Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0dc793d-9eee-4685-9f69-65a430499e3a.roa
File:                     a0dc793d-9eee-4685-9f69-65a430499e3a.roa (raw, json)
Hash identifier:          9JnTJ322OosD+XR/bxA69GUwH3M/VHDBKgX0qkbzxh0=
Subject key identifier:   91:28:0B:B7:ED:3F:42:FA:10:8E:C5:E0:0A:5F:75:06:6D:DD:EB:B8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       183F3F6621D93FFE96117BE3EBADEB80CACD2360
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0dc793d-9eee-4685-9f69-65a430499e3a.roa
Signing time:             Wed 01 Oct 2025 00:21:15 +0000
ROA not before:           Wed 01 Oct 2025 00:21:15 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f22::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:3f:3f:66:21:d9:3f:fe:96:11:7b:e3:eb:ad:eb:80:ca:cd:23:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:21:15 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=3c0901ae2a5d929e0f070c92af152ae0d7ffae24dbed692fb93e71ef43568df4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:cb:0f:20:a1:18:78:09:01:48:e1:00:b0:0a:
                    ce:5e:ae:3f:cd:9c:75:3b:ea:85:9b:65:80:69:9b:
                    68:c3:20:46:1b:22:f0:27:44:1a:3f:92:38:c6:e6:
                    46:36:9b:24:7e:fb:5c:c5:08:1b:ed:9e:23:31:52:
                    11:9f:11:e7:0a:df:ae:a7:af:f0:05:86:41:d7:fd:
                    62:09:63:d6:aa:4a:dd:f5:99:75:b4:4e:9a:66:ff:
                    04:ee:01:bd:80:7b:38:b6:08:be:eb:5d:a4:67:cc:
                    aa:f0:88:25:1d:77:1f:4e:9d:3e:41:ae:b2:be:c3:
                    e3:0b:6b:8d:2b:42:fb:bc:fd:e7:5c:c6:7f:ed:de:
                    32:40:2b:d9:11:7e:22:77:09:13:c1:96:d2:68:f6:
                    ce:30:79:e8:e8:a0:c5:83:41:53:c9:bb:a8:fb:2f:
                    0e:9b:a5:6e:7b:c9:66:f3:cb:ca:3b:14:8b:a9:9d:
                    b2:b6:3b:2d:fd:8c:85:41:7d:fc:98:68:03:83:61:
                    67:2d:43:f0:9a:09:de:e2:ba:ca:97:b4:19:16:86:
                    72:04:40:38:5e:b2:49:bf:68:dc:16:cd:64:bf:85:
                    f8:23:17:13:d9:16:c4:e0:f3:2c:40:f6:0b:7e:7b:
                    74:3c:6a:e2:87:49:a7:bb:30:fe:97:74:c0:b1:f0:
                    da:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:28:0B:B7:ED:3F:42:FA:10:8E:C5:E0:0A:5F:75:06:6D:DD:EB:B8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0dc793d-9eee-4685-9f69-65a430499e3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f22::/36

    Signature Algorithm: sha256WithRSAEncryption
         6d:f4:92:97:ac:e6:fb:e4:73:4a:95:fa:7a:7d:57:58:ff:34:
         d3:65:c6:8e:27:bc:0d:8d:7a:2e:ff:31:31:12:ee:d6:7e:f2:
         f6:dc:db:4f:cc:df:28:ab:48:c9:67:14:d8:78:9b:a6:29:bc:
         3a:41:c4:02:22:e0:47:e6:b5:06:21:46:f4:95:e5:95:18:7e:
         8b:88:3b:0b:b9:26:20:a7:d0:72:3d:10:30:e1:f6:74:6d:a6:
         4b:23:8b:3a:e9:69:9e:f0:eb:c8:e2:cc:cf:4e:6f:43:03:b4:
         a6:36:38:d2:3c:a6:c6:8e:ef:8b:ee:b8:1c:12:b9:d7:f2:07:
         a0:5c:ac:02:ad:ab:f9:7b:c4:58:18:c2:a0:7b:ad:73:10:c2:
         a5:20:c6:b3:96:ee:8c:3f:fc:f8:76:0e:41:94:8f:71:11:b0:
         8b:db:8d:2b:ca:1c:55:bc:0e:4c:da:60:eb:66:4a:e9:83:93:
         0d:5d:0b:30:6c:af:46:84:12:aa:f3:b3:8a:6d:af:55:8a:7e:
         ab:2f:18:c0:82:76:60:6c:13:04:79:30:47:aa:ac:11:27:e5:
         75:35:d6:3f:17:53:c8:48:9d:4a:86:b5:9e:22:17:3c:2b:4b:
         b5:d1:e6:62:d7:14:c2:6d:ed:c5:5c:77:12:62:da:84:e3:5a:
         03:da:97:88
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGD8/ZiHZP/6WEXvj663rgMrNI2AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAyMTE1WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzA5MDFhZTJhNWQ5MjllMGYwNzBjOTJhZjE1MmFlMGQ3
ZmZhZTI0ZGJlZDY5MmZiOTNlNzFlZjQzNTY4ZGY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTyw8goRh4CQFI4QCwCs5erj/NnHU76oWbZYBpm2jDIEYb
IvAnRBo/kjjG5kY2myR++1zFCBvtniMxUhGfEecK366nr/AFhkHX/WIJY9aqSt31
mXW0Tppm/wTuAb2Aezi2CL7rXaRnzKrwiCUddx9OnT5BrrK+w+MLa40rQvu8/edc
xn/t3jJAK9kRfiJ3CRPBltJo9s4weejooMWDQVPJu6j7Lw6bpW57yWbzy8o7FIup
nbK2Oy39jIVBffyYaAODYWctQ/CaCd7iusqXtBkWhnIEQDheskm/aNwWzWS/hfgj
FxPZFsTg8yxA9gt+e3Q8auKHSae7MP6XdMCx8NpbAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUkSgLt+0/QvoQjsXgCl91Bm3d67gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EwZGM3OTNkLTllZWUtNDY4NS05ZjY5LTY1YTQzMDQ5OWUzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8iADANBgkqhkiG9w0BAQsFAAOCAQEAbfSSl6zm++RzSpX6en1XWP80
02XGjie8DY16Lv8xMRLu1n7y9tzbT8zfKKtIyWcU2Hibpim8OkHEAiLgR+a1BiFG
9JXllRh+i4g7C7kmIKfQcj0QMOH2dG2mSyOLOulpnvDryOLMz05vQwO0pjY40jym
xo7vi+64HBK51/IHoFysAq2r+XvEWBjCoHutcxDCpSDGs5bujD/8+HYOQZSPcRGw
i9uNK8ocVbwOTNpg62ZK6YOTDV0LMGyvRoQSqvOzim2vVYp+qy8YwIJ2YGwTBHkw
R6qsESfldTXWPxdTyEidSoa1niIXPCtLtdHmYtcUwm3txVx3EmLahONaA9qXiA==
-----END CERTIFICATE-----