Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f2501e3-70a0-4b0e-9416-31dfdbb7e4ae.roa
File:                     8f2501e3-70a0-4b0e-9416-31dfdbb7e4ae.roa (raw, json)
Hash identifier:          oMTkakwzGXDklr02fHXk5+B7+M+CMZ1ZtaCcgeqCpfE=
Subject key identifier:   C5:87:D1:60:35:13:65:5E:ED:5D:A8:3B:FF:FA:D1:8D:CC:0D:B8:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2B06B874C498913F1EBB24FF6931872C3EFF61B0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f2501e3-70a0-4b0e-9416-31dfdbb7e4ae.roa
Signing time:             Mon 06 Oct 2025 16:01:16 +0000
ROA not before:           Mon 06 Oct 2025 16:01:16 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fb8:ec00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:06:b8:74:c4:98:91:3f:1e:bb:24:ff:69:31:87:2c:3e:ff:61:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:01:16 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=8016f40f915254cc0cf8d7e7ddb00b80a82e42ef3ab72783574cae90d7228ce8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e7:23:b9:d3:d2:9d:49:af:b3:c4:eb:53:1d:
                    a5:0a:40:b4:bb:ba:6e:52:f2:06:2f:60:f3:ce:ee:
                    8c:f4:a1:7e:bd:95:a5:45:61:84:12:69:a2:ab:64:
                    2d:4f:2b:ce:2d:89:64:b0:07:bb:c8:c5:92:d3:2c:
                    98:ee:a8:11:d5:44:57:bf:60:a0:12:dd:b1:df:d8:
                    74:2e:e5:ba:8f:d5:ac:a9:0d:c0:2e:bf:40:b3:2d:
                    d1:9f:6c:f9:8e:0e:a1:f4:71:58:86:09:b3:57:6e:
                    30:a6:44:99:b6:c5:f9:6a:74:94:f2:24:68:1f:c4:
                    da:03:10:ae:85:6e:89:21:1b:f4:a2:87:4f:5b:d5:
                    3f:38:79:5f:33:08:64:8e:55:a8:f5:7c:11:39:79:
                    47:b5:3f:da:a7:ca:8e:56:6f:29:1e:bb:c0:e0:fe:
                    ce:d6:32:e0:42:3b:6d:ff:b6:b3:61:04:43:60:87:
                    f9:f6:aa:15:b3:66:f9:08:65:0d:48:69:39:cb:6d:
                    4d:4f:cd:a5:e2:e2:04:eb:fb:85:1d:29:f3:90:0e:
                    59:46:97:e3:fe:5a:c9:6b:5d:08:58:88:40:42:bf:
                    a8:ac:20:02:f0:be:09:b2:f8:f4:c7:d6:39:ba:5d:
                    96:10:ce:f2:ec:85:53:e6:45:c8:7c:d1:c3:5d:1f:
                    a8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:87:D1:60:35:13:65:5E:ED:5D:A8:3B:FF:FA:D1:8D:CC:0D:B8:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f2501e3-70a0-4b0e-9416-31dfdbb7e4ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb8:ec00::/40

    Signature Algorithm: sha256WithRSAEncryption
         07:45:5c:88:21:ce:b9:04:5b:76:4a:88:c6:b7:e4:6f:ab:5c:
         8b:c7:e7:f2:f6:c7:2d:44:0a:f5:0f:a0:f5:5a:81:6d:3d:0d:
         91:39:ea:f2:91:7b:53:6e:d4:94:43:71:02:5c:3a:fa:99:e1:
         ec:ad:e2:8d:61:e3:06:fc:a8:19:48:2c:74:ca:de:e1:d7:b5:
         d4:bb:69:6a:e5:92:9f:50:3d:ab:eb:b5:fa:69:9d:11:b0:1c:
         57:27:b6:61:43:51:41:8e:7d:2b:c9:e3:de:35:4e:a3:b9:8c:
         7d:18:fc:aa:39:f9:60:14:cf:5b:07:ad:f6:60:59:ad:36:3c:
         60:0b:a0:90:2a:d4:a1:02:1b:78:77:a2:e5:d7:2e:2a:07:df:
         af:08:3e:74:46:87:65:89:a6:3c:12:37:62:6a:f5:05:f0:cc:
         a6:c2:74:83:d9:29:7c:12:05:b6:a5:55:a6:cd:3a:a9:a6:1d:
         c8:00:59:2f:43:c1:fb:8c:55:10:56:c1:f5:f7:3b:9f:b3:b5:
         f3:b8:b1:9f:18:11:45:aa:31:d5:7d:da:7b:97:64:78:58:b6:
         eb:80:6f:55:29:1a:a0:31:0a:ab:ca:0b:f8:61:0d:e9:50:c0:
         30:ab:c1:62:06:95:02:e1:01:ab:e7:bc:47:24:7b:c3:88:9f:
         cf:49:d4:16
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKwa4dMSYkT8euyT/aTGHLD7/YbAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYwMTE2WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDE2ZjQwZjkxNTI1NGNjMGNmOGQ3ZTdkZGIwMGI4MGE4
MmU0MmVmM2FiNzI3ODM1NzRjYWU5MGQ3MjI4Y2U4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP5yO509KdSa+zxOtTHaUKQLS7um5S8gYvYPPO7oz0oX69
laVFYYQSaaKrZC1PK84tiWSwB7vIxZLTLJjuqBHVRFe/YKAS3bHf2HQu5bqP1ayp
DcAuv0CzLdGfbPmODqH0cViGCbNXbjCmRJm2xflqdJTyJGgfxNoDEK6FbokhG/Si
h09b1T84eV8zCGSOVaj1fBE5eUe1P9qnyo5Wbykeu8Dg/s7WMuBCO23/trNhBENg
h/n2qhWzZvkIZQ1IaTnLbU1PzaXi4gTr+4UdKfOQDllGl+P+WslrXQhYiEBCv6is
IALwvgmy+PTH1jm6XZYQzvLshVPmRch80cNdH6gxAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUxYfRYDUTZV7tXag7//rRjcwNuDkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhmMjUwMWUzLTcwYTAtNGIwZS05NDE2LTMxZGZkYmI3ZTRhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+47DANBgkqhkiG9w0BAQsFAAOCAQEAB0VciCHOuQRbdkqIxrfkb6tc
i8fn8vbHLUQK9Q+g9VqBbT0NkTnq8pF7U27UlENxAlw6+pnh7K3ijWHjBvyoGUgs
dMre4de11LtpauWSn1A9q+u1+mmdEbAcVye2YUNRQY59K8nj3jVOo7mMfRj8qjn5
YBTPWwet9mBZrTY8YAugkCrUoQIbeHei5dcuKgffrwg+dEaHZYmmPBI3Ymr1BfDM
psJ0g9kpfBIFtqVVps06qaYdyABZL0PB+4xVEFbB9fc7n7O187ixnxgRRaox1X3a
e5dkeFi264BvVSkaoDEKq8oL+GEN6VDAMKvBYgaVAuEBq+e8RyR7w4ifz0nUFg==
-----END CERTIFICATE-----