Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c834706-0f3d-4caf-b867-2068c0452b9d.roa
File:                     5c834706-0f3d-4caf-b867-2068c0452b9d.roa (raw, json)
Hash identifier:          HHH5w4mbmUTPN+rM1kp4Oij6RPja/BILrCYiKGPGSBQ=
Subject key identifier:   F2:3C:78:32:E3:74:CA:96:13:2D:85:A7:67:63:74:30:B9:E8:27:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63F83AC9F3FEE5F5620F5113CE9E1A28565467D1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c834706-0f3d-4caf-b867-2068c0452b9d.roa
Signing time:             Tue 07 Oct 2025 00:42:07 +0000
ROA not before:           Tue 07 Oct 2025 00:42:07 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fbb:5000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:f8:3a:c9:f3:fe:e5:f5:62:0f:51:13:ce:9e:1a:28:56:54:67:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:42:07 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=dc29552c3c22700cdd290eefb76c5942fc79736dd1964a9189116f008ff6aec7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:33:9d:a9:d0:95:1b:25:79:c6:9b:d5:0c:a4:
                    bc:f9:13:c3:38:69:a1:24:cf:16:24:70:4e:81:ec:
                    b8:c1:cf:29:f3:f9:79:2f:3e:ca:07:29:3d:aa:bc:
                    68:96:43:f4:ab:ec:a9:98:42:cf:32:7e:d8:bc:0c:
                    63:6a:28:b8:49:b9:eb:cf:ae:e3:ce:a4:0d:b8:1d:
                    fc:a2:4f:81:f6:af:d3:d0:41:d8:c7:9d:54:2b:1f:
                    b2:f9:16:da:9d:9b:9a:75:53:df:8c:98:06:ba:d4:
                    8f:6b:a7:33:43:2c:df:6d:c7:b2:00:33:55:3c:a5:
                    c9:37:a9:00:02:9e:aa:2d:6d:53:e5:8a:80:8f:a5:
                    0e:55:18:3f:4e:a2:d4:fc:c8:5f:7e:54:2e:a4:8a:
                    22:48:24:f4:c9:2e:0d:b2:a7:91:42:91:5e:1d:78:
                    00:53:59:3d:7d:25:c4:d4:94:6f:fb:f4:8e:74:d0:
                    ee:56:0d:ef:fa:58:b2:b0:22:16:0d:68:df:5e:14:
                    f7:aa:9d:f7:7d:81:c7:fa:c4:5c:2a:75:a3:91:0a:
                    90:03:17:92:95:9c:d3:0b:77:62:2a:82:0c:31:6e:
                    86:1e:3f:c1:b7:75:3d:a2:53:0d:01:36:1d:72:3c:
                    d6:24:2e:49:38:29:47:d7:2f:92:62:3b:22:9c:91:
                    cd:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:3C:78:32:E3:74:CA:96:13:2D:85:A7:67:63:74:30:B9:E8:27:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c834706-0f3d-4caf-b867-2068c0452b9d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fbb:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         74:62:89:f7:1e:3e:18:a5:29:14:f1:03:a0:ac:0e:81:2f:b7:
         e0:22:bb:a2:22:91:39:45:c4:ba:bd:0e:25:03:6d:e1:c2:c7:
         b0:49:f7:8f:dd:60:78:1f:98:46:9f:be:86:43:48:69:42:96:
         8f:ff:a4:27:02:17:2e:e9:9c:6d:b1:c2:46:dc:d9:35:15:8e:
         e8:d6:40:77:b8:45:ca:45:69:44:2a:61:49:84:b1:aa:0f:30:
         25:c5:64:72:51:06:e3:30:20:2f:75:60:12:d9:b0:6f:92:82:
         16:1e:7b:7e:8b:3d:4f:c6:2c:c4:8b:d0:b4:3b:c5:e9:5b:6f:
         aa:b3:f6:49:fb:e6:8c:fc:e1:a5:15:5c:fb:44:2b:c8:09:d8:
         87:91:89:bf:04:79:96:60:48:2b:27:ab:4e:47:97:17:79:7f:
         6a:88:e7:ea:32:1a:db:e2:b7:ce:8b:0a:13:62:83:8b:87:a8:
         70:94:46:5f:2a:c2:2f:9e:ed:08:24:74:e5:02:00:3e:89:6f:
         6b:bd:42:e6:2a:b0:e7:4c:bb:ef:dd:b9:e2:59:18:12:52:17:
         a9:a5:65:27:75:1f:52:db:34:66:f7:2b:b6:80:61:5b:cd:ca:
         b0:eb:9d:18:24:06:76:8b:b4:ae:9c:2a:52:f3:fc:45:4e:52:
         64:8f:5e:80
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUY/g6yfP+5fViD1ETzp4aKFZUZ9EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MjA3WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzI5NTUyYzNjMjI3MDBjZGQyOTBlZWZiNzZjNTk0MmZj
Nzk3MzZkZDE5NjRhOTE4OTExNmYwMDhmZjZhZWM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQM52p0JUbJXnGm9UMpLz5E8M4aaEkzxYkcE6B7LjBzynz
+XkvPsoHKT2qvGiWQ/Sr7KmYQs8yfti8DGNqKLhJuevPruPOpA24HfyiT4H2r9PQ
QdjHnVQrH7L5Ftqdm5p1U9+MmAa61I9rpzNDLN9tx7IAM1U8pck3qQACnqotbVPl
ioCPpQ5VGD9OotT8yF9+VC6kiiJIJPTJLg2yp5FCkV4deABTWT19JcTUlG/79I50
0O5WDe/6WLKwIhYNaN9eFPeqnfd9gcf6xFwqdaORCpADF5KVnNMLd2IqggwxboYe
P8G3dT2iUw0BNh1yPNYkLkk4KUfXL5JiOyKckc27AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU8jx4MuN0ypYTLYWnZ2N0MLnoJ88wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVjODM0NzA2LTBmM2QtNGNhZi1iODY3LTIwNjhjMDQ1MmI5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+7UDANBgkqhkiG9w0BAQsFAAOCAQEAdGKJ9x4+GKUpFPEDoKwOgS+3
4CK7oiKROUXEur0OJQNt4cLHsEn3j91geB+YRp++hkNIaUKWj/+kJwIXLumcbbHC
RtzZNRWO6NZAd7hFykVpRCphSYSxqg8wJcVkclEG4zAgL3VgEtmwb5KCFh57fos9
T8YsxIvQtDvF6VtvqrP2SfvmjPzhpRVc+0QryAnYh5GJvwR5lmBIKyerTkeXF3l/
aojn6jIa2+K3zosKE2KDi4eocJRGXyrCL57tCCR05QIAPolva71C5iqw50y77925
4lkYElIXqaVlJ3UfUts0ZvcrtoBhW83KsOudGCQGdou0rpwqUvP8RU5SZI9egA==
-----END CERTIFICATE-----