Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907c2395-b661-4997-9c87-b20a9e615473.roa
File:                     907c2395-b661-4997-9c87-b20a9e615473.roa (raw, json)
Hash identifier:          QKr9zpbz8k8sTbniR6f0KrQIFb/O+rAVoj2DSCB0al4=
Subject key identifier:   27:4E:91:0D:45:8A:2F:80:8E:87:E0:66:42:CD:BA:DF:71:67:9C:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B420309CF57D26166EBE28C4D2A6A2CC667B7FE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907c2395-b661-4997-9c87-b20a9e615473.roa
Signing time:             Wed 01 Oct 2025 00:12:46 +0000
ROA not before:           Wed 01 Oct 2025 00:12:46 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:5000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:42:03:09:cf:57:d2:61:66:eb:e2:8c:4d:2a:6a:2c:c6:67:b7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:12:46 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=28406bf7798d07e622e37cf50e8c3ebfe7c05187cd3b6fa57d1f93fae0b37846, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9b:06:9d:2f:e3:46:f6:e6:e6:05:92:8e:01:
                    24:56:d3:c3:ba:27:da:7a:d7:5c:45:12:90:0f:49:
                    db:00:c4:94:3d:09:19:f0:93:14:9c:f1:0b:ab:32:
                    dd:a6:14:ad:24:ae:1c:d9:a8:1e:75:af:96:c1:dc:
                    47:8b:90:35:64:bb:0f:f7:6b:0c:c3:d0:8b:6a:a4:
                    6b:ee:2e:33:20:e2:03:bd:3e:14:37:c7:c8:20:55:
                    7f:de:48:ce:5d:c4:b8:5f:85:77:32:8b:31:d8:f9:
                    5b:ca:a0:bc:37:95:84:1a:ab:7c:f2:37:df:22:52:
                    21:eb:b4:17:cd:a8:ab:b3:43:2a:1a:88:3d:5a:4b:
                    64:c9:c0:4e:db:6e:df:64:df:db:a6:41:f5:1d:1c:
                    ce:d1:0b:d7:50:6a:19:cc:a4:35:4f:82:b2:5c:1f:
                    e4:81:cd:eb:3e:8c:d5:76:cb:59:57:e9:ea:55:7c:
                    82:a7:85:2f:85:09:83:f7:60:d3:31:31:f2:20:1d:
                    7b:0e:9d:a2:36:2b:8a:6b:5d:96:39:93:9d:b2:58:
                    86:6a:c3:f1:b9:28:36:d9:36:4a:ab:17:c0:70:31:
                    41:7b:cb:ec:c9:00:06:fc:6e:9a:2e:01:d6:19:f4:
                    65:ae:dc:aa:5c:59:bb:64:66:e4:46:29:ca:2e:78:
                    0c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:4E:91:0D:45:8A:2F:80:8E:87:E0:66:42:CD:BA:DF:71:67:9C:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907c2395-b661-4997-9c87-b20a9e615473.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:ca:a0:bc:0b:8a:0f:2b:d8:a2:78:e4:3e:31:1c:a0:28:9d:
         48:6f:36:26:d2:89:1a:70:f0:ac:9d:28:90:c7:47:07:89:03:
         1e:8e:ff:ee:0c:29:70:53:5b:9d:65:3e:ef:9f:bc:a2:fd:2f:
         3c:a4:84:70:90:11:f6:aa:94:fb:48:59:39:59:b8:31:9b:fe:
         6f:39:1d:07:c1:d3:9e:0a:e5:c4:36:31:b3:c4:56:08:c8:96:
         53:a9:b4:4a:00:51:29:0d:59:b0:fe:e2:c3:66:00:ef:d2:e0:
         e2:39:5d:08:f0:92:cb:fa:84:8f:32:14:d0:63:c5:73:e5:cc:
         79:6b:98:f3:ae:3d:53:c7:9d:d5:7a:99:7d:36:3f:8d:f7:7c:
         9b:af:9c:06:f7:05:ec:d5:b7:c5:28:f8:b1:62:d4:2d:b2:88:
         66:5e:e7:4c:7b:40:33:f6:88:18:b4:11:62:b0:a3:77:62:95:
         58:b7:73:b3:fd:7b:81:12:c2:04:9a:19:90:a0:59:65:bf:b1:
         bf:27:bb:9a:62:2a:91:f5:a9:aa:47:b3:52:0b:2f:0f:b9:3c:
         b6:e4:ce:82:e6:de:e8:93:e1:51:2f:5f:98:97:61:19:e2:ec:
         79:b4:ff:9e:bf:58:77:f2:ea:92:cd:15:7b:3d:e7:d9:83:1c:
         14:ae:84:b6
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUa0IDCc9X0mFm6+KMTSpqLMZnt/4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAxMjQ2WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyODQwNmJmNzc5OGQwN2U2MjJlMzdjZjUwZThjM2ViZmU3
YzA1MTg3Y2QzYjZmYTU3ZDFmOTNmYWUwYjM3ODQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZmwadL+NG9ubmBZKOASRW08O6J9p611xFEpAPSdsAxJQ9
CRnwkxSc8QurMt2mFK0krhzZqB51r5bB3EeLkDVkuw/3awzD0ItqpGvuLjMg4gO9
PhQ3x8ggVX/eSM5dxLhfhXcyizHY+VvKoLw3lYQaq3zyN98iUiHrtBfNqKuzQyoa
iD1aS2TJwE7bbt9k39umQfUdHM7RC9dQahnMpDVPgrJcH+SBzes+jNV2y1lX6epV
fIKnhS+FCYP3YNMxMfIgHXsOnaI2K4prXZY5k52yWIZqw/G5KDbZNkqrF8BwMUF7
y+zJAAb8bpouAdYZ9GWu3KpcWbtkZuRGKcoueAxVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUJ06RDUWKL4COh+BmQs2633FnnEEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkwN2MyMzk1LWI2NjEtNDk5Ny05Yzg3LWIyMGE5ZTYxNTQ3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/xUDANBgkqhkiG9w0BAQsFAAOCAQEAxMqgvAuKDyvYonjkPjEcoCid
SG82JtKJGnDwrJ0okMdHB4kDHo7/7gwpcFNbnWU+75+8ov0vPKSEcJAR9qqU+0hZ
OVm4MZv+bzkdB8HTngrlxDYxs8RWCMiWU6m0SgBRKQ1ZsP7iw2YA79Lg4jldCPCS
y/qEjzIU0GPFc+XMeWuY8649U8ed1XqZfTY/jfd8m6+cBvcF7NW3xSj4sWLULbKI
Zl7nTHtAM/aIGLQRYrCjd2KVWLdzs/17gRLCBJoZkKBZZb+xvye7mmIqkfWpqkez
UgsvD7k8tuTOgube6JPhUS9fmJdhGeLsebT/nr9Yd/Lqks0Vez3n2YMcFK6Etg==
-----END CERTIFICATE-----