Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ac8db7e-0352-4ac5-97df-faf09a2fa46f.roa
File:                     9ac8db7e-0352-4ac5-97df-faf09a2fa46f.roa (raw, json)
Hash identifier:          hN2kR/1AaP93RGyTJ1M6ZpL3Q4Ta4Vr6B9VcaM+CgqQ=
Subject key identifier:   79:CA:4E:64:05:D5:ED:FF:80:74:17:64:DF:D7:30:55:4A:44:6E:B4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2DD5757DAE8A6FA21C9276AC7DB4FEB9165DDCE4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ac8db7e-0352-4ac5-97df-faf09a2fa46f.roa
Signing time:             Fri 17 Oct 2025 21:41:09 +0000
ROA not before:           Fri 17 Oct 2025 21:41:09 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:5080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:d5:75:7d:ae:8a:6f:a2:1c:92:76:ac:7d:b4:fe:b9:16:5d:dc:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 21:41:09 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=240fc201c5b24a7d5162590a1a8c465c894d001fb78ace3335d8c2e73aa8fd4f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:22:de:ee:a3:d8:0e:81:3a:aa:24:1e:eb:5f:
                    9a:1c:4c:14:69:15:c3:e6:da:9a:04:8a:5a:48:8e:
                    5f:8d:3b:8f:ef:06:d3:46:05:e5:ea:6a:54:f2:f4:
                    41:53:af:3c:e2:03:3c:54:c0:32:f0:65:85:09:75:
                    f3:db:f6:16:c5:e5:97:42:0d:fa:76:cb:07:93:e3:
                    0b:23:7d:5b:a7:98:82:16:88:09:d3:7e:a1:22:29:
                    8e:6d:50:d0:ca:66:e4:19:16:2b:91:8f:42:b4:b0:
                    ea:bb:72:c7:1b:7b:41:8d:6e:6a:75:6d:b8:57:8d:
                    f3:06:ad:b8:23:e5:27:bf:59:52:4a:70:a5:e7:a4:
                    5f:38:9a:28:79:9a:10:96:3f:f5:08:5c:01:1d:7b:
                    7e:1a:81:89:d5:2a:29:4e:47:f5:ae:0b:29:a9:6c:
                    98:59:ac:ab:5a:ed:c6:24:86:cf:00:16:0e:94:8f:
                    79:f8:f2:c9:57:f5:37:3e:fa:5e:3f:5c:ed:a7:9a:
                    37:b9:90:9b:a5:36:d1:4a:9a:3d:53:51:1e:a7:9f:
                    11:b2:2b:95:c8:0d:6a:4b:21:65:6c:23:c9:69:8a:
                    4a:e6:36:62:4f:33:b7:d1:02:02:3f:8b:7a:44:74:
                    9f:2d:15:40:80:0f:4a:1f:d3:be:88:74:a0:fd:80:
                    be:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:CA:4E:64:05:D5:ED:FF:80:74:17:64:DF:D7:30:55:4A:44:6E:B4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ac8db7e-0352-4ac5-97df-faf09a2fa46f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:5080::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:d7:6e:9c:aa:b3:09:c8:1a:e6:35:a4:83:77:97:fd:78:55:
         3b:e5:97:53:20:c7:68:a4:55:09:0d:a0:e7:3a:b5:f8:93:03:
         3a:c3:46:26:bc:60:b1:b5:8f:2b:e3:40:85:fd:5a:48:89:58:
         ed:87:be:c7:06:20:00:c8:ab:a9:f4:ff:64:72:29:a9:48:4f:
         d0:a7:7e:3d:0e:af:3c:c9:5c:d3:fc:07:ee:bf:80:40:c6:47:
         ce:c4:14:45:7b:ba:b9:51:ba:9d:91:c7:9d:6e:b2:2f:13:45:
         67:b3:42:83:83:3e:1d:35:83:fb:24:b7:b3:71:05:ab:b1:a8:
         e1:2c:9f:f1:3a:d4:79:4a:ff:5d:2e:ac:3d:9b:2a:0c:38:1e:
         de:b1:5d:96:b1:38:45:71:63:59:cc:68:1c:47:ed:f8:de:0a:
         fb:22:05:80:f3:1f:0e:21:fc:5b:27:6e:93:ea:85:73:d6:64:
         0d:c2:8f:83:62:a6:f3:8a:8b:b9:42:78:d5:87:79:87:f7:d3:
         ae:3c:72:89:be:aa:73:c5:4d:85:07:eb:83:5d:6a:a5:89:94:
         1f:0e:af:fe:56:a0:8e:75:56:f7:bf:4e:bc:35:43:0d:44:35:
         93:fd:2c:c6:c3:dd:69:17:10:22:b1:94:48:82:bf:7d:fc:17:
         22:d5:2a:2d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULdV1fa6Kb6IcknasfbT+uRZd3OQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjE0MTA5WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDBmYzIwMWM1YjI0YTdkNTE2MjU5MGExYThjNDY1Yzg5
NGQwMDFmYjc4YWNlMzMzNWQ4YzJlNzNhYThmZDRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5It7uo9gOgTqqJB7rX5ocTBRpFcPm2poEilpIjl+NO4/v
BtNGBeXqalTy9EFTrzziAzxUwDLwZYUJdfPb9hbF5ZdCDfp2yweT4wsjfVunmIIW
iAnTfqEiKY5tUNDKZuQZFiuRj0K0sOq7cscbe0GNbmp1bbhXjfMGrbgj5Se/WVJK
cKXnpF84mih5mhCWP/UIXAEde34agYnVKilOR/WuCympbJhZrKta7cYkhs8AFg6U
j3n48slX9Tc++l4/XO2nmje5kJulNtFKmj1TUR6nnxGyK5XIDWpLIWVsI8lpikrm
NmJPM7fRAgI/i3pEdJ8tFUCAD0of076IdKD9gL5PAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUecpOZAXV7f+AdBdk39cwVUpEbrQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhYzhkYjdlLTAzNTItNGFjNS05N2RmLWZhZjA5YTJmYTQ2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//UIAwDQYJKoZIhvcNAQELBQADggEBAGLXbpyqswnIGuY1pIN3l/14
VTvll1Mgx2ikVQkNoOc6tfiTAzrDRia8YLG1jyvjQIX9WkiJWO2HvscGIADIq6n0
/2RyKalIT9Cnfj0OrzzJXNP8B+6/gEDGR87EFEV7urlRup2Rx51usi8TRWezQoOD
Ph01g/skt7NxBauxqOEsn/E61HlK/10urD2bKgw4Ht6xXZaxOEVxY1nMaBxH7fje
CvsiBYDzHw4h/FsnbpPqhXPWZA3Cj4NipvOKi7lCeNWHeYf30648com+qnPFTYUH
64NdaqWJlB8Or/5WoI51Vve/Trw1Qw1ENZP9LMbD3WkXECKxlEiCv338FyLVKi0=
-----END CERTIFICATE-----