Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79a08982-5194-4b4d-8be7-6d940279e284.roa
File:                     79a08982-5194-4b4d-8be7-6d940279e284.roa (raw, json)
Hash identifier:          SF7OVmhcvM4MWU8+sGMbTfDQCkEMbIAZg/UkioinXXM=
Subject key identifier:   E5:78:C8:5D:80:9C:90:2E:C9:8A:09:3F:7E:BF:9D:1A:67:B8:59:62
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0ED2B5B4C79D2FCFC7788B7B5154287E150E51EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79a08982-5194-4b4d-8be7-6d940279e284.roa
Signing time:             Fri 10 Oct 2025 00:12:45 +0000
ROA not before:           Fri 10 Oct 2025 00:12:45 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff4:4000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:d2:b5:b4:c7:9d:2f:cf:c7:78:8b:7b:51:54:28:7e:15:0e:51:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:12:45 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=3aaacc7ef96ee80530203e4e4681bd0470cd8112db8b58c30c05aae8d93fc29f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:54:38:0b:c5:02:94:86:07:05:09:8c:e1:31:
                    8f:86:43:d3:b0:d3:8b:64:1d:a3:39:51:2e:1b:be:
                    7f:42:49:f0:aa:30:b7:09:47:94:54:98:e5:8f:34:
                    25:57:1e:fb:94:2a:41:d1:ad:80:bd:18:c5:30:84:
                    17:e8:80:29:c7:fe:ef:2e:37:86:40:93:f0:cc:05:
                    b3:c2:68:5b:b4:c5:c6:2b:c1:8d:cf:0d:64:67:30:
                    e2:f5:12:9e:54:cb:0f:1a:00:99:75:36:24:67:45:
                    57:89:05:d5:22:57:55:8c:b8:9d:1f:89:e5:8e:b2:
                    51:e0:c2:3a:0a:0f:2a:2c:80:44:6f:bf:3d:b3:39:
                    c0:a0:3e:38:fc:6d:8f:34:ee:9c:68:19:ce:b3:48:
                    aa:9d:f5:0f:95:c5:e2:18:2e:1f:47:65:b6:12:51:
                    a9:6e:71:ce:03:8f:cf:25:6b:d6:65:55:1e:28:44:
                    d2:86:05:d6:94:c8:5b:c2:b6:bd:81:68:65:9a:22:
                    7d:f3:82:ce:c7:81:96:7f:96:76:98:ab:1a:99:47:
                    b3:ee:c8:85:c9:83:78:e1:cf:d7:2f:aa:2c:e2:49:
                    78:d5:49:2d:a5:67:48:e4:11:f9:da:f4:db:44:4f:
                    9d:23:a3:64:a9:e5:02:4b:fb:c1:5e:0a:a5:9e:f7:
                    c1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:78:C8:5D:80:9C:90:2E:C9:8A:09:3F:7E:BF:9D:1A:67:B8:59:62
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79a08982-5194-4b4d-8be7-6d940279e284.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         68:45:be:92:30:5e:25:f7:2b:8a:da:7c:b3:77:c7:47:ca:b0:
         8c:e1:4a:88:ff:5f:5d:88:d1:f0:2a:d5:61:e0:e8:f3:48:69:
         62:f5:83:f5:0b:47:90:77:ea:b2:17:ea:c1:e5:ec:e6:b4:bf:
         37:5c:d3:27:75:73:db:6b:6b:fa:aa:b1:5a:64:a9:4a:05:61:
         ad:07:96:7b:03:fa:b7:f9:63:80:c9:f2:c4:82:3e:a8:02:f7:
         6b:e3:0f:51:4c:7f:de:ec:47:52:0b:08:d6:21:de:68:63:70:
         1f:b3:ab:ad:5c:20:c6:44:77:d5:99:53:39:b6:c5:b6:f2:46:
         13:95:b5:d8:23:7c:0e:1c:b4:06:a9:78:99:52:92:1e:50:f1:
         00:4a:bb:5d:d6:74:f7:4f:74:d0:43:66:5c:2c:7d:f3:de:94:
         80:ff:55:5a:12:98:2c:6a:9f:3b:7c:40:bb:f3:a3:34:11:77:
         e2:23:29:c8:9f:39:61:ca:a8:bc:70:8e:4a:9e:92:98:96:68:
         da:8b:61:45:42:63:f8:a4:9d:8b:cd:d2:b1:99:85:b5:f7:dd:
         2d:c1:58:fe:f4:af:50:43:7f:59:21:0b:68:ee:cf:40:14:5e:
         27:64:3a:c7:47:e3:b4:3e:62:6e:61:91:56:3b:67:98:51:13:
         44:30:06:ee
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUDtK1tMedL8/HeIt7UVQofhUOUeswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAxMjQ1WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYWFhY2M3ZWY5NmVlODA1MzAyMDNlNGU0NjgxYmQwNDcw
Y2Q4MTEyZGI4YjU4YzMwYzA1YWFlOGQ5M2ZjMjlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKVDgLxQKUhgcFCYzhMY+GQ9Ow04tkHaM5US4bvn9CSfCq
MLcJR5RUmOWPNCVXHvuUKkHRrYC9GMUwhBfogCnH/u8uN4ZAk/DMBbPCaFu0xcYr
wY3PDWRnMOL1Ep5Uyw8aAJl1NiRnRVeJBdUiV1WMuJ0fieWOslHgwjoKDyosgERv
vz2zOcCgPjj8bY807pxoGc6zSKqd9Q+VxeIYLh9HZbYSUalucc4Dj88la9ZlVR4o
RNKGBdaUyFvCtr2BaGWaIn3zgs7HgZZ/lnaYqxqZR7PuyIXJg3jhz9cvqiziSXjV
SS2lZ0jkEfna9NtET50jo2Sp5QJL+8FeCqWe98GnAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU5XjIXYCckC7Jigk/fr+dGme4WWIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc5YTA4OTgyLTUxOTQtNGI0ZC04YmU3LTZkOTQwMjc5ZTI4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/0QDANBgkqhkiG9w0BAQsFAAOCAQEAaEW+kjBeJfcritp8s3fHR8qw
jOFKiP9fXYjR8CrVYeDo80hpYvWD9QtHkHfqshfqweXs5rS/N1zTJ3Vz22tr+qqx
WmSpSgVhrQeWewP6t/ljgMnyxII+qAL3a+MPUUx/3uxHUgsI1iHeaGNwH7OrrVwg
xkR31ZlTObbFtvJGE5W12CN8Dhy0Bql4mVKSHlDxAEq7XdZ090900ENmXCx9896U
gP9VWhKYLGqfO3xAu/OjNBF34iMpyJ85YcqovHCOSp6SmJZo2othRUJj+KSdi83S
sZmFtffdLcFY/vSvUEN/WSELaO7PQBReJ2Q6x0fjtD5ibmGRVjtnmFETRDAG7g==
-----END CERTIFICATE-----