Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c222f035-1c02-4052-94b2-4fc3e0405321.roa
File:                     c222f035-1c02-4052-94b2-4fc3e0405321.roa (raw, json)
Hash identifier:          /+I+MsUjtFTiaaoMR7r7C6pTxI0nYth1ywKQwujnRbU=
Subject key identifier:   41:43:6F:33:98:E8:38:2F:A8:88:A3:51:E3:C3:E1:19:ED:65:35:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       21682F29269AAE94F4573BC0E036D2DAA5851470
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c222f035-1c02-4052-94b2-4fc3e0405321.roa
Signing time:             Sat 18 Oct 2025 02:01:30 +0000
ROA not before:           Sat 18 Oct 2025 02:01:30 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f20:8000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:68:2f:29:26:9a:ae:94:f4:57:3b:c0:e0:36:d2:da:a5:85:14:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:01:30 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=f32f7b4c115d0f3f742919997a56638e2fb1aff8bc047aca693d45b3afd83d0d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0d:fe:ee:0d:84:6e:27:7d:d2:63:cc:07:f9:
                    79:d0:99:32:32:0f:28:e7:ef:4a:25:bc:5a:74:27:
                    b0:45:d6:9e:ab:8c:11:96:b4:c7:e6:38:91:5a:a2:
                    39:49:3f:d6:59:3d:65:5a:03:34:fc:aa:e8:e4:ea:
                    4d:e4:d7:d5:98:5c:25:78:32:36:b3:79:b1:58:26:
                    c0:eb:c9:d1:cd:0d:f6:50:63:c9:79:9f:da:61:6d:
                    c3:ab:02:a9:ee:b5:a2:17:f1:d6:88:81:77:0d:25:
                    99:76:ed:d9:03:65:38:62:0a:0b:d5:44:f0:81:39:
                    f2:eb:77:1b:e1:d1:ab:c6:41:50:cd:12:ef:39:68:
                    20:cf:c6:f4:19:3a:ff:41:12:2f:04:d0:85:91:c1:
                    8d:97:de:cc:f8:6b:f7:09:9b:3c:0b:c8:29:38:d4:
                    ed:06:8d:38:ad:b1:27:76:80:c4:98:f5:8b:54:8b:
                    d7:aa:a9:d2:1f:ae:79:77:3e:a4:d4:d4:46:24:50:
                    90:cc:0f:fd:8b:63:4a:4d:62:4c:ff:bd:de:e9:44:
                    93:ce:96:36:e3:ea:16:aa:2a:49:0c:25:9b:2e:22:
                    58:11:b5:01:d1:5c:d5:3d:48:f2:c8:2f:e9:e2:6b:
                    cc:47:99:7f:3e:17:06:e1:57:d1:ba:8a:44:b2:22:
                    0e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:43:6F:33:98:E8:38:2F:A8:88:A3:51:E3:C3:E1:19:ED:65:35:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c222f035-1c02-4052-94b2-4fc3e0405321.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f20:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         12:a6:09:53:83:84:b5:a1:92:0a:7a:f3:67:a4:b7:d9:6b:d9:
         3e:ee:8c:10:50:58:8b:40:82:71:a0:cc:5c:91:c9:9a:9b:ce:
         0b:7a:ca:1f:98:27:ab:84:bc:5a:1c:dd:24:82:e8:e8:cc:75:
         b3:32:c9:2f:2a:08:86:77:d5:73:f5:5e:71:35:df:4a:38:a4:
         fa:c8:aa:0f:ed:d2:d1:4c:c5:7c:fd:d8:c7:b7:47:47:c0:6d:
         68:9a:18:8e:22:86:b1:b1:41:dc:7b:f5:a0:c6:e6:14:18:ec:
         b9:d7:93:b3:7b:65:88:76:17:34:1d:ae:12:c5:a8:1e:20:aa:
         a4:f4:ed:d7:ed:13:bd:fe:c8:d1:a9:a0:5a:16:f5:1e:bc:1f:
         4a:9a:a9:f2:ca:2b:0e:d0:7b:66:89:0b:2a:4d:56:ee:a2:30:
         d5:48:26:f1:ee:89:23:ef:1c:71:ee:16:d4:0a:72:ef:39:97:
         25:70:e9:af:50:ad:18:d2:d9:6a:44:a6:9a:d5:73:6f:86:17:
         61:44:bc:6e:c7:3f:1a:b2:5e:cb:86:59:40:1b:1b:0b:3c:02:
         b1:49:67:8f:42:85:4e:46:bb:dc:3d:34:1e:ce:73:c8:52:56:
         db:32:a8:a7:71:a5:88:07:8d:55:19:0e:ad:14:66:20:6d:ba:
         f7:28:ac:22
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUIWgvKSaarpT0VzvA4DbS2qWFFHAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIwMTMwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzJmN2I0YzExNWQwZjNmNzQyOTE5OTk3YTU2NjM4ZTJm
YjFhZmY4YmMwNDdhY2E2OTNkNDViM2FmZDgzZDBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqDf7uDYRuJ33SY8wH+XnQmTIyDyjn70olvFp0J7BF1p6r
jBGWtMfmOJFaojlJP9ZZPWVaAzT8qujk6k3k19WYXCV4MjazebFYJsDrydHNDfZQ
Y8l5n9phbcOrAqnutaIX8daIgXcNJZl27dkDZThiCgvVRPCBOfLrdxvh0avGQVDN
Eu85aCDPxvQZOv9BEi8E0IWRwY2X3sz4a/cJmzwLyCk41O0GjTitsSd2gMSY9YtU
i9eqqdIfrnl3PqTU1EYkUJDMD/2LY0pNYkz/vd7pRJPOljbj6haqKkkMJZsuIlgR
tQHRXNU9SPLIL+nia8xHmX8+FwbhV9G6ikSyIg7nAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUQUNvM5joOC+oiKNR48PhGe1lNTYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyMjJmMDM1LTFjMDItNDA1Mi05NGIyLTRmYzNlMDQwNTMyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8ggDANBgkqhkiG9w0BAQsFAAOCAQEAEqYJU4OEtaGSCnrzZ6S32WvZ
Pu6MEFBYi0CCcaDMXJHJmpvOC3rKH5gnq4S8WhzdJILo6Mx1szLJLyoIhnfVc/Ve
cTXfSjik+siqD+3S0UzFfP3Yx7dHR8BtaJoYjiKGsbFB3Hv1oMbmFBjsudeTs3tl
iHYXNB2uEsWoHiCqpPTt1+0Tvf7I0amgWhb1HrwfSpqp8sorDtB7ZokLKk1W7qIw
1Ugm8e6JI+8cce4W1Apy7zmXJXDpr1CtGNLZakSmmtVzb4YXYUS8bsc/GrJey4ZZ
QBsbCzwCsUlnj0KFTka73D00Hs5zyFJW2zKop3GliAeNVRkOrRRmIG269yisIg==
-----END CERTIFICATE-----