Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4c38ee-7dc9-4045-ad81-060fd7e9d6b0.roa
File:                     bb4c38ee-7dc9-4045-ad81-060fd7e9d6b0.roa (raw, json)
Hash identifier:          jefrUkqY2a7IjGpR/n+OJVuza96RGjaScWoyimT3I+I=
Subject key identifier:   20:0D:3F:9F:15:69:08:2C:5D:36:17:85:2A:92:FF:0D:80:A4:96:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B323E48891C5AF76B469D0FCEA420760A6AD619
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4c38ee-7dc9-4045-ad81-060fd7e9d6b0.roa
Signing time:             Tue 07 Oct 2025 00:43:15 +0000
ROA not before:           Tue 07 Oct 2025 00:43:15 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:4120::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:32:3e:48:89:1c:5a:f7:6b:46:9d:0f:ce:a4:20:76:0a:6a:d6:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:43:15 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=cb0bd832d91ac1cccb162e58d2086826fc03614f1b140e252d72efd0bc751041, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:45:cf:de:32:3e:e2:af:80:aa:f5:fc:e8:ae:
                    8e:0e:8b:9b:0e:94:f4:2c:4a:ec:7b:42:95:d0:07:
                    fb:01:77:bc:9c:de:f0:c4:d9:4f:f3:68:dd:89:c7:
                    04:50:f1:31:ba:db:a4:2e:68:ab:b1:51:30:17:e7:
                    c8:f9:38:cd:9d:41:cc:08:26:bb:b0:c2:fc:93:59:
                    c8:52:8c:cc:c9:42:06:c4:dd:35:75:9d:03:17:f2:
                    3a:15:aa:77:43:8f:55:7b:88:fb:b7:8a:63:8c:ee:
                    5b:17:d0:38:b7:bf:24:d9:65:8b:e9:f4:f5:2e:8b:
                    ff:f6:45:a9:f5:f8:53:71:0f:f9:3e:00:69:c4:21:
                    84:bf:7f:09:f3:a1:58:36:b2:40:f9:9c:fd:b1:d5:
                    3e:16:b6:dd:f4:8c:33:2a:c9:83:eb:60:6e:a2:7c:
                    25:91:a2:8a:02:fa:0f:f5:7c:9c:78:76:0a:e8:01:
                    1c:1a:2d:de:97:06:eb:f4:b2:33:6a:1f:32:2f:ea:
                    73:c2:b3:12:dc:da:39:81:57:2d:f2:f4:32:cf:36:
                    76:7d:08:c3:e4:28:e9:cc:cf:a9:68:91:2a:85:ba:
                    ed:7b:91:88:06:c2:74:dc:73:f3:1f:c1:f8:ed:88:
                    67:39:37:d1:9c:ac:2c:c1:ba:f3:62:61:85:d9:1a:
                    e5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:0D:3F:9F:15:69:08:2C:5D:36:17:85:2A:92:FF:0D:80:A4:96:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb4c38ee-7dc9-4045-ad81-060fd7e9d6b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:4120::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:89:78:63:18:dc:e7:03:d2:be:1a:99:44:e0:b1:76:a0:33:
         43:c8:04:b8:54:4a:0a:df:eb:97:a7:e9:12:89:27:86:60:7d:
         07:2a:0f:4a:cc:a8:8b:64:76:5b:0d:2d:32:f6:b1:13:64:3f:
         2b:ba:64:8c:a1:ac:24:35:01:3e:1e:6a:55:aa:c9:6f:b7:91:
         fa:e9:47:d1:42:ff:e6:c1:b5:68:98:d1:3a:ff:92:51:03:d8:
         fd:35:37:82:9e:34:15:12:47:19:db:d9:e9:83:fb:22:29:66:
         22:23:ce:72:fd:33:76:6b:f8:6a:2b:59:95:71:56:95:24:e0:
         2a:bf:8b:59:b5:94:26:3d:d6:3c:08:83:fb:27:17:01:00:0d:
         50:5c:3b:c6:1d:68:56:2b:84:e5:59:bd:b7:6a:06:a8:e2:e7:
         86:9c:fc:d9:2c:11:34:12:c5:f6:70:a4:3e:75:7c:19:dc:48:
         c4:7b:88:6f:9a:a4:72:9d:f8:6d:6c:0e:f4:f8:b0:28:87:41:
         87:69:16:86:af:27:78:ee:12:14:c6:7a:9a:d3:8f:90:b7:1f:
         ce:e6:3a:d9:6b:2b:2b:a3:d6:09:73:85:53:6e:ef:fc:3e:38:
         81:fd:0d:df:58:59:dc:b8:dc:c5:41:75:b5:90:ba:93:9d:60:
         bb:89:4d:a1
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUezI+SIkcWvdrRp0PzqQgdgpq1hkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MzE1WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjBiZDgzMmQ5MWFjMWNjY2IxNjJlNThkMjA4NjgyNmZj
MDM2MTRmMWIxNDBlMjUyZDcyZWZkMGJjNzUxMDQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIRc/eMj7ir4Cq9fzoro4Oi5sOlPQsSux7QpXQB/sBd7yc
3vDE2U/zaN2JxwRQ8TG626QuaKuxUTAX58j5OM2dQcwIJruwwvyTWchSjMzJQgbE
3TV1nQMX8joVqndDj1V7iPu3imOM7lsX0Di3vyTZZYvp9PUui//2Ran1+FNxD/k+
AGnEIYS/fwnzoVg2skD5nP2x1T4Wtt30jDMqyYPrYG6ifCWRoooC+g/1fJx4dgro
ARwaLd6XBuv0sjNqHzIv6nPCsxLc2jmBVy3y9DLPNnZ9CMPkKOnMz6lokSqFuu17
kYgGwnTcc/MfwfjtiGc5N9GcrCzBuvNiYYXZGuV5AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUIA0/nxVpCCxdNheFKpL/DYCkliYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiNGMzOGVlLTdkYzktNDA0NS1hZDgxLTA2MGZkN2U5ZDZiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AQSAwDQYJKoZIhvcNAQELBQADggEBAK+JeGMY3OcD0r4amUTgsXag
M0PIBLhUSgrf65en6RKJJ4ZgfQcqD0rMqItkdlsNLTL2sRNkPyu6ZIyhrCQ1AT4e
alWqyW+3kfrpR9FC/+bBtWiY0Tr/klED2P01N4KeNBUSRxnb2emD+yIpZiIjznL9
M3Zr+GorWZVxVpUk4Cq/i1m1lCY91jwIg/snFwEADVBcO8YdaFYrhOVZvbdqBqji
54ac/NksETQSxfZwpD51fBncSMR7iG+apHKd+G1sDvT4sCiHQYdpFoavJ3juEhTG
eprTj5C3H87mOtlrKyuj1glzhVNu7/w+OIH9Dd9YWdy43MVBdbWQupOdYLuJTaE=
-----END CERTIFICATE-----