Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62f09371-735d-42fb-9b57-288b7c3a6758.roa
File:                     62f09371-735d-42fb-9b57-288b7c3a6758.roa (raw, json)
Hash identifier:          YEX56aHuhB9OmdBidk4s73esCZm99z7+o1GcYy8EMjY=
Subject key identifier:   7E:2E:7B:A9:31:A2:49:0E:B4:71:E5:B2:8A:A4:ED:D7:2B:12:F6:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       251810B5DF9F305967A749946204D07970147F9B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62f09371-735d-42fb-9b57-288b7c3a6758.roa
Signing time:             Wed 08 Oct 2025 00:11:58 +0000
ROA not before:           Wed 08 Oct 2025 00:11:58 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:3400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:18:10:b5:df:9f:30:59:67:a7:49:94:62:04:d0:79:70:14:7f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:11:58 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=71e8665bf9fd66dc6b3ed0b6b21d6c5ae311337f3cc6a43575f787fc1985c6b9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:23:49:0e:e9:96:4f:43:e5:de:42:cd:0d:a5:
                    69:5a:83:c7:33:1b:74:3b:4b:45:34:5e:38:36:2b:
                    a5:b7:fc:78:3f:e4:df:a6:13:55:8c:fa:7c:cf:28:
                    0a:47:60:c2:34:60:21:ac:d0:70:eb:3d:b6:dd:f9:
                    e3:ec:a4:f0:cc:83:67:56:d4:3c:a0:eb:56:60:11:
                    5d:75:ef:c4:b8:c5:a3:a9:c4:a6:4f:d9:ae:8d:c8:
                    32:ac:be:e8:f0:19:f5:10:df:bc:3b:f7:86:f4:5a:
                    81:58:24:84:8f:70:58:51:01:c5:e5:8c:cb:0c:e3:
                    b7:e1:87:b9:7d:e4:83:98:9f:5e:64:60:ff:84:cd:
                    6b:ce:78:fe:54:6b:c2:7d:2a:2d:69:42:56:36:ae:
                    f7:85:b1:3a:f6:4c:ee:7a:65:30:5c:1e:d2:2d:67:
                    b1:b5:d9:68:48:b6:d1:8b:42:47:dd:4d:e0:85:77:
                    a0:39:0d:35:3e:52:c9:9a:a1:8e:31:15:01:07:31:
                    fc:3c:ee:85:a6:89:aa:80:08:ba:c0:fb:cb:90:16:
                    80:27:2d:3e:22:b6:29:05:33:58:ad:f9:31:24:91:
                    ec:63:5f:42:d8:27:64:5d:0b:b6:70:28:e6:20:dd:
                    68:fd:a0:30:1d:58:da:bd:7c:12:bb:5b:b6:e4:55:
                    fe:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:2E:7B:A9:31:A2:49:0E:B4:71:E5:B2:8A:A4:ED:D7:2B:12:F6:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62f09371-735d-42fb-9b57-288b7c3a6758.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         1f:22:e5:e9:dc:28:6d:7e:a0:33:22:65:6f:01:9c:e7:93:57:
         22:37:0e:57:3a:5f:d7:e4:0d:3e:1e:13:2a:4b:f1:30:77:f6:
         26:34:41:47:ee:ad:c3:a2:43:48:37:cf:28:a3:c2:2a:94:6c:
         fe:91:e0:df:ad:fb:8b:bc:c0:3b:b7:86:56:15:22:d3:0f:f0:
         02:9a:f3:76:06:09:b5:80:4c:da:f6:cd:72:ab:f9:c9:20:50:
         d0:fc:4e:3e:a6:2d:a9:5e:2e:eb:d0:46:b6:de:6f:b3:62:28:
         09:6f:1c:62:75:8f:3b:cd:0a:88:9b:0f:57:cc:42:98:aa:36:
         b5:27:7b:c0:58:1e:cd:a6:d1:9b:fd:32:c5:93:6f:b2:f8:1c:
         f5:4a:a4:bc:11:80:10:13:01:40:e9:0d:6c:92:23:0c:7e:b2:
         cc:ef:ce:f5:48:04:de:44:cf:51:ce:42:c4:08:7f:80:38:cf:
         25:a0:12:8b:0e:1d:30:43:14:37:da:f4:eb:b8:2d:62:56:6d:
         6c:7f:b0:6a:48:7e:a5:4d:a2:3b:c2:20:f6:3a:f4:f4:c9:57:
         13:b5:83:5c:66:09:ec:5c:26:ef:c2:62:55:cf:33:9a:0a:69:
         f7:4b:ef:99:eb:f6:6a:47:26:83:50:c8:4e:06:bf:9e:bc:43:
         00:d3:ef:e4
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJRgQtd+fMFlnp0mUYgTQeXAUf5swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAxMTU4WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWU4NjY1YmY5ZmQ2NmRjNmIzZWQwYjZiMjFkNmM1YWUz
MTEzMzdmM2NjNmE0MzU3NWY3ODdmYzE5ODVjNmI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQI0kO6ZZPQ+XeQs0NpWlag8czG3Q7S0U0Xjg2K6W3/Hg/
5N+mE1WM+nzPKApHYMI0YCGs0HDrPbbd+ePspPDMg2dW1Dyg61ZgEV1178S4xaOp
xKZP2a6NyDKsvujwGfUQ37w794b0WoFYJISPcFhRAcXljMsM47fhh7l95IOYn15k
YP+EzWvOeP5Ua8J9Ki1pQlY2rveFsTr2TO56ZTBcHtItZ7G12WhIttGLQkfdTeCF
d6A5DTU+UsmaoY4xFQEHMfw87oWmiaqACLrA+8uQFoAnLT4itikFM1it+TEkkexj
X0LYJ2RdC7ZwKOYg3Wj9oDAdWNq9fBK7W7bkVf67AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUfi57qTGiSQ60ceWyiqTt1ysS9nMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyZjA5MzcxLTczNWQtNDJmYi05YjU3LTI4OGI3YzNhNjc1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gNDANBgkqhkiG9w0BAQsFAAOCAQEAHyLl6dwobX6gMyJlbwGc55NX
IjcOVzpf1+QNPh4TKkvxMHf2JjRBR+6tw6JDSDfPKKPCKpRs/pHg3637i7zAO7eG
VhUi0w/wAprzdgYJtYBM2vbNcqv5ySBQ0PxOPqYtqV4u69BGtt5vs2IoCW8cYnWP
O80KiJsPV8xCmKo2tSd7wFgezabRm/0yxZNvsvgc9UqkvBGAEBMBQOkNbJIjDH6y
zO/O9UgE3kTPUc5CxAh/gDjPJaASiw4dMEMUN9r067gtYlZtbH+wakh+pU2iO8Ig
9jr09MlXE7WDXGYJ7Fwm78JiVc8zmgpp90vvmev2akcmg1DITga/nrxDANPv5A==
-----END CERTIFICATE-----