Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2b6e44e-c9f2-449c-99e0-5e66b92216e9.roa
File:                     c2b6e44e-c9f2-449c-99e0-5e66b92216e9.roa (raw, json)
Hash identifier:          4nzYZY+RiaDLRk2VRNdXdaqWBCiDNrdX4M4FJRzXf7Q=
Subject key identifier:   89:E7:83:6E:AE:3D:0B:1E:57:00:31:71:FB:2D:7D:58:D6:15:6F:3A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F6703D294468C1C686658FF79941F5949026D75
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2b6e44e-c9f2-449c-99e0-5e66b92216e9.roa
Signing time:             Sat 18 Oct 2025 02:51:28 +0000
ROA not before:           Sat 18 Oct 2025 02:51:28 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:2000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:67:03:d2:94:46:8c:1c:68:66:58:ff:79:94:1f:59:49:02:6d:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:51:28 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=cb9bb024f7ec77a900a433898d82325565c2620ecda69b31f729e6412a7997fa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8b:4c:6b:73:14:35:05:65:70:50:da:26:d6:
                    55:88:2b:89:17:a1:55:4d:b1:43:3e:5f:11:99:7c:
                    8d:cc:46:b9:16:f6:52:49:7d:f7:b4:19:a3:ed:c2:
                    8e:d1:e2:07:d9:ea:74:17:67:5d:ae:29:38:37:61:
                    b6:be:55:84:76:1d:85:82:3a:8d:8f:90:a4:7d:5d:
                    af:71:78:d3:25:92:5c:35:07:f8:04:65:e4:ee:08:
                    77:60:a4:75:16:db:c6:7c:51:32:ca:30:4a:20:6e:
                    67:c8:8c:68:f3:83:e9:06:30:5d:a7:b3:62:d1:e2:
                    f8:ba:49:a3:ba:23:b2:38:0e:25:eb:c2:f7:ca:93:
                    d5:04:0a:72:27:1f:35:27:f4:45:e4:54:81:59:0d:
                    54:d5:2c:6c:11:72:27:73:3c:b5:59:61:e8:4a:e0:
                    f1:7f:e0:e2:46:c6:1c:19:5e:1c:8b:2d:48:9f:82:
                    aa:c6:d4:fb:50:9d:0a:6f:8f:ec:99:ea:2a:42:40:
                    d3:bd:3a:68:09:f3:1c:35:65:2e:c0:39:a5:23:a2:
                    96:40:84:96:6a:9c:66:5f:a8:2f:e9:aa:20:9b:d8:
                    91:0d:ee:7d:03:e8:37:57:37:2c:d2:69:44:c6:c5:
                    57:3d:ba:e0:d8:a7:c7:a6:38:48:62:60:6b:66:ad:
                    33:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E7:83:6E:AE:3D:0B:1E:57:00:31:71:FB:2D:7D:58:D6:15:6F:3A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2b6e44e-c9f2-449c-99e0-5e66b92216e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a3:48:c6:a6:f2:c6:0d:09:05:2d:3d:68:3a:65:88:4e:67:eb:
         a4:f4:54:9b:89:42:5f:6f:e8:04:35:31:8b:43:3d:75:62:87:
         ec:12:4f:da:5f:4c:5d:a6:da:8b:dd:ec:90:c0:d4:aa:5d:77:
         78:ea:93:42:3b:95:9d:47:9a:33:6b:49:d6:17:b7:ba:af:e6:
         d0:fd:42:9e:08:d3:9e:9d:d7:b2:47:99:6e:54:30:09:f9:83:
         fa:bf:7b:08:3a:02:eb:94:b1:f4:40:1b:9f:45:70:7c:ec:4b:
         9a:05:2e:92:6e:ec:77:53:4a:fd:1b:cc:f4:70:d0:57:a6:ba:
         19:a1:f1:37:d1:58:a3:99:f6:3d:6d:62:dc:d9:3b:36:b2:97:
         dc:f7:a8:f3:bb:d4:75:42:26:fc:57:c6:9a:0d:33:43:4f:5c:
         f4:42:1c:24:5e:58:85:12:9a:d8:64:a5:14:fb:6d:97:ff:5e:
         b6:0a:8e:64:79:04:fe:f6:04:2c:e7:fd:2a:fd:8d:b1:8b:5b:
         d4:fa:ef:8c:4e:6f:0f:da:cd:6c:43:71:43:b7:74:c4:73:f2:
         6f:79:34:11:cb:ed:7f:03:fa:92:83:74:14:1b:f4:c0:d2:4b:
         77:bf:45:f4:bd:d0:ec:f8:0b:4e:82:2a:94:73:69:6a:b8:79:
         fd:34:77:80
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUL2cD0pRGjBxoZlj/eZQfWUkCbXUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDI1MTI4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjliYjAyNGY3ZWM3N2E5MDBhNDMzODk4ZDgyMzI1NTY1
YzI2MjBlY2RhNjliMzFmNzI5ZTY0MTJhNzk5N2ZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCti0xrcxQ1BWVwUNom1lWIK4kXoVVNsUM+XxGZfI3MRrkW
9lJJffe0GaPtwo7R4gfZ6nQXZ12uKTg3Yba+VYR2HYWCOo2PkKR9Xa9xeNMlklw1
B/gEZeTuCHdgpHUW28Z8UTLKMEogbmfIjGjzg+kGMF2ns2LR4vi6SaO6I7I4DiXr
wvfKk9UECnInHzUn9EXkVIFZDVTVLGwRcidzPLVZYehK4PF/4OJGxhwZXhyLLUif
gqrG1PtQnQpvj+yZ6ipCQNO9OmgJ8xw1ZS7AOaUjopZAhJZqnGZfqC/pqiCb2JEN
7n0D6DdXNyzSaUTGxVc9uuDYp8emOEhiYGtmrTOPAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUieeDbq49Cx5XADFx+y19WNYVbzowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyYjZlNDRlLWM5ZjItNDQ5Yy05OWUwLTVlNjZiOTIyMTZlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wIDANBgkqhkiG9w0BAQsFAAOCAQEAo0jGpvLGDQkFLT1oOmWITmfr
pPRUm4lCX2/oBDUxi0M9dWKH7BJP2l9MXabai93skMDUql13eOqTQjuVnUeaM2tJ
1he3uq/m0P1CngjTnp3XskeZblQwCfmD+r97CDoC65Sx9EAbn0VwfOxLmgUukm7s
d1NK/RvM9HDQV6a6GaHxN9FYo5n2PW1i3Nk7NrKX3Peo87vUdUIm/FfGmg0zQ09c
9EIcJF5YhRKa2GSlFPttl/9etgqOZHkE/vYELOf9Kv2NsYtb1PrvjE5vD9rNbENx
Q7d0xHPyb3k0EcvtfwP6koN0FBv0wNJLd79F9L3Q7PgLToIqlHNparh5/TR3gA==
-----END CERTIFICATE-----