Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d68b7ee9-305e-435f-9aa7-7fc27cefdec6.roa
File:                     d68b7ee9-305e-435f-9aa7-7fc27cefdec6.roa (raw, json)
Hash identifier:          ly1WbK5njzqg6B0itvVylBK3VghTGmSV2K7fhBwrE+8=
Subject key identifier:   8D:A5:63:95:4A:3E:39:09:6C:67:3E:C5:00:B0:8F:F1:9A:9F:7E:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5405A5BEB12546D7C1E72E34DE31F1CE47258B33
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d68b7ee9-305e-435f-9aa7-7fc27cefdec6.roa
Signing time:             Mon 06 Oct 2025 16:02:05 +0000
ROA not before:           Mon 06 Oct 2025 16:02:05 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fb9:ec00::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:05:a5:be:b1:25:46:d7:c1:e7:2e:34:de:31:f1:ce:47:25:8b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:02:05 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=d92ddd74084161d545c3027c12bd9cb819397ac159ee967c1160465b0f9dca5f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3b:46:07:4b:48:bb:fa:a2:07:46:aa:6c:6c:
                    ff:bf:28:03:07:70:96:24:c8:aa:68:c3:7b:55:a9:
                    af:40:d2:bb:c5:e6:29:61:26:e1:95:84:7d:58:4b:
                    f5:72:a3:4d:a3:fe:55:5c:08:aa:ef:ac:97:31:0a:
                    f0:0c:9a:35:35:75:23:86:84:5b:7b:28:9c:37:ce:
                    fe:59:ed:25:27:ea:6d:8a:82:5c:58:45:a4:d5:c4:
                    a2:06:0f:4a:c0:f0:c7:1f:68:82:5a:d6:51:27:0e:
                    74:af:5f:ce:6c:74:7a:61:69:1b:21:e8:71:08:38:
                    17:d5:0e:f3:4f:38:7b:36:ec:a2:8a:ba:58:e9:6b:
                    3a:89:ae:41:44:01:62:76:9c:5b:88:5f:3e:5e:50:
                    d0:dc:b2:6d:5f:93:de:f1:24:d8:48:05:29:69:69:
                    fa:b7:f0:fb:1c:59:a0:f0:e3:81:83:1d:09:2a:8a:
                    a5:a2:bb:28:f3:4f:4d:0a:71:c7:96:1e:f6:99:a1:
                    f7:a3:11:7c:c6:0d:7a:3c:1e:91:f3:ce:9e:94:20:
                    a0:31:87:96:47:2c:ef:79:86:89:19:ef:7d:09:e3:
                    9c:76:96:2a:c0:bd:cb:04:a6:53:e8:15:4f:9b:fe:
                    f5:dc:64:83:90:aa:51:cc:07:f9:17:a6:34:4d:de:
                    56:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A5:63:95:4A:3E:39:09:6C:67:3E:C5:00:B0:8F:F1:9A:9F:7E:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d68b7ee9-305e-435f-9aa7-7fc27cefdec6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb9:ec00::/40

    Signature Algorithm: sha256WithRSAEncryption
         46:f4:0a:20:ac:00:2b:93:a8:61:a8:c7:7f:5c:c1:33:8f:e6:
         ac:b4:af:70:3a:34:bf:4c:ae:e7:ca:78:ee:f9:42:22:64:d1:
         50:ab:76:90:26:40:98:90:52:1d:60:f6:ac:07:9d:d7:4e:c8:
         c4:d6:bc:f4:7d:e9:16:b2:44:73:29:33:b5:2c:17:26:5b:ac:
         b7:8b:3f:0a:1f:4c:86:75:ce:aa:ac:1b:f2:08:2d:97:64:da:
         2e:0f:11:f8:20:46:06:67:ea:c0:46:4a:b4:be:74:38:6d:46:
         2d:34:c7:72:7c:02:b5:f0:d2:02:28:8e:4f:45:16:22:9e:8c:
         22:6a:10:c0:6b:30:51:35:0d:ef:31:fd:ac:7b:18:5f:57:f3:
         f0:f7:00:1f:84:bf:8a:24:b1:16:b9:88:0f:26:dc:a5:f8:a9:
         4a:cd:ef:fc:02:1e:dd:a8:8d:ce:31:a1:af:13:bf:6c:dc:fa:
         1b:62:9e:4e:08:3a:39:7b:7c:46:2c:0d:12:ab:3d:e8:b5:b6:
         96:bf:ac:e1:0c:cd:fe:5c:3d:dc:8b:61:79:e9:64:56:fd:2f:
         3f:db:30:4e:43:52:2f:45:35:fd:a3:c7:d4:bf:63:fe:4d:fe:
         7f:c3:22:d5:0f:e7:30:08:52:9d:bc:ec:60:db:ef:d4:39:84:
         f4:a7:36:12
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUVAWlvrElRtfB5y403jHxzkclizMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYwMjA1WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTJkZGQ3NDA4NDE2MWQ1NDVjMzAyN2MxMmJkOWNiODE5
Mzk3YWMxNTllZTk2N2MxMTYwNDY1YjBmOWRjYTVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDO0YHS0i7+qIHRqpsbP+/KAMHcJYkyKpow3tVqa9A0rvF
5ilhJuGVhH1YS/Vyo02j/lVcCKrvrJcxCvAMmjU1dSOGhFt7KJw3zv5Z7SUn6m2K
glxYRaTVxKIGD0rA8McfaIJa1lEnDnSvX85sdHphaRsh6HEIOBfVDvNPOHs27KKK
uljpazqJrkFEAWJ2nFuIXz5eUNDcsm1fk97xJNhIBSlpafq38PscWaDw44GDHQkq
iqWiuyjzT00KcceWHvaZofejEXzGDXo8HpHzzp6UIKAxh5ZHLO95hokZ730J45x2
lirAvcsEplPoFU+b/vXcZIOQqlHMB/kXpjRN3lb1AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUjaVjlUo+OQlsZz7FALCP8ZqffikwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2OGI3ZWU5LTMwNWUtNDM1Zi05YWE3LTdmYzI3Y2VmZGVjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+57DANBgkqhkiG9w0BAQsFAAOCAQEARvQKIKwAK5OoYajHf1zBM4/m
rLSvcDo0v0yu58p47vlCImTRUKt2kCZAmJBSHWD2rAed107IxNa89H3pFrJEcykz
tSwXJlust4s/Ch9MhnXOqqwb8ggtl2TaLg8R+CBGBmfqwEZKtL50OG1GLTTHcnwC
tfDSAiiOT0UWIp6MImoQwGswUTUN7zH9rHsYX1fz8PcAH4S/iiSxFrmIDybcpfip
Ss3v/AIe3aiNzjGhrxO/bNz6G2KeTgg6OXt8RiwNEqs96LW2lr+s4QzN/lw93Ith
eelkVv0vP9swTkNSL0U1/aPH1L9j/k3+f8Mi1Q/nMAhSnbzsYNvv1DmE9Kc2Eg==
-----END CERTIFICATE-----