Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7f567f4-babd-45d0-82c9-1e940fee8aff.roa
File:                     a7f567f4-babd-45d0-82c9-1e940fee8aff.roa (raw, json)
Hash identifier:          ebLqvImRXEA2mTs8LHgxpMLjgRokR1TYvWjUu9wlBBc=
Subject key identifier:   38:1E:86:BC:30:7A:91:23:57:34:A7:C1:1E:4D:A0:07:45:7E:E1:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       37DD1293CB57E19BC3719ACDA3461B3EB14D8776
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7f567f4-babd-45d0-82c9-1e940fee8aff.roa
Signing time:             Tue 07 Oct 2025 00:42:54 +0000
ROA not before:           Tue 07 Oct 2025 00:42:54 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff4:3400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:dd:12:93:cb:57:e1:9b:c3:71:9a:cd:a3:46:1b:3e:b1:4d:87:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:42:54 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=176d05311ffa36a71e80c7e0088e28cf3b2dfa96869d7838643f72bbe113b100, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:25:38:95:8d:fd:32:93:e8:11:12:3c:db:fc:
                    f3:9b:58:ef:87:8f:b7:e7:a7:f6:3b:2c:83:97:25:
                    ae:26:6a:f4:85:c4:03:af:94:b7:13:8e:68:13:5f:
                    3f:48:2f:28:51:b2:43:22:4d:59:68:dc:58:08:8a:
                    06:07:a7:fd:a1:b1:a4:92:2f:e5:d2:13:48:7e:07:
                    cc:1a:be:f4:64:e9:9a:c1:84:d6:43:c2:61:1d:21:
                    3f:a9:ce:83:88:dc:8d:44:be:2f:1c:d2:47:8c:a3:
                    c2:9d:c3:ee:83:08:a3:56:ed:1d:51:90:3e:9a:bc:
                    b9:05:d2:61:09:38:90:5d:24:c0:4e:54:83:39:61:
                    5e:b8:13:8f:ce:e2:08:12:71:11:71:6e:1a:65:68:
                    bb:57:f9:01:47:7b:3b:ca:d2:08:94:cf:e9:c6:40:
                    8b:0a:1e:2c:15:30:6b:11:0d:81:e7:06:7d:d5:2c:
                    ae:a7:a5:52:66:ca:af:e3:47:09:d8:88:7d:2c:0a:
                    0e:2b:99:b9:2a:fe:7b:a3:31:dd:d7:52:4d:75:b4:
                    83:f6:2a:9a:e2:19:21:45:de:68:81:64:02:e5:f8:
                    da:5a:b3:b3:65:9e:ca:97:39:4f:a1:d4:e3:55:cb:
                    fc:cc:31:9f:ef:5d:84:24:4e:91:3f:17:83:1e:ea:
                    dc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:1E:86:BC:30:7A:91:23:57:34:A7:C1:1E:4D:A0:07:45:7E:E1:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7f567f4-babd-45d0-82c9-1e940fee8aff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         3d:84:66:f0:8e:a7:73:91:9f:4c:64:47:ca:d3:75:e8:12:36:
         86:6a:58:f6:9d:20:22:ff:ac:0e:3b:ae:c8:5c:0d:05:38:d3:
         a3:aa:cc:0a:05:35:8f:63:a0:20:0f:66:f2:13:bf:ef:c3:85:
         92:12:5e:ef:c8:ff:f5:07:a3:7d:57:c6:1b:44:4c:ce:56:67:
         82:ed:df:9d:09:fc:ea:1d:bf:42:04:f0:68:7f:0a:79:95:95:
         99:1d:f5:0d:c1:72:12:9e:2e:0b:a7:a7:8d:26:e3:c2:ac:dc:
         cc:d8:cf:7a:58:b1:12:39:93:ff:82:57:9d:01:ba:91:f1:44:
         84:0a:9b:72:b7:be:56:ea:e4:9c:a1:32:a7:f0:60:c0:11:e4:
         93:a4:ac:d0:72:f9:e1:98:34:93:a7:ef:39:d5:a6:c6:94:f1:
         11:e7:af:2a:5e:b8:a6:35:81:8b:b5:f6:5c:29:85:86:ae:c6:
         2c:00:97:81:5f:60:37:d3:7b:60:2e:6f:70:22:d0:6d:12:1b:
         2f:26:8f:c0:7b:23:3a:d0:8c:4e:32:63:3c:88:de:df:9c:a4:
         37:ad:b9:11:3f:f0:28:2d:87:8c:18:24:d0:de:9f:48:20:2b:
         7c:79:9c:84:7b:c0:69:c6:ff:93:e3:18:87:31:13:54:73:3a:
         4c:64:ec:37
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUN90Sk8tX4ZvDcZrNo0YbPrFNh3YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MjU0WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzZkMDUzMTFmZmEzNmE3MWU4MGM3ZTAwODhlMjhjZjNi
MmRmYTk2ODY5ZDc4Mzg2NDNmNzJiYmUxMTNiMTAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1JTiVjf0yk+gREjzb/PObWO+Hj7fnp/Y7LIOXJa4mavSF
xAOvlLcTjmgTXz9ILyhRskMiTVlo3FgIigYHp/2hsaSSL+XSE0h+B8wavvRk6ZrB
hNZDwmEdIT+pzoOI3I1Evi8c0keMo8Kdw+6DCKNW7R1RkD6avLkF0mEJOJBdJMBO
VIM5YV64E4/O4ggScRFxbhplaLtX+QFHezvK0giUz+nGQIsKHiwVMGsRDYHnBn3V
LK6npVJmyq/jRwnYiH0sCg4rmbkq/nujMd3XUk11tIP2KpriGSFF3miBZALl+Npa
s7NlnsqXOU+h1ONVy/zMMZ/vXYQkTpE/F4Me6tznAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUOB6GvDB6kSNXNKfBHk2gB0V+4YMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3ZjU2N2Y0LWJhYmQtNDVkMC04MmM5LTFlOTQwZmVlOGFmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/0NDANBgkqhkiG9w0BAQsFAAOCAQEAPYRm8I6nc5GfTGRHytN16BI2
hmpY9p0gIv+sDjuuyFwNBTjTo6rMCgU1j2OgIA9m8hO/78OFkhJe78j/9QejfVfG
G0RMzlZngu3fnQn86h2/QgTwaH8KeZWVmR31DcFyEp4uC6enjSbjwqzczNjPelix
EjmT/4JXnQG6kfFEhAqbcre+VurknKEyp/BgwBHkk6Ss0HL54Zg0k6fvOdWmxpTx
EeevKl64pjWBi7X2XCmFhq7GLACXgV9gN9N7YC5vcCLQbRIbLyaPwHsjOtCMTjJj
PIje35ykN625ET/wKC2HjBgk0N6fSCArfHmchHvAacb/k+MYhzETVHM6TGTsNw==
-----END CERTIFICATE-----