Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1fdcca5-f240-49aa-97c6-cc2821561223.roa
File:                     c1fdcca5-f240-49aa-97c6-cc2821561223.roa (raw, json)
Hash identifier:          HV0LgyncJZC+WVgT7FJFtQtcuM597/e/bisbzLGAlEs=
Subject key identifier:   99:43:00:9B:66:82:F8:BC:57:6C:9B:EF:F0:A9:F5:86:C8:4A:44:4B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5077BFA976ACF109148A18DDF31C02DAEDB9ACC0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1fdcca5-f240-49aa-97c6-cc2821561223.roa
Signing time:             Tue 14 Oct 2025 15:52:40 +0000
ROA not before:           Tue 14 Oct 2025 15:52:40 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f69:3400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:77:bf:a9:76:ac:f1:09:14:8a:18:dd:f3:1c:02:da:ed:b9:ac:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 15:52:40 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=49465e03b1ea1e1b288ad7905728a25ebff162510708afe85e71f7858d0fe5f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:22:5b:3f:e7:e5:43:01:d8:97:80:72:38:70:
                    4d:aa:f3:23:86:e9:a1:fd:81:2a:6a:62:50:40:50:
                    81:20:dd:6d:e4:44:46:b6:81:b2:82:95:d3:f2:30:
                    dc:69:d1:d3:37:63:53:9c:80:df:ba:75:8b:2a:64:
                    0e:24:7a:f8:cf:58:e4:db:5d:51:28:50:9c:56:1e:
                    d3:80:7f:46:50:00:98:3b:cc:eb:41:c1:09:ac:32:
                    bd:95:13:af:cc:eb:22:e5:a5:17:64:77:12:96:ac:
                    94:44:cd:44:b0:fc:99:52:bb:8c:75:7c:53:43:44:
                    72:d5:9c:dc:3a:e5:39:c8:34:d3:b2:97:ed:a6:6c:
                    ae:ad:4e:4f:9a:dc:bb:c9:34:aa:e0:f4:39:10:d1:
                    e5:e0:ca:ee:d9:f9:c7:82:c8:22:7d:98:0b:fa:4e:
                    97:03:f9:6f:13:8d:83:cb:96:e3:03:19:93:23:2c:
                    7c:52:c0:60:1d:cc:9b:52:e1:f8:1f:c9:89:83:3b:
                    83:2d:cd:ec:f6:69:95:a0:5f:da:13:be:3b:35:74:
                    4c:78:31:6c:4e:18:0e:17:06:cc:e7:c2:8a:d6:f8:
                    79:4d:13:94:29:79:4f:a9:f7:8a:b4:e5:ad:4b:7a:
                    b3:14:0f:1f:4f:25:31:da:8a:08:85:63:5a:83:04:
                    f1:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:43:00:9B:66:82:F8:BC:57:6C:9B:EF:F0:A9:F5:86:C8:4A:44:4B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1fdcca5-f240-49aa-97c6-cc2821561223.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:a3:97:30:42:80:e3:fd:69:6d:eb:00:10:46:02:35:db:78:
         ba:65:bc:15:63:ea:f8:9e:9f:eb:09:46:fb:35:2e:b8:eb:7a:
         cc:b9:e5:c7:aa:22:49:62:5d:f2:04:fd:17:e6:22:3c:f8:ec:
         bd:c0:c1:00:b2:84:16:3c:65:e6:b0:56:79:4e:c6:44:43:67:
         91:93:a0:47:f5:32:6e:59:b9:b4:60:8b:df:cc:f6:25:29:78:
         17:1e:6c:05:7e:90:82:1b:47:6a:ac:89:18:5c:66:d2:ea:64:
         3d:cd:94:59:1a:ee:d1:31:1e:3e:c7:04:69:a9:92:da:20:f6:
         f4:cd:ba:23:9e:0c:a1:82:ce:be:92:bb:7a:39:c1:2a:1d:3b:
         62:f0:bd:87:34:16:37:55:98:98:02:3c:93:70:e7:c2:b8:f0:
         f1:c5:a0:f6:77:59:5a:c2:78:05:1b:19:66:b0:a0:8e:98:2f:
         a2:65:ff:75:92:a3:63:d0:83:4b:5b:74:10:4a:54:92:40:46:
         05:b1:ca:2c:a6:90:db:a2:ea:27:9b:b9:69:ef:3f:b5:7f:18:
         ba:6b:2c:b1:df:5d:39:85:9f:5b:a9:e4:68:cd:5e:ac:ad:cd:
         be:93:1b:96:2b:b4:65:7c:06:14:39:cd:ce:aa:29:d9:9e:d2:
         6c:72:d3:68
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUUHe/qXas8QkUihjd8xwC2u25rMAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTU1MjQwWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTQ2NWUwM2IxZWExZTFiMjg4YWQ3OTA1NzI4YTI1ZWJm
ZjE2MjUxMDcwOGFmZTg1ZTcxZjc4NThkMGZlNWY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1Ils/5+VDAdiXgHI4cE2q8yOG6aH9gSpqYlBAUIEg3W3k
REa2gbKCldPyMNxp0dM3Y1OcgN+6dYsqZA4kevjPWOTbXVEoUJxWHtOAf0ZQAJg7
zOtBwQmsMr2VE6/M6yLlpRdkdxKWrJREzUSw/JlSu4x1fFNDRHLVnNw65TnINNOy
l+2mbK6tTk+a3LvJNKrg9DkQ0eXgyu7Z+ceCyCJ9mAv6TpcD+W8TjYPLluMDGZMj
LHxSwGAdzJtS4fgfyYmDO4Mtzez2aZWgX9oTvjs1dEx4MWxOGA4XBsznworW+HlN
E5QpeU+p94q05a1LerMUDx9PJTHaigiFY1qDBPG1AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUmUMAm2aC+LxXbJvv8Kn1hshKREswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MxZmRjY2E1LWYyNDAtNDlhYS05N2M2LWNjMjgyMTU2MTIyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9pNDANBgkqhkiG9w0BAQsFAAOCAQEAsaOXMEKA4/1pbesAEEYCNdt4
umW8FWPq+J6f6wlG+zUuuOt6zLnlx6oiSWJd8gT9F+YiPPjsvcDBALKEFjxl5rBW
eU7GRENnkZOgR/Uyblm5tGCL38z2JSl4Fx5sBX6QghtHaqyJGFxm0upkPc2UWRru
0TEePscEaamS2iD29M26I54MoYLOvpK7ejnBKh07YvC9hzQWN1WYmAI8k3Dnwrjw
8cWg9ndZWsJ4BRsZZrCgjpgvomX/dZKjY9CDS1t0EEpUkkBGBbHKLKaQ26LqJ5u5
ae8/tX8Yumsssd9dOYWfW6nkaM1erK3NvpMbliu0ZXwGFDnNzqop2Z7SbHLTaA==
-----END CERTIFICATE-----