Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa
File:                     c88bc903-16fc-4d37-9398-665b5419307e.roa (raw, json)
Hash identifier:          eYsDSbsQLW5huMIaclvywzpZ1xHQSXxo+d+rCMrkxIQ=
Subject key identifier:   AB:E1:C1:D9:78:E4:5A:3D:90:0F:20:53:AF:BF:15:87:5E:00:6E:F7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79DE75A86BC3076DAE6317AB72208BEF3657CB2C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa
Signing time:             Sat 27 Sep 2025 00:13:00 +0000
ROA not before:           Sat 27 Sep 2025 00:13:00 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f68:4000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:de:75:a8:6b:c3:07:6d:ae:63:17:ab:72:20:8b:ef:36:57:cb:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:13:00 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=6a94e77de202b1a46bcbbfda51091d4a04ff0cb38bd2b57ebc32b9423abfcdfa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5a:c2:e0:31:fa:d9:f9:81:9d:67:98:55:7a:
                    f4:55:c3:9f:f5:8d:0f:33:7b:09:51:a5:d5:08:56:
                    56:9b:c6:43:e3:f7:33:c4:9e:12:af:16:a9:17:c5:
                    c7:d1:c3:52:2e:1a:ef:df:e6:41:69:8c:c2:4b:a0:
                    86:0a:c7:98:01:6d:c3:5e:00:9e:ad:2b:e1:44:27:
                    41:51:ba:67:df:f8:de:68:15:b2:bf:fc:f2:38:6d:
                    1e:42:38:1d:b3:b9:58:e0:3c:d2:fd:e2:07:59:e8:
                    77:f0:90:a9:8d:91:6b:ff:1a:34:3f:fd:cf:0f:67:
                    c6:f2:3e:4a:4d:2f:e2:19:87:56:31:40:2f:04:bc:
                    ec:af:da:d5:55:eb:e9:40:92:9c:1b:bc:7e:05:7f:
                    1a:ad:c3:8b:b5:bc:8c:eb:84:83:8c:30:ac:aa:24:
                    7e:0b:63:7a:01:05:c8:dd:d0:e5:c6:2d:5e:54:2c:
                    da:20:81:c5:f5:14:d9:41:5a:37:67:75:02:ab:ea:
                    61:eb:b6:06:73:bc:8d:5f:50:9d:5b:0f:d3:ef:d2:
                    67:78:c6:83:0f:33:7f:a3:dc:ce:30:e1:98:e4:c2:
                    d0:11:7a:44:94:14:f8:b1:95:39:98:1e:6a:8a:fe:
                    cd:e9:d8:27:69:ac:24:85:6a:2f:e1:17:65:a4:6a:
                    e1:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E1:C1:D9:78:E4:5A:3D:90:0F:20:53:AF:BF:15:87:5E:00:6E:F7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f68:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         14:17:3a:9a:64:8c:1f:2c:10:37:96:5d:69:ca:3d:7d:61:7d:
         83:db:a1:bf:9f:06:5d:fa:3c:c6:e3:1f:ce:b7:94:da:ed:28:
         80:ab:11:c9:61:af:33:7e:3a:57:18:a9:07:e7:6d:65:b2:d7:
         de:a8:eb:02:76:45:42:21:30:45:67:70:65:0f:1b:79:34:1e:
         89:ac:ab:cf:58:6c:b1:c7:bc:4d:2e:30:39:81:cb:f0:8e:2b:
         a0:81:80:89:67:2c:7f:9f:66:bc:9a:60:17:99:3e:76:c9:44:
         b9:48:b9:e9:fd:30:a8:7d:ee:07:74:6d:1c:61:03:88:23:33:
         34:89:09:10:06:a7:b1:0f:dc:fa:a4:df:79:6a:99:e2:2f:dc:
         aa:17:a3:8d:15:56:13:43:71:43:19:f9:32:1a:8c:d2:7e:8b:
         d6:99:d1:9e:6c:fc:2b:0a:15:64:ce:2f:d8:95:c6:0e:3c:39:
         0a:01:e5:db:b4:9a:42:56:1a:ec:62:94:8a:15:15:11:69:a0:
         b9:5e:7f:61:79:2d:c7:43:19:bc:ec:e4:a0:ff:7c:6a:6d:32:
         35:0a:d9:ae:42:0c:1a:f5:38:df:17:71:a7:e6:25:59:bd:55:
         64:9f:ae:48:32:86:a8:56:c9:6d:5f:52:08:b9:8d:9a:30:c1:
         d1:4f:02:cb
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUed51qGvDB22uYxerciCL7zZXyywwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAxMzAwWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTk0ZTc3ZGUyMDJiMWE0NmJjYmJmZGE1MTA5MWQ0YTA0
ZmYwY2IzOGJkMmI1N2ViYzMyYjk0MjNhYmZjZGZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0WsLgMfrZ+YGdZ5hVevRVw5/1jQ8zewlRpdUIVlabxkPj
9zPEnhKvFqkXxcfRw1IuGu/f5kFpjMJLoIYKx5gBbcNeAJ6tK+FEJ0FRumff+N5o
FbK//PI4bR5COB2zuVjgPNL94gdZ6HfwkKmNkWv/GjQ//c8PZ8byPkpNL+IZh1Yx
QC8EvOyv2tVV6+lAkpwbvH4Ffxqtw4u1vIzrhIOMMKyqJH4LY3oBBcjd0OXGLV5U
LNoggcX1FNlBWjdndQKr6mHrtgZzvI1fUJ1bD9Pv0md4xoMPM3+j3M4w4ZjkwtAR
ekSUFPixlTmYHmqK/s3p2CdprCSFai/hF2WkauEjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUq+HB2XjkWj2QDyBTr78Vh14AbvcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M4OGJjOTAzLTE2ZmMtNGQzNy05Mzk4LTY2NWI1NDE5MzA3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB9oQDANBgkqhkiG9w0BAQsFAAOCAQEAFBc6mmSMHywQN5Zdaco9fWF9
g9uhv58GXfo8xuMfzreU2u0ogKsRyWGvM346VxipB+dtZbLX3qjrAnZFQiEwRWdw
ZQ8beTQeiayrz1hssce8TS4wOYHL8I4roIGAiWcsf59mvJpgF5k+dslEuUi56f0w
qH3uB3RtHGEDiCMzNIkJEAansQ/c+qTfeWqZ4i/cqhejjRVWE0NxQxn5MhqM0n6L
1pnRnmz8KwoVZM4v2JXGDjw5CgHl27SaQlYa7GKUihUVEWmguV5/YXktx0MZvOzk
oP98am0yNQrZrkIMGvU43xdxp+YlWb1VZJ+uSDKGqFbJbV9SCLmNmjDB0U8Cyw==
-----END CERTIFICATE-----