Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/837b61fc-a3e4-4d74-b321-99209fe5979e.roa
File:                     837b61fc-a3e4-4d74-b321-99209fe5979e.roa (raw, json)
Hash identifier:          hn6N9jvhH84BqqSsyRImZQyac0PL8AfqeEvZsk8cHvI=
Subject key identifier:   5C:06:4A:19:E5:E2:D5:24:5C:92:80:EA:C5:BC:88:0C:75:1E:6D:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       138A79B9C59B50E995B858850DDFAB55DABD1A90
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/837b61fc-a3e4-4d74-b321-99209fe5979e.roa
Signing time:             Fri 03 Oct 2025 00:11:17 +0000
ROA not before:           Fri 03 Oct 2025 00:11:17 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:83ad::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:8a:79:b9:c5:9b:50:e9:95:b8:58:85:0d:df:ab:55:da:bd:1a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:11:17 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=0bd69c9be22014919a0d46620f64b8ad5478b6edf675861c053b555c1a462a42, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:05:b6:dd:f7:44:99:4a:b5:a1:13:cd:ee:6d:
                    17:aa:fb:90:d3:32:8b:8e:79:9a:91:76:bc:fe:54:
                    f3:63:49:33:76:b5:92:4f:b5:56:e6:cc:1a:d1:51:
                    d1:0b:d1:b7:57:15:50:56:45:03:0e:37:5a:29:09:
                    80:e5:a9:8b:57:02:6c:fb:8f:41:9b:b8:b1:8c:ba:
                    cf:15:83:18:22:d8:4c:0c:33:a2:b0:13:79:80:cf:
                    29:dd:e8:3d:ed:bd:86:1a:fe:9c:01:c4:59:25:d0:
                    61:9b:b2:45:60:9a:67:55:0f:59:9e:db:5c:72:89:
                    27:14:ed:fe:b6:fd:9c:a5:e2:7e:e7:f4:6b:44:00:
                    7e:3f:cc:c1:84:27:25:c1:b6:9f:d4:df:96:8b:7f:
                    97:64:44:b9:7a:84:86:d2:2e:6a:3b:4f:8d:72:1b:
                    46:0f:58:b1:55:20:b1:28:92:43:1b:e5:b4:d5:a5:
                    4d:c9:12:9a:a2:28:6b:42:c4:83:4d:09:51:5f:7d:
                    10:35:41:89:3d:7b:35:1d:e2:31:d7:6c:0a:8f:2c:
                    c2:ae:02:a0:6c:fe:3e:57:75:3f:e0:fb:e3:99:1d:
                    75:78:ae:b7:e1:bc:16:26:3b:1f:c3:87:d7:ad:ce:
                    42:d8:bd:70:44:88:14:1a:2c:dd:c2:24:39:be:f1:
                    80:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:06:4A:19:E5:E2:D5:24:5C:92:80:EA:C5:BC:88:0C:75:1E:6D:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/837b61fc-a3e4-4d74-b321-99209fe5979e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:83ad::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:57:c1:44:57:d8:4c:93:a6:a4:5b:b2:66:b1:bc:61:2c:7a:
         dd:ab:04:af:a3:73:8e:c1:54:a8:95:78:e9:73:6a:c5:36:5c:
         88:78:52:cb:fb:c1:c3:9e:31:c4:b4:cd:b2:d0:b1:ca:7b:ad:
         40:98:68:70:9e:f8:44:e0:2b:f6:23:d1:1f:ac:b3:6f:05:4f:
         e7:65:6c:23:7b:f2:60:19:cf:1d:56:f1:98:9a:3a:0b:27:c1:
         03:75:fc:95:67:1e:1a:38:b2:f0:78:22:05:ae:25:1b:1c:0b:
         77:95:35:d9:88:9c:ae:dd:ab:9e:9e:1c:89:bc:da:36:b5:92:
         a4:08:10:53:4a:31:b9:ea:9f:41:96:27:d9:f2:21:34:b5:f0:
         0c:91:9e:01:80:c2:d7:ba:85:5b:66:90:2e:b8:b7:85:01:24:
         26:2f:da:bb:9a:07:84:45:90:dc:ff:fb:29:60:cd:66:a7:ae:
         5a:0d:69:da:3f:6f:99:a6:c8:cb:25:67:ce:cd:5f:71:aa:ce:
         cb:dd:98:4b:c0:e5:61:b8:80:94:d0:3e:0d:d7:50:d2:5d:72:
         cb:c8:45:4e:f0:94:b2:51:02:70:d9:35:85:52:f9:eb:dd:f3:
         45:a1:30:57:d3:a6:02:da:80:a6:af:c9:71:53:d4:ab:af:69:
         6b:b2:b2:6d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUE4p5ucWbUOmVuFiFDd+rVdq9GpAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAxMTE3WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmQ2OWM5YmUyMjAxNDkxOWEwZDQ2NjIwZjY0YjhhZDU0
NzhiNmVkZjY3NTg2MWMwNTNiNTU1YzFhNDYyYTQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2Bbbd90SZSrWhE83ubReq+5DTMouOeZqRdrz+VPNjSTN2
tZJPtVbmzBrRUdEL0bdXFVBWRQMON1opCYDlqYtXAmz7j0GbuLGMus8Vgxgi2EwM
M6KwE3mAzynd6D3tvYYa/pwBxFkl0GGbskVgmmdVD1me21xyiScU7f62/Zyl4n7n
9GtEAH4/zMGEJyXBtp/U35aLf5dkRLl6hIbSLmo7T41yG0YPWLFVILEokkMb5bTV
pU3JEpqiKGtCxINNCVFffRA1QYk9ezUd4jHXbAqPLMKuAqBs/j5XdT/g++OZHXV4
rrfhvBYmOx/Dh9etzkLYvXBEiBQaLN3CJDm+8YDdAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUXAZKGeXi1SRckoDqxbyIDHUebeswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgzN2I2MWZjLWEzZTQtNGQ3NC1iMzIxLTk5MjA5ZmU1OTc5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9g60wDQYJKoZIhvcNAQELBQADggEBAGNXwURX2EyTpqRbsmaxvGEs
et2rBK+jc47BVKiVeOlzasU2XIh4Usv7wcOeMcS0zbLQscp7rUCYaHCe+ETgK/Yj
0R+ss28FT+dlbCN78mAZzx1W8ZiaOgsnwQN1/JVnHho4svB4IgWuJRscC3eVNdmI
nK7dq56eHIm82ja1kqQIEFNKMbnqn0GWJ9nyITS18AyRngGAwte6hVtmkC64t4UB
JCYv2ruaB4RFkNz/+ylgzWanrloNado/b5mmyMslZ87NX3GqzsvdmEvA5WG4gJTQ
Pg3XUNJdcsvIRU7wlLJRAnDZNYVS+evd80WhMFfTpgLagKavyXFT1KuvaWuysm0=
-----END CERTIFICATE-----