Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72621dea-e2ce-444e-be02-b72d389b4b7b.roa
File:                     72621dea-e2ce-444e-be02-b72d389b4b7b.roa (raw, json)
Hash identifier:          op60o++e2sGZ7HCvhExTX+YAoX9m0CAF1xlVpBiHJiw=
Subject key identifier:   12:37:7C:F9:B3:50:58:AF:D0:E6:98:45:C8:86:88:2C:C4:43:B5:47
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       220B7E7BCD5DB9B39B38EE2D2DBFAD29D01FA742
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72621dea-e2ce-444e-be02-b72d389b4b7b.roa
Signing time:             Mon 06 Oct 2025 16:02:04 +0000
ROA not before:           Mon 06 Oct 2025 16:02:04 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff5:ec00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:0b:7e:7b:cd:5d:b9:b3:9b:38:ee:2d:2d:bf:ad:29:d0:1f:a7:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:02:04 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=0ed838fc9fe743ae5b0bf2f868feac964e72f75d0ceba460690060619238fd25, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d6:1e:b1:40:4e:65:7f:5a:6a:8d:83:b4:1f:
                    36:34:ae:57:66:b6:58:70:dd:2e:e0:c3:55:0c:6f:
                    96:6a:da:93:78:e7:3d:1a:a5:a3:9b:cb:40:5d:63:
                    d4:1f:cb:0f:8d:a4:36:25:7a:ca:9d:6b:1f:db:75:
                    98:31:1d:55:47:52:0a:4b:b9:89:e0:d4:27:34:35:
                    91:db:41:23:03:03:cf:c1:de:73:0f:8e:4d:a3:7e:
                    32:98:42:08:b7:41:c0:84:09:5e:79:8f:ed:59:d4:
                    29:03:f0:f9:8f:52:85:92:83:7f:f4:fc:6b:b7:ff:
                    77:10:a9:ac:e5:5a:8b:91:5e:03:59:94:f2:e7:05:
                    36:7b:82:3d:f0:c3:be:2f:04:c7:bf:f4:bd:44:b4:
                    1a:2f:13:85:e8:a8:db:12:a6:73:f4:6f:33:3e:97:
                    38:4e:8b:52:d2:5b:e2:36:f9:d4:43:d7:2d:53:09:
                    a7:59:e1:c5:1d:c4:7d:5e:7a:de:d4:c7:0d:18:51:
                    ae:3d:0b:91:74:c3:b2:4d:b9:e8:7d:f2:4f:c4:7d:
                    0d:45:a8:40:14:7c:f2:cf:99:46:52:b7:85:13:be:
                    c4:e9:92:05:c1:27:37:87:bc:7f:05:bb:7d:07:f9:
                    4c:65:95:01:ec:62:00:d9:99:61:ed:d0:f7:61:b6:
                    23:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:37:7C:F9:B3:50:58:AF:D0:E6:98:45:C8:86:88:2C:C4:43:B5:47
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72621dea-e2ce-444e-be02-b72d389b4b7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:ec00::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:d3:d6:f8:8f:e8:82:9d:34:2c:bc:28:8f:cd:97:dc:87:67:
         79:c0:2d:5e:2a:8d:d9:9b:8b:20:8f:63:dd:fc:5f:6d:ee:2f:
         38:43:e8:18:04:8e:33:b8:14:c3:8c:07:95:d9:e1:40:d8:72:
         53:49:d3:d3:7f:af:15:78:5f:c5:c1:48:77:8f:b5:00:05:84:
         1a:26:a9:ae:b2:9b:ca:4a:9d:57:03:81:83:d3:d4:79:33:b7:
         07:64:c0:f7:b8:34:31:be:41:3b:08:3d:ea:2d:b6:4b:3e:d9:
         2f:74:a2:12:ba:af:ac:7c:02:1d:2a:54:0e:c2:6d:d0:3f:5e:
         49:a2:0b:0a:d6:3b:df:ab:8a:e0:34:d2:6b:2e:62:97:b2:dc:
         8e:fe:a2:ff:34:f1:9a:dc:7c:28:a7:63:79:80:f1:e9:1a:33:
         12:e1:ad:fc:51:bc:4b:04:f1:2c:ce:21:66:25:5f:1e:1d:2c:
         f4:93:90:b4:a0:d1:15:3d:06:fb:c3:fd:ac:8c:54:bd:57:3c:
         f4:5c:73:f2:bd:28:ec:57:f6:14:70:d5:a2:d1:65:cc:cf:e8:
         70:6f:b2:fe:1a:bd:89:f3:08:ea:2e:4f:46:f6:fc:e9:7e:df:
         5d:70:c0:05:7d:ea:72:bb:2b:40:2a:ed:85:3b:40:f5:fb:93:
         a4:0e:31:70
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUIgt+e81dubObOO4tLb+tKdAfp0IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYwMjA0WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZWQ4MzhmYzlmZTc0M2FlNWIwYmYyZjg2OGZlYWM5NjRl
NzJmNzVkMGNlYmE0NjA2OTAwNjA2MTkyMzhmZDI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe1h6xQE5lf1pqjYO0HzY0rldmtlhw3S7gw1UMb5Zq2pN4
5z0apaOby0BdY9Qfyw+NpDYlesqdax/bdZgxHVVHUgpLuYng1Cc0NZHbQSMDA8/B
3nMPjk2jfjKYQgi3QcCECV55j+1Z1CkD8PmPUoWSg3/0/Gu3/3cQqazlWouRXgNZ
lPLnBTZ7gj3ww74vBMe/9L1EtBovE4XoqNsSpnP0bzM+lzhOi1LSW+I2+dRD1y1T
CadZ4cUdxH1eet7Uxw0YUa49C5F0w7JNueh98k/EfQ1FqEAUfPLPmUZSt4UTvsTp
kgXBJzeHvH8Fu30H+UxllQHsYgDZmWHt0PdhtiNRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUEjd8+bNQWK/Q5phFyIaILMRDtUcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcyNjIxZGVhLWUyY2UtNDQ0ZS1iZTAyLWI3MmQzODliNGI3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/17DANBgkqhkiG9w0BAQsFAAOCAQEAd9PW+I/ogp00LLwoj82X3Idn
ecAtXiqN2ZuLII9j3fxfbe4vOEPoGASOM7gUw4wHldnhQNhyU0nT03+vFXhfxcFI
d4+1AAWEGiaprrKbykqdVwOBg9PUeTO3B2TA97g0Mb5BOwg96i22Sz7ZL3SiErqv
rHwCHSpUDsJt0D9eSaILCtY736uK4DTSay5il7Lcjv6i/zTxmtx8KKdjeYDx6Roz
EuGt/FG8SwTxLM4hZiVfHh0s9JOQtKDRFT0G+8P9rIxUvVc89Fxz8r0o7Ff2FHDV
otFlzM/ocG+y/hq9ifMI6i5PRvb86X7fXXDABX3qcrsrQCrthTtA9fuTpA4xcA==
-----END CERTIFICATE-----