Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67f40a44-f534-4bd5-82d5-3d7ba1d41e1d.roa
File:                     67f40a44-f534-4bd5-82d5-3d7ba1d41e1d.roa (raw, json)
Hash identifier:          2055WLx/U9oHVHxM6xOB/fEsICbtbECVuQmO4FOxAVY=
Subject key identifier:   7E:E1:B0:BD:E2:77:85:12:51:C8:CD:6A:DD:DA:A2:C7:43:C3:19:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2866BE8378BDB89243E5AC70BA701BCB2869B97F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67f40a44-f534-4bd5-82d5-3d7ba1d41e1d.roa
Signing time:             Wed 01 Oct 2025 00:21:18 +0000
ROA not before:           Wed 01 Oct 2025 00:21:18 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f26:8000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:66:be:83:78:bd:b8:92:43:e5:ac:70:ba:70:1b:cb:28:69:b9:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:21:18 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=9d45fed63c059cc0f08bf5da6f6fae52e5cce34d3082e542de140b5547294e70, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:91:be:55:67:f7:b0:af:6c:a7:a7:f0:4d:cd:
                    d5:99:da:b3:06:cf:0c:7d:db:44:39:58:c4:90:a6:
                    5b:4a:80:ba:1d:c8:b9:bc:1e:f9:b1:92:71:97:d4:
                    de:44:70:cd:0b:a1:0f:29:e7:46:07:fb:0f:1d:44:
                    de:8d:3d:e4:e3:a6:ae:dc:7e:c1:6f:e1:e5:ec:5b:
                    d2:40:9b:ac:2b:02:93:91:c8:c5:56:72:5a:67:e1:
                    a1:44:c5:ba:7e:37:64:63:12:5c:b0:e8:82:75:56:
                    1d:9a:a3:2f:7f:3a:97:e9:25:b9:36:b7:c0:b3:35:
                    fa:40:43:67:7a:0c:d2:c4:a9:ab:a6:2c:de:76:08:
                    a1:eb:9e:74:12:2d:db:88:8c:c3:77:ff:1a:cd:0e:
                    b4:8f:82:41:02:c1:2e:62:a1:73:ae:9a:8e:af:fd:
                    3e:d0:2e:43:37:fb:65:7f:7d:64:ff:1c:6c:e7:58:
                    ae:6f:78:7a:45:ba:62:c5:2d:10:b5:7b:83:01:3b:
                    b0:0a:a6:8d:3c:e2:a3:0c:ac:1e:4d:50:31:df:18:
                    37:c2:37:12:a6:6b:a2:f4:53:6b:b2:8a:19:8a:a3:
                    95:58:b6:f2:8a:bd:c9:0a:86:5c:4a:aa:e0:db:0d:
                    34:51:35:01:bf:5d:fb:00:91:85:77:ee:39:69:af:
                    2f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E1:B0:BD:E2:77:85:12:51:C8:CD:6A:DD:DA:A2:C7:43:C3:19:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67f40a44-f534-4bd5-82d5-3d7ba1d41e1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f26:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         74:5b:7e:80:eb:ab:f7:e6:55:0f:f4:19:8f:72:ea:9b:66:a7:
         fa:eb:a8:94:bd:79:1f:e9:06:a1:f8:a6:ca:36:fc:6c:bd:99:
         f9:5c:c1:2f:3f:ff:0e:cb:fd:b5:d5:b8:74:05:6c:3c:2a:d1:
         aa:04:f6:49:e5:1b:62:3a:a5:1d:67:10:e5:84:8f:16:60:03:
         d3:61:63:e1:0c:d7:32:e2:2a:bf:1f:cd:6a:cb:98:aa:e6:06:
         00:72:22:77:28:84:30:9c:a3:95:a2:e1:1a:5b:a5:91:68:55:
         61:fb:a4:86:c0:5d:4e:27:3c:21:79:64:d0:b3:3b:e0:08:0b:
         89:a9:03:17:06:b1:06:5e:5d:59:9d:48:c4:47:fd:a0:20:a2:
         78:dd:6a:b3:13:98:a5:a5:f3:65:f8:2a:0d:2e:6d:ef:6c:56:
         0c:33:41:b3:88:60:4b:d4:c1:ac:1b:fa:d2:25:f2:4b:c9:e2:
         c0:5f:a1:91:22:19:eb:ff:bf:e7:fd:d6:cd:ce:dd:49:72:b2:
         93:f1:4f:44:67:4c:30:bc:e1:8f:a0:45:a4:e5:b2:6b:58:73:
         0f:88:54:2a:a4:9a:9a:12:99:48:d4:4d:2e:1e:be:46:a5:12:
         49:a1:bc:f9:92:2e:31:56:c6:2e:5c:21:37:6c:e0:33:b8:88:
         7d:de:38:03
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKGa+g3i9uJJD5axwunAbyyhpuX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAyMTE4WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDQ1ZmVkNjNjMDU5Y2MwZjA4YmY1ZGE2ZjZmYWU1MmU1
Y2NlMzRkMzA4MmU1NDJkZTE0MGI1NTQ3Mjk0ZTcwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCekb5VZ/ewr2ynp/BNzdWZ2rMGzwx920Q5WMSQpltKgLod
yLm8HvmxknGX1N5EcM0LoQ8p50YH+w8dRN6NPeTjpq7cfsFv4eXsW9JAm6wrApOR
yMVWclpn4aFExbp+N2RjElyw6IJ1Vh2aoy9/OpfpJbk2t8CzNfpAQ2d6DNLEqaum
LN52CKHrnnQSLduIjMN3/xrNDrSPgkECwS5ioXOumo6v/T7QLkM3+2V/fWT/HGzn
WK5veHpFumLFLRC1e4MBO7AKpo084qMMrB5NUDHfGDfCNxKma6L0U2uyihmKo5VY
tvKKvckKhlxKquDbDTRRNQG/XfsAkYV37jlpry8VAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUfuGwveJ3hRJRyM1q3dqix0PDGYowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY3ZjQwYTQ0LWY1MzQtNGJkNS04MmQ1LTNkN2JhMWQ0MWUxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8mgDANBgkqhkiG9w0BAQsFAAOCAQEAdFt+gOur9+ZVD/QZj3Lqm2an
+uuolL15H+kGofimyjb8bL2Z+VzBLz//Dsv9tdW4dAVsPCrRqgT2SeUbYjqlHWcQ
5YSPFmAD02Fj4QzXMuIqvx/NasuYquYGAHIidyiEMJyjlaLhGlulkWhVYfukhsBd
Tic8IXlk0LM74AgLiakDFwaxBl5dWZ1IxEf9oCCieN1qsxOYpaXzZfgqDS5t72xW
DDNBs4hgS9TBrBv60iXyS8niwF+hkSIZ6/+/5/3Wzc7dSXKyk/FPRGdMMLzhj6BF
pOWya1hzD4hUKqSamhKZSNRNLh6+RqUSSaG8+ZIuMVbGLlwhN2zgM7iIfd44Aw==
-----END CERTIFICATE-----