Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf99f295-53e6-4f75-8147-bd9a959935ff.roa
File:                     cf99f295-53e6-4f75-8147-bd9a959935ff.roa (raw, json)
Hash identifier:          0bNxTmf1jIfZOJUiemfdGGd/tyro2t8UqSntrL65SpU=
Subject key identifier:   43:34:36:4A:9B:89:AF:F1:7C:78:4D:2B:EE:90:CE:23:CF:D1:F9:EE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58A57FFFED8CFAA44A5C3F36AF09DD01F4CD80CC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf99f295-53e6-4f75-8147-bd9a959935ff.roa
Signing time:             Tue 07 Oct 2025 00:51:06 +0000
ROA not before:           Tue 07 Oct 2025 00:51:06 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fb9:1000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:a5:7f:ff:ed:8c:fa:a4:4a:5c:3f:36:af:09:dd:01:f4:cd:80:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:51:06 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=cfb78de3dfa288c19ff9db49a110315d44d3e6d376130fddf8a314b34460db7a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:76:10:7c:3b:70:ea:f7:d2:ba:2e:cf:ed:35:
                    bd:84:9d:b7:0a:70:b4:3b:42:19:78:ed:c9:6b:2b:
                    d1:9b:32:1f:53:8f:cd:04:7a:88:4b:49:5b:a5:56:
                    6b:98:42:be:8b:57:3b:3f:1f:9a:2f:5d:c6:fe:d1:
                    14:e9:19:37:bd:42:c7:87:65:aa:a5:eb:23:7b:44:
                    d2:8b:d0:7f:98:ae:f4:3a:e3:d5:da:77:b8:0c:da:
                    1b:fe:38:ca:0e:94:62:80:da:b1:f8:4b:79:29:6d:
                    7c:6e:3d:13:66:2c:c2:25:40:a6:d4:3b:b5:92:ed:
                    36:6f:a8:79:fb:db:47:ea:b3:40:6e:f5:65:13:4c:
                    9e:6d:42:0e:1f:65:02:29:fe:b7:33:b3:11:54:9d:
                    0b:ae:6e:00:32:9a:d2:d6:d8:a8:15:09:14:2d:e0:
                    e3:fa:a1:19:35:a2:52:7b:38:b0:3c:5f:f1:5d:af:
                    22:1e:a3:ff:11:46:df:48:b0:88:f5:fb:0d:0f:ff:
                    eb:9a:6e:a6:03:2b:ca:67:c4:29:fa:19:48:e0:c6:
                    b7:99:16:0e:96:be:3f:2c:bc:36:ae:ee:92:18:15:
                    69:52:cf:f6:21:35:f3:81:b6:fa:54:e7:3e:1f:2d:
                    6a:32:3a:35:c4:cd:5e:d5:b0:f0:f4:54:54:b9:c0:
                    b4:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:34:36:4A:9B:89:AF:F1:7C:78:4D:2B:EE:90:CE:23:CF:D1:F9:EE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf99f295-53e6-4f75-8147-bd9a959935ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb9:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a3:2e:fb:d4:63:00:76:f3:67:82:e1:3f:38:89:ce:8c:43:89:
         58:97:b9:d5:c3:27:5f:57:cb:6e:90:9a:85:2c:bd:bf:ef:70:
         03:25:86:82:cc:e7:35:c0:e0:48:be:45:99:f2:d4:7e:f4:20:
         6c:a8:3a:1e:8d:fd:5f:8f:27:5d:c6:7b:60:5d:30:57:2a:3d:
         a9:f7:48:b6:00:21:c6:07:b3:6f:ad:0d:99:43:63:25:2b:40:
         32:ec:da:92:da:72:eb:85:b6:dd:83:6b:95:20:35:f0:07:e1:
         b8:21:7f:25:39:08:5d:c0:ee:a7:92:e2:da:e7:c4:36:87:14:
         72:b0:ce:9e:60:9a:1a:58:63:00:fc:c0:91:10:42:c3:5d:46:
         b6:a5:a0:c2:a2:04:3f:7b:ad:33:07:0c:76:30:49:66:1f:6e:
         a7:cb:28:ab:d0:3a:c5:51:f7:10:52:cc:f7:f6:2f:5c:02:64:
         aa:7c:9d:87:9c:3e:42:21:92:c3:95:61:6b:e0:87:0e:51:dd:
         7b:f2:00:9e:58:fa:23:03:4c:bc:13:3c:7b:11:a2:81:3b:06:
         b9:63:8e:a2:c5:d2:62:b4:48:83:f3:b9:a6:e2:8d:39:2f:84:
         4b:f5:72:d0:25:a6:c9:38:c8:ca:6b:37:de:ef:d8:b4:ff:90:
         b7:12:bf:69
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUWKV//+2M+qRKXD82rwndAfTNgMwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA1MTA2WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZmI3OGRlM2RmYTI4OGMxOWZmOWRiNDlhMTEwMzE1ZDQ0
ZDNlNmQzNzYxMzBmZGRmOGEzMTRiMzQ0NjBkYjdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCdhB8O3Dq99K6Ls/tNb2EnbcKcLQ7Qhl47clrK9GbMh9T
j80EeohLSVulVmuYQr6LVzs/H5ovXcb+0RTpGTe9QseHZaql6yN7RNKL0H+YrvQ6
49Xad7gM2hv+OMoOlGKA2rH4S3kpbXxuPRNmLMIlQKbUO7WS7TZvqHn720fqs0Bu
9WUTTJ5tQg4fZQIp/rczsxFUnQuubgAymtLW2KgVCRQt4OP6oRk1olJ7OLA8X/Fd
ryIeo/8RRt9IsIj1+w0P/+uabqYDK8pnxCn6GUjgxreZFg6Wvj8svDau7pIYFWlS
z/YhNfOBtvpU5z4fLWoyOjXEzV7VsPD0VFS5wLQTAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUQzQ2SpuJr/F8eE0r7pDOI8/R+e4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmOTlmMjk1LTUzZTYtNGY3NS04MTQ3LWJkOWE5NTk5MzVmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+5EDANBgkqhkiG9w0BAQsFAAOCAQEAoy771GMAdvNnguE/OInOjEOJ
WJe51cMnX1fLbpCahSy9v+9wAyWGgsznNcDgSL5FmfLUfvQgbKg6Ho39X48nXcZ7
YF0wVyo9qfdItgAhxgezb60NmUNjJStAMuzaktpy64W23YNrlSA18AfhuCF/JTkI
XcDup5Li2ufENocUcrDOnmCaGlhjAPzAkRBCw11GtqWgwqIEP3utMwcMdjBJZh9u
p8soq9A6xVH3EFLM9/YvXAJkqnydh5w+QiGSw5Vha+CHDlHde/IAnlj6IwNMvBM8
exGigTsGuWOOosXSYrRIg/O5puKNOS+ES/Vy0CWmyTjIyms33u/YtP+QtxK/aQ==
-----END CERTIFICATE-----