Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/561dfaff-0d62-4d0f-8223-365a2175ed6b.roa
File:                     561dfaff-0d62-4d0f-8223-365a2175ed6b.roa (raw, json)
Hash identifier:          +5ZHg3Aai3q+4rkHsvHe1CFm4NXp48LVNZp5vt1KGyY=
Subject key identifier:   28:8C:C3:85:65:4E:1D:E5:0A:98:AE:31:A3:0B:C4:9C:09:DE:7E:F5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54412E6E0C25A3A7D6A5D4EF4DE5BEDC7115EFE4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/561dfaff-0d62-4d0f-8223-365a2175ed6b.roa
Signing time:             Fri 17 Oct 2025 20:51:27 +0000
ROA not before:           Fri 17 Oct 2025 20:51:27 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:4080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:41:2e:6e:0c:25:a3:a7:d6:a5:d4:ef:4d:e5:be:dc:71:15:ef:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 20:51:27 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=55ed9675202bb972a77219448b92f60623076fed2fc86f7da325575e19b2627d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a3:d5:98:ad:05:b7:0f:5c:6d:0a:4d:b2:6f:
                    77:08:e1:dc:41:bb:16:1e:c4:bd:ba:f8:14:09:79:
                    70:0f:91:30:c5:7c:fd:44:a1:75:77:34:09:6f:f5:
                    22:f5:61:b8:74:c9:e5:c9:c1:6f:93:61:05:0a:49:
                    52:72:da:0f:c1:2d:5e:d5:94:11:c4:03:e8:e2:d9:
                    f3:f7:f0:7b:46:df:3f:8c:1a:5e:ed:30:fd:62:56:
                    79:17:07:5b:43:0d:04:62:1d:3c:cd:d1:74:af:da:
                    9c:aa:ef:aa:20:c1:b8:51:de:bf:3e:d9:3f:71:d7:
                    46:a0:4a:dd:1a:8d:0b:c4:e2:8a:75:63:3e:59:d7:
                    4f:db:70:5c:67:9b:b9:af:a4:27:20:5e:52:11:4e:
                    fa:17:c1:48:bb:6e:78:11:97:57:0b:4e:2c:f0:6c:
                    90:d1:9b:21:c5:d6:3e:3f:b6:84:ec:9b:ce:20:12:
                    f1:d3:23:9d:8b:14:e5:a5:63:89:6b:77:b4:ad:8e:
                    7b:e4:2c:06:51:49:78:5d:32:44:49:bb:61:6a:6b:
                    8f:ed:74:cb:9f:de:f1:b7:db:60:de:b2:fe:22:eb:
                    75:5e:3f:ec:df:54:e5:79:ab:fe:33:9d:4b:aa:a6:
                    9e:82:03:f2:31:85:d2:ea:91:48:e6:c9:19:cd:23:
                    5f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:8C:C3:85:65:4E:1D:E5:0A:98:AE:31:A3:0B:C4:9C:09:DE:7E:F5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/561dfaff-0d62-4d0f-8223-365a2175ed6b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:4080::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:48:f7:e0:73:42:f8:3b:5b:b6:ec:fa:1c:fe:f8:7b:85:26:
         5a:1d:2d:e6:ef:4b:36:3c:16:d2:38:a9:c1:8c:fc:54:e0:32:
         35:02:bb:39:f3:a0:9b:14:d6:13:55:17:c0:14:13:f1:cb:09:
         e5:c3:31:2e:0e:72:97:c5:35:70:81:78:79:52:99:97:9c:5a:
         ef:5d:17:1e:50:6e:4a:a7:34:65:bd:9b:3f:54:c4:1d:36:68:
         3e:42:2e:ff:66:33:c5:cd:88:4e:3a:b3:e3:b3:83:77:6e:b2:
         22:cf:9f:75:7c:1e:49:e3:58:05:30:3c:cc:73:ff:1b:f0:d1:
         7c:cd:ad:b0:13:36:38:22:9d:9a:85:e2:5b:f7:e5:a6:ad:2f:
         00:d0:68:00:b1:a2:7f:01:67:d5:27:7f:d8:32:d7:d5:88:8b:
         b4:de:8f:7b:62:10:6e:88:cf:5c:37:0a:0c:22:cc:d5:f7:0f:
         1e:0a:43:a9:71:af:5b:6f:f7:60:5f:f5:d9:93:c6:67:56:a5:
         59:41:da:03:a5:86:a3:56:bf:41:f9:8d:0f:30:c5:6f:70:27:
         3a:d8:92:c9:44:52:ff:8e:b4:fd:ab:48:8e:70:13:c6:c4:43:
         80:12:00:ab:83:83:69:aa:0c:2d:ed:42:cf:17:ec:d6:a1:ee:
         cb:bd:16:cb
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUVEEubgwlo6fWpdTvTeW+3HEV7+QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjA1MTI3WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NWVkOTY3NTIwMmJiOTcyYTc3MjE5NDQ4YjkyZjYwNjIz
MDc2ZmVkMmZjODZmN2RhMzI1NTc1ZTE5YjI2MjdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVo9WYrQW3D1xtCk2yb3cI4dxBuxYexL26+BQJeXAPkTDF
fP1EoXV3NAlv9SL1Ybh0yeXJwW+TYQUKSVJy2g/BLV7VlBHEA+ji2fP38HtG3z+M
Gl7tMP1iVnkXB1tDDQRiHTzN0XSv2pyq76ogwbhR3r8+2T9x10agSt0ajQvE4op1
Yz5Z10/bcFxnm7mvpCcgXlIRTvoXwUi7bngRl1cLTizwbJDRmyHF1j4/toTsm84g
EvHTI52LFOWlY4lrd7StjnvkLAZRSXhdMkRJu2Fqa4/tdMuf3vG322Desv4i63Ve
P+zfVOV5q/4znUuqpp6CA/IxhdLqkUjmyRnNI1+JAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUKIzDhWVOHeUKmK4xowvEnAnefvUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU2MWRmYWZmLTBkNjItNGQwZi04MjIzLTM2NWEyMTc1ZWQ2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84QIAwDQYJKoZIhvcNAQELBQADggEBAHxI9+BzQvg7W7bs+hz++HuF
JlodLebvSzY8FtI4qcGM/FTgMjUCuznzoJsU1hNVF8AUE/HLCeXDMS4OcpfFNXCB
eHlSmZecWu9dFx5QbkqnNGW9mz9UxB02aD5CLv9mM8XNiE46s+Ozg3dusiLPn3V8
HknjWAUwPMxz/xvw0XzNrbATNjginZqF4lv35aatLwDQaACxon8BZ9Unf9gy19WI
i7Tej3tiEG6Iz1w3CgwizNX3Dx4KQ6lxr1tv92Bf9dmTxmdWpVlB2gOlhqNWv0H5
jQ8wxW9wJzrYkslEUv+OtP2rSI5wE8bEQ4ASAKuDg2mqDC3tQs8X7Nah7su9Fss=
-----END CERTIFICATE-----