Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/535ea099-1417-4f80-aa37-e10c92ee2b94.roa
File:                     535ea099-1417-4f80-aa37-e10c92ee2b94.roa (raw, json)
Hash identifier:          HlN/riWk5M3KyVTq8j2ud4mOffKXYlCT4z9gTHbJaKU=
Subject key identifier:   2D:2B:A8:39:48:39:E1:74:FA:F4:71:67:EB:B1:4A:57:9C:79:3B:1C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1DE60CDA1F805B2C009CDD69F0AB6B771D8AC493
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/535ea099-1417-4f80-aa37-e10c92ee2b94.roa
Signing time:             Sat 18 Oct 2025 01:31:13 +0000
ROA not before:           Sat 18 Oct 2025 01:31:13 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f25:4000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:e6:0c:da:1f:80:5b:2c:00:9c:dd:69:f0:ab:6b:77:1d:8a:c4:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:31:13 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=4082b38896aa93ec6625eff79c9e22bb2d91b22607852ddfd2e62cf2ec9b5f27, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:30:b4:5d:d1:38:6d:7a:d8:72:67:57:e0:33:
                    24:bb:60:eb:83:18:d7:38:e9:8e:80:c8:9f:7b:74:
                    26:c1:17:5a:b6:e2:55:cd:15:cd:75:e2:a7:25:be:
                    e7:7e:11:49:1a:dd:c9:8f:a0:79:42:4f:92:df:07:
                    94:ec:88:f8:58:50:09:a0:ee:18:83:6b:4e:1a:e1:
                    cf:fb:c3:df:c0:1e:41:f2:29:99:a1:b5:7f:fb:d6:
                    58:ef:23:e5:82:86:c4:b3:3f:19:ce:92:21:99:e1:
                    b2:e4:43:0e:ed:64:45:fc:8b:73:bc:d5:1d:96:17:
                    32:92:38:7e:7e:e0:87:29:f2:06:56:bd:0e:6a:b2:
                    85:c9:27:77:f5:a3:69:c8:7c:0d:6f:f0:05:ef:b4:
                    2f:7b:23:8c:71:4c:7c:d2:b0:4f:61:23:4e:0b:02:
                    c8:e5:b4:a7:d3:97:6c:41:8e:b0:3f:c9:fc:03:86:
                    78:38:6d:fd:0c:30:d4:4d:5c:09:a4:f8:e5:75:b1:
                    be:8d:ed:b7:f6:12:ff:52:14:04:5d:73:b6:d9:9e:
                    6c:29:4c:1e:1b:83:2e:0e:7e:03:71:49:b5:3c:34:
                    bd:b5:d3:a1:48:9a:58:90:6f:77:bb:31:b2:71:03:
                    87:57:dc:de:0d:a2:88:66:56:1c:74:d3:49:12:02:
                    c0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:2B:A8:39:48:39:E1:74:FA:F4:71:67:EB:B1:4A:57:9C:79:3B:1C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/535ea099-1417-4f80-aa37-e10c92ee2b94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f25:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a0:46:d1:c9:4d:6e:06:13:7a:56:57:c0:c0:2b:26:ba:f9:6e:
         06:fd:96:b3:28:6c:00:ea:5f:9c:b1:33:6b:c2:dc:47:99:2c:
         3e:ba:75:e3:fd:93:67:5f:14:16:c5:69:90:08:a1:71:54:08:
         4e:eb:ff:ed:76:1a:b7:df:33:a3:56:76:71:d9:00:de:01:c0:
         83:87:c5:d4:62:56:e4:c6:1a:85:3a:44:72:5c:d4:21:ed:ab:
         2b:ba:cf:cd:42:26:4a:18:27:c4:1b:33:02:f2:e8:6d:b0:56:
         44:e1:9b:5d:e2:9b:e1:a0:27:70:d1:99:79:f8:2f:d2:42:1a:
         8b:f4:c4:ab:41:7c:73:f8:90:fe:89:c6:33:c3:e1:64:8e:17:
         6a:2d:32:53:76:f0:da:1f:28:bf:90:a5:06:aa:4d:77:f9:89:
         38:c4:18:81:a2:a4:d2:c1:97:ca:be:a5:83:03:ee:6e:29:a3:
         86:bc:23:a0:ad:d2:08:0a:de:ed:5b:5c:e4:4d:87:7d:7b:6d:
         4d:49:0f:2b:99:72:90:69:ab:3a:b9:54:86:48:d1:b7:fe:c9:
         f5:e8:c4:5b:47:a2:70:36:8b:cc:a1:ca:2e:12:bd:9f:fa:aa:
         45:d4:28:cb:ea:f6:ce:a4:72:3a:e3:65:c0:10:c7:86:fb:46:
         1b:78:4e:94
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUHeYM2h+AWywAnN1p8Ktrdx2KxJMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDEzMTEzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDgyYjM4ODk2YWE5M2VjNjYyNWVmZjc5YzllMjJiYjJk
OTFiMjI2MDc4NTJkZGZkMmU2MmNmMmVjOWI1ZjI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9MLRd0ThtethyZ1fgMyS7YOuDGNc46Y6AyJ97dCbBF1q2
4lXNFc114qclvud+EUka3cmPoHlCT5LfB5TsiPhYUAmg7hiDa04a4c/7w9/AHkHy
KZmhtX/71ljvI+WChsSzPxnOkiGZ4bLkQw7tZEX8i3O81R2WFzKSOH5+4Icp8gZW
vQ5qsoXJJ3f1o2nIfA1v8AXvtC97I4xxTHzSsE9hI04LAsjltKfTl2xBjrA/yfwD
hng4bf0MMNRNXAmk+OV1sb6N7bf2Ev9SFARdc7bZnmwpTB4bgy4OfgNxSbU8NL21
06FImliQb3e7MbJxA4dX3N4NoohmVhx000kSAsAdAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQULSuoOUg54XT69HFn67FKV5x5OxwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzNWVhMDk5LTE0MTctNGY4MC1hYTM3LWUxMGM5MmVlMmI5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8lQDANBgkqhkiG9w0BAQsFAAOCAQEAoEbRyU1uBhN6VlfAwCsmuvlu
Bv2WsyhsAOpfnLEza8LcR5ksPrp14/2TZ18UFsVpkAihcVQITuv/7XYat98zo1Z2
cdkA3gHAg4fF1GJW5MYahTpEclzUIe2rK7rPzUImShgnxBszAvLobbBWROGbXeKb
4aAncNGZefgv0kIai/TEq0F8c/iQ/onGM8PhZI4Xai0yU3bw2h8ov5ClBqpNd/mJ
OMQYgaKk0sGXyr6lgwPubimjhrwjoK3SCAre7Vtc5E2HfXttTUkPK5lykGmrOrlU
hkjRt/7J9ejEW0eicDaLzKHKLhK9n/qqRdQoy+r2zqRyOuNlwBDHhvtGG3hOlA==
-----END CERTIFICATE-----