Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa
File:                     6e9ea69d-4b33-4a85-894c-5620e610e709.roa (raw, json)
Hash identifier:          K+z0if7oUnFrOmez7cZu6+Fw61qdZtAv7IhOLwuGQ74=
Subject key identifier:   A4:BB:65:DB:B4:6A:1A:34:86:0D:25:0F:12:FA:67:27:05:71:17:D4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2CC16ACA2DF2C6FD816AA42FC16E3931333F1EC4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa
Signing time:             Sat 27 Sep 2025 00:12:12 +0000
ROA not before:           Sat 27 Sep 2025 00:12:12 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:85e8::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:c1:6a:ca:2d:f2:c6:fd:81:6a:a4:2f:c1:6e:39:31:33:3f:1e:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:12:12 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=c9e88cec50c7568a30180b7d021d84fba6921ea52dfdd02f7c324fa1a1cbfbb3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:47:bd:d4:d7:2d:a0:6d:04:02:07:c4:d0:85:
                    b5:fa:99:32:30:7c:d2:68:6b:9c:53:08:f0:a5:2e:
                    04:b5:44:6c:4b:a3:e8:d6:8d:66:96:c3:1e:d9:e9:
                    80:0d:c3:d4:cb:2b:09:8f:3b:f0:aa:92:f7:0b:6e:
                    37:17:d9:10:43:c9:fa:25:e8:6e:70:e6:b7:a3:59:
                    ce:d1:af:67:a9:e9:50:27:5b:c9:a3:84:6c:5f:8b:
                    90:39:f2:d1:01:5c:90:9b:de:ce:67:59:cf:2f:be:
                    f1:7b:6f:5a:52:25:5a:17:c4:67:43:d5:57:e2:11:
                    1a:77:d2:57:02:5b:27:42:61:2e:cd:3f:6a:b6:5b:
                    fe:b8:32:85:c3:ec:d4:21:ef:e6:4a:f0:67:b0:b6:
                    1f:6a:75:48:9b:fe:aa:f3:9f:ba:5c:1f:a0:74:9f:
                    4a:5a:33:d8:c8:8e:2d:5e:83:7e:24:7b:4c:74:42:
                    65:44:b1:5d:6f:d1:f9:13:41:44:e1:5b:c5:ea:98:
                    41:cf:c3:c4:23:2e:f2:36:3b:ba:c8:00:34:6e:61:
                    cf:4e:ce:01:f8:82:0a:dd:38:6f:6b:c3:82:4b:6c:
                    36:40:7e:ec:5f:73:a9:f7:0b:be:e1:1b:1c:45:ce:
                    29:6e:8c:86:9d:5b:f3:d2:f7:42:3d:d6:05:55:70:
                    34:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BB:65:DB:B4:6A:1A:34:86:0D:25:0F:12:FA:67:27:05:71:17:D4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:85e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:fd:d5:68:5b:2a:54:87:d4:f2:1e:e2:4f:3b:2d:87:14:22:
         ce:12:d8:d2:19:05:95:da:9b:95:14:51:83:41:34:9c:8b:d0:
         9c:7a:72:6b:51:a1:86:67:62:4f:8d:ca:c5:37:48:ce:ec:af:
         ac:61:40:46:9f:93:76:7a:7c:d0:a1:a3:ef:11:f3:29:52:a8:
         df:03:9a:b0:02:0b:de:4e:58:f3:5e:44:d3:74:d5:97:48:76:
         75:df:78:f2:34:dc:50:b2:e1:93:52:4d:87:4e:8c:0a:b4:34:
         52:be:e7:e2:1d:84:97:4f:fa:d7:fb:e8:5a:37:55:cc:f9:86:
         35:fc:e9:3c:8e:05:46:f0:f3:34:b7:94:81:83:09:e5:92:21:
         4f:96:26:78:53:fa:95:8a:de:de:bc:a8:e4:e3:20:25:1a:a7:
         85:18:6c:22:0c:6a:93:af:df:ff:39:ea:9f:b6:37:58:9b:5a:
         73:23:e6:d5:fb:c8:0c:8e:5d:ec:76:9d:c3:99:e9:d4:ef:9f:
         d2:0c:fa:61:33:f5:d5:97:41:8d:70:cd:3e:3c:97:d4:69:d4:
         1a:55:67:28:73:ba:3f:f9:35:ae:12:10:f5:fb:6d:40:06:25:
         ed:69:4a:22:f1:81:55:32:52:c6:c6:79:6c:15:b8:49:4a:35:
         da:d4:78:66
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULMFqyi3yxv2BaqQvwW45MTM/HsQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAxMjEyWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjOWU4OGNlYzUwYzc1NjhhMzAxODBiN2QwMjFkODRmYmE2
OTIxZWE1MmRmZGQwMmY3YzMyNGZhMWExY2JmYmIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhR73U1y2gbQQCB8TQhbX6mTIwfNJoa5xTCPClLgS1RGxL
o+jWjWaWwx7Z6YANw9TLKwmPO/CqkvcLbjcX2RBDyfol6G5w5rejWc7Rr2ep6VAn
W8mjhGxfi5A58tEBXJCb3s5nWc8vvvF7b1pSJVoXxGdD1VfiERp30lcCWydCYS7N
P2q2W/64MoXD7NQh7+ZK8Gewth9qdUib/qrzn7pcH6B0n0paM9jIji1eg34ke0x0
QmVEsV1v0fkTQUThW8XqmEHPw8QjLvI2O7rIADRuYc9OzgH4ggrdOG9rw4JLbDZA
fuxfc6n3C77hGxxFzilujIadW/PS90I91gVVcDR1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUpLtl27RqGjSGDSUPEvpnJwVxF9QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlOWVhNjlkLTRiMzMtNGE4NS04OTRjLTU2MjBlNjEwZTcwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9hegwDQYJKoZIhvcNAQELBQADggEBAET91WhbKlSH1PIe4k87LYcU
Is4S2NIZBZXam5UUUYNBNJyL0Jx6cmtRoYZnYk+NysU3SM7sr6xhQEafk3Z6fNCh
o+8R8ylSqN8DmrACC95OWPNeRNN01ZdIdnXfePI03FCy4ZNSTYdOjAq0NFK+5+Id
hJdP+tf76Fo3Vcz5hjX86TyOBUbw8zS3lIGDCeWSIU+WJnhT+pWK3t68qOTjICUa
p4UYbCIMapOv3/856p+2N1ibWnMj5tX7yAyOXex2ncOZ6dTvn9IM+mEz9dWXQY1w
zT48l9Rp1BpVZyhzuj/5Na4SEPX7bUAGJe1pSiLxgVUyUsbGeWwVuElKNdrUeGY=
-----END CERTIFICATE-----