Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d439b2b-8291-4d7c-8bc8-81770a6741a8.roa
File:                     4d439b2b-8291-4d7c-8bc8-81770a6741a8.roa (raw, json)
Hash identifier:          CvRlLe8IHr+0reWvFaMsia1pt6ES7DJEjGn+PHa1gMk=
Subject key identifier:   76:D0:EA:D5:B8:9D:26:20:26:5D:CA:E9:6E:42:A3:2A:3F:55:1B:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1F48E51E328367C949E07EA7BE75E17A4C8EAB99
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d439b2b-8291-4d7c-8bc8-81770a6741a8.roa
Signing time:             Mon 06 Oct 2025 16:12:56 +0000
ROA not before:           Mon 06 Oct 2025 16:12:56 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f22:c000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:48:e5:1e:32:83:67:c9:49:e0:7e:a7:be:75:e1:7a:4c:8e:ab:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:12:56 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=4d28a3c6092913996175798c2e5b5be2e9ad371fef07a44a352b5920c7edac21, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:22:54:ca:0e:43:57:7e:89:5e:00:a3:73:7c:
                    4e:67:5f:00:ff:d9:c9:fb:4f:21:82:8f:a5:6b:58:
                    47:5d:3e:74:b9:84:6e:d3:0e:eb:8d:b5:a7:2e:9f:
                    7f:9b:47:dd:a9:7c:b5:c0:bc:b1:39:63:45:cc:72:
                    8c:cb:1d:09:27:14:80:7b:5f:d4:3f:62:6b:39:0a:
                    0b:d0:d4:d0:17:36:1a:4b:1a:7b:a4:a5:f2:9a:5d:
                    46:34:60:c8:9e:e8:7c:1c:cc:f1:e2:68:4c:73:c7:
                    82:67:be:ce:44:19:f4:97:52:15:42:83:0c:a3:49:
                    c1:46:32:c6:98:0a:89:56:d3:7d:35:b7:9e:d9:70:
                    87:75:7d:14:44:94:bf:80:a0:3f:67:6d:e5:2d:cd:
                    4b:c3:fa:c2:d2:d2:86:88:d3:47:b0:7d:38:aa:7f:
                    28:47:fa:f4:28:86:f5:f3:88:ee:56:e9:44:35:0f:
                    f5:ba:bf:b8:3e:12:3b:6c:7d:12:d1:b2:e2:81:df:
                    a7:7b:f1:cc:4d:ba:35:a0:c8:6b:0e:d7:09:b1:76:
                    a6:db:e7:e2:f1:8b:91:51:fc:a2:36:a1:bf:25:d4:
                    34:93:38:43:d3:93:99:d6:21:6c:2d:73:a8:bc:54:
                    ae:e4:25:d2:81:fb:c1:ab:74:41:fc:ee:56:35:d1:
                    6c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D0:EA:D5:B8:9D:26:20:26:5D:CA:E9:6E:42:A3:2A:3F:55:1B:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d439b2b-8291-4d7c-8bc8-81770a6741a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f22:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7b:69:e7:dc:fe:3a:88:1f:1f:dc:61:ee:d4:bb:41:dd:f1:9b:
         57:1c:07:ae:4f:09:41:9f:7b:ad:a7:21:b5:f1:9c:d3:a1:88:
         23:1b:39:98:83:86:b6:6d:b1:fb:c4:d7:bf:6e:13:1d:df:10:
         0d:c4:8b:68:88:d8:69:23:df:d6:0c:a7:dc:ef:83:2e:44:4d:
         12:3d:aa:4f:aa:30:a3:25:35:06:87:bb:86:aa:f6:23:22:f2:
         92:d8:cd:1c:c0:58:53:b9:df:ca:e9:12:36:7e:c9:52:1f:fb:
         93:0a:5c:0e:ca:11:91:d7:29:a7:6b:f9:63:4e:b7:28:37:71:
         df:99:a9:31:99:44:a3:38:39:1a:df:e8:00:e4:57:1b:90:76:
         fb:a8:fc:8d:e8:6d:91:48:f8:09:75:70:a7:91:36:58:e9:9c:
         e0:86:4f:88:78:da:b1:f5:bc:f7:fb:6a:96:19:2f:e8:47:21:
         49:90:8e:05:13:f9:d6:43:ba:04:e3:ee:0b:93:08:e9:f7:48:
         c1:00:8c:3d:b6:a5:3d:ae:a4:48:6a:a9:51:21:6e:50:01:fb:
         00:b9:33:74:1b:18:33:d0:fd:79:5c:66:c1:43:bc:31:16:a4:
         91:6d:26:e1:6b:3b:ec:1a:7c:59:23:88:26:a4:f7:18:85:50:
         95:a2:29:d3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUH0jlHjKDZ8lJ4H6nvnXhekyOq5kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYxMjU2WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZDI4YTNjNjA5MjkxMzk5NjE3NTc5OGMyZTViNWJlMmU5
YWQzNzFmZWYwN2E0NGEzNTJiNTkyMGM3ZWRhYzIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2IlTKDkNXfoleAKNzfE5nXwD/2cn7TyGCj6VrWEddPnS5
hG7TDuuNtacun3+bR92pfLXAvLE5Y0XMcozLHQknFIB7X9Q/Yms5CgvQ1NAXNhpL
GnukpfKaXUY0YMie6HwczPHiaExzx4Jnvs5EGfSXUhVCgwyjScFGMsaYColW0301
t57ZcId1fRRElL+AoD9nbeUtzUvD+sLS0oaI00ewfTiqfyhH+vQohvXziO5W6UQ1
D/W6v7g+EjtsfRLRsuKB36d78cxNujWgyGsO1wmxdqbb5+Lxi5FR/KI2ob8l1DST
OEPTk5nWIWwtc6i8VK7kJdKB+8GrdEH87lY10WwVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUdtDq1bidJiAmXcrpbkKjKj9VG9kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRkNDM5YjJiLTgyOTEtNGQ3Yy04YmM4LTgxNzcwYTY3NDFhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8iwDANBgkqhkiG9w0BAQsFAAOCAQEAe2nn3P46iB8f3GHu1LtB3fGb
VxwHrk8JQZ97rachtfGc06GIIxs5mIOGtm2x+8TXv24THd8QDcSLaIjYaSPf1gyn
3O+DLkRNEj2qT6owoyU1Boe7hqr2IyLyktjNHMBYU7nfyukSNn7JUh/7kwpcDsoR
kdcpp2v5Y063KDdx35mpMZlEozg5Gt/oAORXG5B2+6j8jehtkUj4CXVwp5E2WOmc
4IZPiHjasfW89/tqlhkv6EchSZCOBRP51kO6BOPuC5MI6fdIwQCMPbalPa6kSGqp
USFuUAH7ALkzdBsYM9D9eVxmwUO8MRakkW0m4Ws77Bp8WSOIJqT3GIVQlaIp0w==
-----END CERTIFICATE-----