Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a005ca1-9152-4910-a152-3b30476e109b.roa
File:                     6a005ca1-9152-4910-a152-3b30476e109b.roa (raw, json)
Hash identifier:          xA0rKUNQSk51g1wnTPwRMVYNy63+pBr35FCRzQtFhEg=
Subject key identifier:   D3:86:D1:51:8E:ED:5E:0C:21:A9:B6:24:3A:86:96:23:1C:04:FE:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7294028B7A6D96A1B3952D29C728506015CF4D8B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a005ca1-9152-4910-a152-3b30476e109b.roa
Signing time:             Fri 17 Oct 2025 20:31:49 +0000
ROA not before:           Fri 17 Oct 2025 20:31:49 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:80b0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:94:02:8b:7a:6d:96:a1:b3:95:2d:29:c7:28:50:60:15:cf:4d:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 20:31:49 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=c65f4979ab055f9b0678e4559e660fcb984e55e87d6f4bf9f4806375c9b75fe0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:17:95:82:56:73:0b:b0:e4:1d:2c:e4:49:6e:
                    b2:0b:49:49:63:98:dd:ab:50:74:a9:d6:5b:35:61:
                    fb:e8:4f:34:37:a5:36:80:69:4e:0a:e5:1c:5e:16:
                    86:25:c1:e3:28:46:b9:e8:10:ab:fd:9c:70:3c:b2:
                    99:14:11:a3:15:92:fe:8b:08:d1:55:f4:72:ff:06:
                    be:85:72:45:8d:f0:e5:e6:fe:35:07:55:32:f5:77:
                    72:95:c7:52:e0:e8:bb:ae:a0:47:05:2b:96:50:2f:
                    cf:89:cc:eb:48:90:58:0c:b0:5b:60:b0:6b:e8:5b:
                    b7:ef:75:52:1c:17:74:bb:9d:4a:1d:11:f4:de:6e:
                    e4:fb:cc:21:92:da:92:68:68:36:30:b4:2a:7a:c2:
                    2b:70:7f:5f:d8:43:25:b7:0e:65:da:e6:f8:53:5d:
                    bd:dd:79:f7:8d:a3:fc:d1:84:4b:35:a5:a0:95:be:
                    83:7a:55:e1:c8:54:66:10:bb:ae:69:31:04:e5:a0:
                    e0:00:fc:8d:9b:1e:15:80:fc:d7:b3:28:fe:01:e0:
                    80:04:30:23:4f:1b:b7:84:58:f4:06:3b:e4:7b:37:
                    d1:ac:8f:c2:e5:c9:f1:73:13:e4:45:9c:57:c3:47:
                    e5:32:b2:c5:b1:14:c0:48:69:f9:2c:70:9e:51:f5:
                    7c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:86:D1:51:8E:ED:5E:0C:21:A9:B6:24:3A:86:96:23:1C:04:FE:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a005ca1-9152-4910-a152-3b30476e109b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:80b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:df:0a:2d:60:ce:e7:1e:ba:fe:5b:89:e6:6e:9b:4e:e7:de:
         bc:42:c6:dd:74:db:11:fb:73:5e:21:94:3d:f9:73:5c:2a:6e:
         54:0d:02:65:d0:a7:e6:ae:c5:a1:cb:91:16:27:cd:0b:0b:60:
         96:9b:8f:9c:65:f9:74:6c:42:30:63:36:fc:bb:1a:25:8c:32:
         47:f0:97:47:51:14:d4:7c:25:6d:fe:b9:36:3e:82:5e:7c:3c:
         64:c2:90:88:99:be:b3:0b:38:14:f4:16:c6:65:4c:66:64:a1:
         40:28:1c:a7:19:f8:b4:48:08:54:5c:35:cb:ca:c3:50:45:4c:
         ec:72:7f:01:c5:61:f5:aa:4f:49:ff:07:17:f5:0f:e6:cb:00:
         2e:34:0d:45:10:0d:44:6a:62:04:46:d0:33:52:2c:0b:b5:00:
         f4:5e:23:e4:55:41:48:57:20:24:a1:69:7f:2b:2e:9a:c2:23:
         21:ca:a0:1a:e5:56:23:55:1c:6c:f8:46:f0:fe:c1:75:a9:12:
         65:8b:8d:21:f4:00:e7:e3:d8:27:6b:ec:26:ce:9d:74:ca:6b:
         8e:6e:93:d9:33:c5:fa:75:22:c7:b5:32:cd:a4:8a:4d:66:bc:
         85:30:50:0a:6f:b9:ad:fb:cd:e3:6b:88:e5:37:1f:03:02:6b:
         a0:66:84:38
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcpQCi3ptlqGzlS0pxyhQYBXPTYswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjAzMTQ5WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjVmNDk3OWFiMDU1ZjliMDY3OGU0NTU5ZTY2MGZjYjk4
NGU1NWU4N2Q2ZjRiZjlmNDgwNjM3NWM5Yjc1ZmUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdF5WCVnMLsOQdLORJbrILSUljmN2rUHSp1ls1YfvoTzQ3
pTaAaU4K5RxeFoYlweMoRrnoEKv9nHA8spkUEaMVkv6LCNFV9HL/Br6FckWN8OXm
/jUHVTL1d3KVx1Lg6LuuoEcFK5ZQL8+JzOtIkFgMsFtgsGvoW7fvdVIcF3S7nUod
EfTebuT7zCGS2pJoaDYwtCp6witwf1/YQyW3DmXa5vhTXb3defeNo/zRhEs1paCV
voN6VeHIVGYQu65pMQTloOAA/I2bHhWA/NezKP4B4IAEMCNPG7eEWPQGO+R7N9Gs
j8LlyfFzE+RFnFfDR+UyssWxFMBIafkscJ5R9XyzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU04bRUY7tXgwhqbYkOoaWIxwE/tEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhMDA1Y2ExLTkxNTItNDkxMC1hMTUyLTNiMzA0NzZlMTA5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//gLAwDQYJKoZIhvcNAQELBQADggEBAKbfCi1gzuceuv5bieZum07n
3rxCxt102xH7c14hlD35c1wqblQNAmXQp+auxaHLkRYnzQsLYJabj5xl+XRsQjBj
Nvy7GiWMMkfwl0dRFNR8JW3+uTY+gl58PGTCkIiZvrMLOBT0FsZlTGZkoUAoHKcZ
+LRICFRcNcvKw1BFTOxyfwHFYfWqT0n/Bxf1D+bLAC40DUUQDURqYgRG0DNSLAu1
APReI+RVQUhXICShaX8rLprCIyHKoBrlViNVHGz4RvD+wXWpEmWLjSH0AOfj2Cdr
7CbOnXTKa45uk9kzxfp1Ise1Ms2kik1mvIUwUApvua37zeNriOU3HwMCa6BmhDg=
-----END CERTIFICATE-----