f9:75:9b:ff:
                    7c:cc:e6:5c:c1:fa:9b:ea:ad:57:a1:61:28:8f:9b:
                    5a:4b:30:58:fb:a7:2b:bc:e3:65:d8:27:cf:e9:79:
                    31:7c:4d:86:55:56:d5:1b:02:51:5b:9c:b4:55:52:
                    d1:09:23:06:45:bf:7d:81:33:3a:9a:94:88:17:ca:
                    fd:48:06:56:6a:c4:b2:6d:63:74:28:a0:8b:ea:09:
                    a1:23:58:a2:18:b9:aa:41:3c:75:6a:82:0e:e2:83:
                    75:d2:38:e2:77:dc:26:c0:c8:9a:3e:44:fb:33:8e:
                    d8:34:d0:48:aa:93:27:31:4b:b5:7f:c3:bc:3b:29:
                    45:ef:0a:ac:e9:e2:d5:7d:b3:2d:25:b6:df:94:bb:
                    6f:7b:b9:c8:92:7b:87:e5:1e:57:10:fc:39:cc:39:
                    97:6a:12:8a:a6:df:cc:79:cf:95:b3:8e:e4:b8:3d:
                    3c:11:f2:97:94:09:b7:47:4c:18:da:38:49:7a:98:
                    5c:2d:7f:db:d5:89:f7:ff:0e:39:43:2b:f5:e6:90:
                    e0:9f:2a:1d:92:c2:5b:f5:00:02:be:59:f0:08:24:
                    59:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:51:89:9F:03:CC:3F:54:26:81:8F:B1:0A:7E:2C:21:5E:3F:8F:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4ab60691-7879-446e-aa4e-a667e99c0727.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:37:4d:3b:af:fc:41:74:ff:77:b5:5f:fe:17:ed:4c:be:85:
         20:2f:84:4c:05:7f:78:3e:f2:0c:b3:5a:71:68:44:b2:fb:80:
         99:17:4b:84:60:a0:db:88:78:f2:77:12:ab:25:59:6f:74:ed:
         3e:8f:83:ec:15:52:2e:9e:56:c0:40:45:07:7e:87:0b:72:44:
         85:1c:1f:df:46:78:e1:d2:6f:8d:e6:2b:66:9e:aa:68:03:1e:
         3f:db:9c:b9:64:bf:9a:a9:80:0f:c6:25:67:f3:b0:76:4b:92:
         96:54:8b:e9:82:2d:69:85:af:bf:ff:e4:89:2a:ca:bf:92:95:
         69:ef:7c:2e:c4:d9:da:cf:ae:34:b4:41:f5:fc:05:3c:53:6a:
         dc:ce:d4:a2:80:0d:2e:d5:94:b8:0f:b4:bb:a9:c1:8b:ef:46:
         c7:4e:d9:b2:be:34:21:8c:f8:7c:6d:49:e4:58:49:a8:7a:e5:
         50:0f:da:71:4a:89:f8:0c:50:a2:1a:cc:1c:47:60:24:1e:ce:
         47:8f:c8:74:1e:bc:25:d6:f9:cb:a0:d0:d9:94:99:32:b0:ba:
         41:08:28:b4:8b:81:e6:65:f0:4a:0c:0f:88:d6:a5:96:b6:9d:
         1e:31:7e:fa:1c:eb:46:1f:cb:f2:f8:83:3b:82:31:30:5a:8b:
         3f:24:f4:87
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMqQaJdudsLMDAdSqYPP9TkqlZzUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MjAzWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTA1YmI2NmJjNWI2ZDg0ZGIyMDk0MjNmOGMwZTNlNzk2
YWJjYzA3ZGQ4NzVjMTA1MjIyNWNjYjI3MWYzYzM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxZy5MBNrunGz39USjSQdNakPfD9UCusxjNZrZO5vY1DOp
H31bXRiS+XWb/3zM5lzB+pvqrVehYSiPm1pLMFj7pyu842XYJ8/peTF8TYZVVtUb
AlFbnLRVUtEJIwZFv32BMzqalIgXyv1IBlZqxLJtY3QooIvqCaEjWKIYuapBPHVq
gg7ig3XSOOJ33CbAyJo+RPszjtg00EiqkycxS7V/w7w7KUXvCqzp4tV9sy0ltt+U
u297uciSe4flHlcQ/DnMOZdqEoqm38x5z5WzjuS4PTwR8peUCbdHTBjaOEl6mFwt
f9vViff/DjlDK/XmkOCfKh2Swlv1AAK+WfAIJFnbAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUUVGJnwPMP1QmgY+xCn4sIV4/j4cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhYjYwNjkxLTc4NzktNDQ2ZS1hYTRlLWE2NjdlOTljMDcyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/0pDANBgkqhkiG9w0BAQsFAAOCAQEAQjdNO6/8QXT/d7Vf/hftTL6F
IC+ETAV/eD7yDLNacWhEsvuAmRdLhGCg24h48ncSqyVZb3TtPo+D7BVSLp5WwEBF
B36HC3JEhRwf30Z44dJvjeYrZp6qaAMeP9ucuWS/mqmAD8YlZ/OwdkuSllSL6YIt
aYWvv//kiSrKv5KVae98LsTZ2s+uNLRB9fwFPFNq3M7UooANLtWUuA+0u6nBi+9G
x07Zsr40IYz4fG1J5FhJqHrlUA/acUqJ+AxQohrMHEdgJB7OR4/IdB68Jdb5y6DQ
2ZSZMrC6QQgotIuB5mXwSgwPiNallradHjF++hzrRh/L8viDO4IxMFqLPyT0hw==
-----END CERTIFICATE-----