Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad3aa119-e75d-405d-91e1-64d3070576a6.roa
File:                     ad3aa119-e75d-405d-91e1-64d3070576a6.roa (raw, json)
Hash identifier:          BLrZLfoa0qaCiKWFKXW/gv/8YQhsZtZx4UDB47kgwh0=
Subject key identifier:   F7:9C:0C:8A:60:45:64:20:26:B8:B4:8F:F7:9E:55:87:8C:E5:A5:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       301247E9F1BB30A18A50E06C10C38C3D69BB07B1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad3aa119-e75d-405d-91e1-64d3070576a6.roa
Signing time:             Mon 06 Oct 2025 15:42:49 +0000
ROA not before:           Mon 06 Oct 2025 15:42:49 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:2000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:12:47:e9:f1:bb:30:a1:8a:50:e0:6c:10:c3:8c:3d:69:bb:07:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:42:49 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=7839e4c14fcf72f2540410cbe4c8a32da2dc5701aa73a71c031728102d980a16, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:73:ea:c9:4b:ce:57:06:1d:da:7a:2b:f5:8c:
                    f0:1d:94:c2:b7:07:42:f6:bb:82:56:33:99:c7:d7:
                    b8:c2:99:cc:53:ab:ba:bf:d1:8b:09:79:2f:14:28:
                    f8:4a:08:59:bf:f6:08:a8:bd:30:de:43:33:15:59:
                    d1:ff:72:71:43:44:0d:7c:87:c4:f9:1f:79:d0:5c:
                    ef:c5:d2:02:fe:83:50:ee:cc:98:87:aa:33:cb:02:
                    91:2f:84:0a:3b:b3:7d:9d:a2:26:c1:cd:c7:7c:f4:
                    fb:c0:41:f5:38:81:78:f6:63:6d:ae:c0:9e:f3:2a:
                    30:0d:22:cb:13:12:ca:60:9a:92:dc:89:8d:a0:97:
                    4c:97:32:82:34:93:b1:94:b6:57:cc:7b:10:96:e7:
                    85:5b:e3:51:d3:73:a3:28:a0:56:c5:ac:50:22:db:
                    6b:74:97:44:d5:2e:25:00:23:9b:59:5b:da:48:95:
                    58:92:75:34:4a:82:1a:d4:99:7d:c6:f3:f5:4e:c7:
                    c9:fb:43:87:2b:e1:d7:d5:e7:43:c4:18:bb:84:9e:
                    3a:37:7a:97:d7:44:98:ff:8c:13:68:aa:53:73:ff:
                    0d:b9:d9:06:76:fa:fc:7b:1c:83:1f:35:58:89:c8:
                    a0:02:68:f7:20:a9:21:94:fe:ed:8c:ed:d2:55:5c:
                    ec:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:9C:0C:8A:60:45:64:20:26:B8:B4:8F:F7:9E:55:87:8C:E5:A5:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad3aa119-e75d-405d-91e1-64d3070576a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         00:87:20:e0:e1:02:d4:6d:3c:0d:68:43:f3:86:08:54:e4:63:
         b3:39:cb:a3:cc:79:97:a9:40:13:aa:4e:d4:77:53:d5:58:d1:
         b2:08:75:ad:99:f9:eb:80:ad:e7:67:5d:5a:2e:84:3b:b6:74:
         02:0a:dd:7f:bc:6c:7c:de:34:4c:74:18:60:8a:db:6c:05:a0:
         79:5d:c4:27:21:f5:9f:fd:80:a0:c5:7d:6b:83:47:9b:b5:b9:
         76:63:2d:51:a3:96:66:23:18:84:9c:3d:04:f0:7e:9c:1f:38:
         f6:84:2d:27:3c:f5:40:2e:1f:15:d6:c4:ca:d6:4f:18:52:6a:
         c0:37:e9:5c:42:88:d2:35:20:9f:9c:a4:c9:cf:88:c6:fe:3f:
         2b:12:2f:fb:4f:f2:32:b9:28:3a:d7:01:58:2d:26:8c:32:ea:
         7c:98:a2:19:0a:e7:a4:b3:80:8e:97:48:53:46:93:45:63:2e:
         48:55:62:cb:aa:48:cb:9f:e3:ac:36:0e:56:7a:41:00:ef:fe:
         68:53:f3:0b:de:53:08:06:37:c1:2e:c6:bc:10:7a:ac:0d:ca:
         32:7d:e9:9d:80:7d:32:bc:4f:59:80:b6:e3:35:67:87:b7:d2:
         c5:29:ba:9b:b3:3d:ca:5f:28:c9:b1:5f:b4:b1:7c:62:0b:80:
         c0:d1:5a:6f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMBJH6fG7MKGKUOBsEMOMPWm7B7EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTU0MjQ5WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODM5ZTRjMTRmY2Y3MmYyNTQwNDEwY2JlNGM4YTMyZGEy
ZGM1NzAxYWE3M2E3MWMwMzE3MjgxMDJkOTgwYTE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTc+rJS85XBh3aeiv1jPAdlMK3B0L2u4JWM5nH17jCmcxT
q7q/0YsJeS8UKPhKCFm/9giovTDeQzMVWdH/cnFDRA18h8T5H3nQXO/F0gL+g1Du
zJiHqjPLApEvhAo7s32doibBzcd89PvAQfU4gXj2Y22uwJ7zKjANIssTEspgmpLc
iY2gl0yXMoI0k7GUtlfMexCW54Vb41HTc6MooFbFrFAi22t0l0TVLiUAI5tZW9pI
lViSdTRKghrUmX3G8/VOx8n7Q4cr4dfV50PEGLuEnjo3epfXRJj/jBNoqlNz/w25
2QZ2+vx7HIMfNViJyKACaPcgqSGU/u2M7dJVXOxVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU95wMimBFZCAmuLSP955Vh4zlpX0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FkM2FhMTE5LWU3NWQtNDA1ZC05MWUxLTY0ZDMwNzA1NzZhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/9IDANBgkqhkiG9w0BAQsFAAOCAQEAAIcg4OEC1G08DWhD84YIVORj
sznLo8x5l6lAE6pO1HdT1VjRsgh1rZn564Ct52ddWi6EO7Z0Agrdf7xsfN40THQY
YIrbbAWgeV3EJyH1n/2AoMV9a4NHm7W5dmMtUaOWZiMYhJw9BPB+nB849oQtJzz1
QC4fFdbEytZPGFJqwDfpXEKI0jUgn5ykyc+Ixv4/KxIv+0/yMrkoOtcBWC0mjDLq
fJiiGQrnpLOAjpdIU0aTRWMuSFViy6pIy5/jrDYOVnpBAO/+aFPzC95TCAY3wS7G
vBB6rA3KMn3pnYB9MrxPWYC24zVnh7fSxSm6m7M9yl8oybFftLF8YguAwNFabw==
-----END CERTIFICATE-----