Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85010989-e86c-4694-9a07-5b4bd126192b.roa
File:                     85010989-e86c-4694-9a07-5b4bd126192b.roa (raw, json)
Hash identifier:          pLNtmCrALZtwJ+UlJ5DiOlX2RF3lU6UpWrJhr3kbw7o=
Subject key identifier:   1C:CA:3A:0E:C2:C2:D9:33:BA:E8:6F:66:74:CC:BF:1C:E1:88:18:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3ACA46AE03EC7D743C5E47436175CB9453494B04
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85010989-e86c-4694-9a07-5b4bd126192b.roa
Signing time:             Mon 06 Oct 2025 15:52:30 +0000
ROA not before:           Mon 06 Oct 2025 15:52:30 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ca:46:ae:03:ec:7d:74:3c:5e:47:43:61:75:cb:94:53:49:4b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:52:30 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=9314ff5c78d74dc7e8023b0564c2c4829b8278bd65abf78d2dad99e8de00a162, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:fb:49:0a:48:ec:f4:69:19:e4:79:bb:40:79:
                    6b:b4:e2:92:4a:4d:0e:26:a8:35:82:1a:05:94:c2:
                    a8:1a:b8:19:13:30:e1:0d:69:aa:a7:38:6a:39:8e:
                    97:ae:3f:aa:46:7a:71:d5:8d:23:0b:31:4a:fb:f2:
                    e9:e3:20:07:26:2f:49:87:10:af:1a:ce:b9:97:ba:
                    89:b0:dc:33:d8:2d:6d:b8:5c:1d:c5:10:91:5a:90:
                    45:c4:ec:b1:c1:fd:22:a9:96:92:0d:6f:a2:50:33:
                    69:07:42:37:bf:b8:cb:fd:a8:b5:bf:53:42:fe:3c:
                    e8:4f:d1:f5:6a:a0:90:27:af:b0:fd:b1:91:0b:98:
                    b2:06:c7:59:ae:8a:32:5a:42:62:48:78:c9:c8:64:
                    52:3a:5e:bc:7e:6e:b4:33:85:14:5b:fc:04:ca:a8:
                    91:a3:30:76:eb:38:42:24:a7:18:80:0d:25:54:cb:
                    74:8f:06:25:39:c0:fc:8c:f7:51:12:2f:02:25:38:
                    58:f0:66:15:05:0d:7c:82:7c:9f:d6:b9:a8:ce:92:
                    45:1c:46:97:21:0b:4b:28:ae:90:17:52:3c:84:3f:
                    ca:c2:bb:9d:1b:2f:eb:36:7a:1c:ec:11:ab:08:97:
                    7e:70:ff:19:b7:d6:20:23:ef:e5:de:62:4a:63:e7:
                    05:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:CA:3A:0E:C2:C2:D9:33:BA:E8:6F:66:74:CC:BF:1C:E1:88:18:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85010989-e86c-4694-9a07-5b4bd126192b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:08:fa:57:6c:90:82:8b:47:fc:27:22:61:43:7b:8d:dd:11:
         7c:14:27:4b:54:0a:78:1a:e0:62:0e:1e:10:53:f7:b0:0a:2c:
         3a:03:b7:48:cf:b5:d7:e2:2b:9d:a6:8b:72:b8:e8:b5:fa:ae:
         ef:e8:ad:63:b6:bc:87:2e:8a:aa:9c:1b:0f:b0:d7:b6:ab:e5:
         0e:14:3c:df:31:b3:ec:7f:fa:f9:72:57:32:fb:3d:0f:c9:b7:
         b0:a4:b0:af:e3:1d:65:a1:3f:28:da:66:da:49:0c:c1:8d:8f:
         a2:19:b5:63:6e:1c:ff:03:86:6f:cb:6d:e8:4a:94:e3:5a:f7:
         c1:33:1e:ca:56:42:d9:26:2c:52:d2:b5:64:07:ea:c6:85:8e:
         22:55:67:84:8d:24:6c:fd:54:d2:54:69:db:f8:cf:6d:90:23:
         a1:7e:8c:f3:55:92:6c:ee:55:d7:30:11:2e:a5:27:b9:ad:9d:
         8c:ce:62:0e:c7:20:dc:ea:2b:97:91:0d:89:00:b2:ad:e7:a3:
         d8:0c:39:13:31:23:88:b4:32:2e:3c:55:cb:c4:46:8b:3a:b2:
         80:91:5a:ac:53:f4:0a:75:14:9d:21:06:67:61:c1:70:41:da:
         43:cb:99:3b:3f:ad:17:04:db:c6:20:bb:c8:a2:5c:31:5f:5d:
         d5:4d:2b:91
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUOspGrgPsfXQ8XkdDYXXLlFNJSwQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTU1MjMwWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzE0ZmY1Yzc4ZDc0ZGM3ZTgwMjNiMDU2NGMyYzQ4Mjli
ODI3OGJkNjVhYmY3OGQyZGFkOTllOGRlMDBhMTYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDn+0kKSOz0aRnkebtAeWu04pJKTQ4mqDWCGgWUwqgauBkT
MOENaaqnOGo5jpeuP6pGenHVjSMLMUr78unjIAcmL0mHEK8azrmXuomw3DPYLW24
XB3FEJFakEXE7LHB/SKplpINb6JQM2kHQje/uMv9qLW/U0L+POhP0fVqoJAnr7D9
sZELmLIGx1muijJaQmJIeMnIZFI6Xrx+brQzhRRb/ATKqJGjMHbrOEIkpxiADSVU
y3SPBiU5wPyM91ESLwIlOFjwZhUFDXyCfJ/WuajOkkUcRpchC0sorpAXUjyEP8rC
u50bL+s2ehzsEasIl35w/xm31iAj7+XeYkpj5wWhAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUHMo6DsLC2TO66G9mdMy/HOGIGBAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg1MDEwOTg5LWU4NmMtNDY5NC05YTA3LTViNGJkMTI2MTkyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB84MA0GCSqGSIb3DQEBCwUAA4IBAQBCCPpXbJCCi0f8JyJhQ3uN3RF8
FCdLVAp4GuBiDh4QU/ewCiw6A7dIz7XX4iudpotyuOi1+q7v6K1jtryHLoqqnBsP
sNe2q+UOFDzfMbPsf/r5clcy+z0PybewpLCv4x1loT8o2mbaSQzBjY+iGbVjbhz/
A4Zvy23oSpTjWvfBMx7KVkLZJixS0rVkB+rGhY4iVWeEjSRs/VTSVGnb+M9tkCOh
fozzVZJs7lXXMBEupSe5rZ2MzmIOxyDc6iuXkQ2JALKt56PYDDkTMSOItDIuPFXL
xEaLOrKAkVqsU/QKdRSdIQZnYcFwQdpDy5k7P60XBNvGILvIolwxX13VTSuR
-----END CERTIFICATE-----