Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d97c3616-0d82-4524-945b-08ee314efd7b.roa
File:                     d97c3616-0d82-4524-945b-08ee314efd7b.roa (raw, json)
Hash identifier:          hPNrTK82s8w2L9WtZx4x77GB8nVWUY5PSEiRX575n9g=
Subject key identifier:   C2:E0:E8:3A:75:F8:A9:03:5A:0C:3E:9E:0D:1B:75:1E:EA:BB:0E:D5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E72F105A30CC9557DCE42414DEA3BC7BA834CD1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d97c3616-0d82-4524-945b-08ee314efd7b.roa
Signing time:             Fri 03 Oct 2025 00:21:59 +0000
ROA not before:           Fri 03 Oct 2025 00:21:59 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff0:2000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:72:f1:05:a3:0c:c9:55:7d:ce:42:41:4d:ea:3b:c7:ba:83:4c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:21:59 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=a057fff44b3342690ec03f69bdc17b4058d36cc1fcd76aa628d8af7377a9e149, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:87:ae:48:b1:d7:a5:15:10:27:12:d9:3f:ea:
                    3d:75:46:22:5a:39:a1:d6:13:55:4e:d8:98:84:71:
                    52:b5:8f:20:ca:f7:30:b7:5d:64:f1:ac:9d:a4:86:
                    41:5e:ea:6f:98:70:25:c8:91:48:1a:97:07:b0:19:
                    f5:28:2f:b3:f2:fe:4a:89:f5:94:a8:7e:a9:cc:ab:
                    91:8b:0c:b7:60:98:b1:0d:0e:1b:97:5a:cf:b9:09:
                    d2:6f:a2:57:6c:bd:1b:75:e9:9e:20:03:60:f4:9b:
                    a7:f7:08:57:8d:1a:6e:1e:92:46:f8:68:62:0b:8e:
                    dc:0a:f1:a1:99:e3:b5:c7:42:3c:39:69:c6:6c:09:
                    8e:c4:6b:94:90:44:f3:a9:0a:c7:c2:6f:82:fe:70:
                    83:09:1e:a9:d4:0a:2d:b8:36:b2:0d:fb:6c:a6:45:
                    dd:6f:37:b0:d1:25:5c:14:12:81:a9:7f:db:39:d9:
                    ab:04:8d:5d:44:dc:9d:4f:f2:be:a6:da:4a:fe:1d:
                    c5:86:b6:90:27:a9:03:2a:0d:0c:f6:58:c2:81:96:
                    16:f6:87:b8:5f:35:95:30:10:c9:37:06:d9:24:01:
                    1b:3f:fc:64:25:2b:63:fe:e3:43:5e:3e:85:76:bd:
                    d2:e4:f4:43:18:31:a6:66:03:d3:04:38:1f:5d:1c:
                    b6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E0:E8:3A:75:F8:A9:03:5A:0C:3E:9E:0D:1B:75:1E:EA:BB:0E:D5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d97c3616-0d82-4524-945b-08ee314efd7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff0:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         80:a2:89:09:4d:d1:01:81:cc:62:56:9b:d6:a9:e8:90:61:ca:
         b9:0a:90:e0:9d:f2:c0:71:4c:9a:7e:96:3a:5a:de:04:6b:94:
         05:f1:94:11:ab:8f:17:51:af:ca:77:c8:30:d1:d5:31:bd:e7:
         44:68:54:48:3d:4c:fc:45:8d:e7:a5:4c:67:4b:dc:7f:66:f2:
         9c:dd:d7:c4:34:ce:59:33:d8:c8:6d:8f:b3:48:ed:42:f9:80:
         7c:e5:9f:e5:f6:d4:5b:be:46:84:72:2d:f7:dd:2e:e3:fd:69:
         42:63:c2:d8:97:a1:fd:70:db:a4:ed:66:69:cc:b3:e1:36:08:
         e7:b8:0b:b7:21:80:4e:16:a6:d6:c7:19:0f:98:87:72:b9:b8:
         4f:6e:1b:08:37:ee:c1:c2:05:8e:6b:a2:1d:02:df:8b:d3:cd:
         15:b8:6d:c5:5a:6b:5c:26:91:8c:e5:ba:6a:08:32:20:3b:1d:
         9d:83:15:ef:be:79:ca:b0:5f:a9:ee:be:66:fc:26:41:db:34:
         0d:55:f3:64:a4:42:fe:4c:96:d8:9f:b2:34:8c:9a:58:06:56:
         f1:ce:31:c3:d5:19:de:13:72:d1:b0:72:e4:e9:26:5e:22:46:
         fa:99:c7:73:0e:4b:36:a2:cd:13:2e:78:7f:15:62:28:09:76:
         ec:a9:75:02
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIULnLxBaMMyVV9zkJBTeo7x7qDTNEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAyMTU5WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMDU3ZmZmNDRiMzM0MjY5MGVjMDNmNjliZGMxN2I0MDU4
ZDM2Y2MxZmNkNzZhYTYyOGQ4YWY3Mzc3YTllMTQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZh65IsdelFRAnEtk/6j11RiJaOaHWE1VO2JiEcVK1jyDK
9zC3XWTxrJ2khkFe6m+YcCXIkUgalwewGfUoL7Py/kqJ9ZSofqnMq5GLDLdgmLEN
DhuXWs+5CdJvoldsvRt16Z4gA2D0m6f3CFeNGm4ekkb4aGILjtwK8aGZ47XHQjw5
acZsCY7Ea5SQRPOpCsfCb4L+cIMJHqnUCi24NrIN+2ymRd1vN7DRJVwUEoGpf9s5
2asEjV1E3J1P8r6m2kr+HcWGtpAnqQMqDQz2WMKBlhb2h7hfNZUwEMk3BtkkARs/
/GQlK2P+40NePoV2vdLk9EMYMaZmA9MEOB9dHLa9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUwuDoOnX4qQNaDD6eDRt1Huq7DtUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5N2MzNjE2LTBkODItNDUyNC05NDViLTA4ZWUzMTRlZmQ3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/wIDANBgkqhkiG9w0BAQsFAAOCAQEAgKKJCU3RAYHMYlab1qnokGHK
uQqQ4J3ywHFMmn6WOlreBGuUBfGUEauPF1GvynfIMNHVMb3nRGhUSD1M/EWN56VM
Z0vcf2bynN3XxDTOWTPYyG2Ps0jtQvmAfOWf5fbUW75GhHIt990u4/1pQmPC2Jeh
/XDbpO1macyz4TYI57gLtyGATham1scZD5iHcrm4T24bCDfuwcIFjmuiHQLfi9PN
FbhtxVprXCaRjOW6aggyIDsdnYMV7755yrBfqe6+ZvwmQds0DVXzZKRC/kyW2J+y
NIyaWAZW8c4xw9UZ3hNy0bBy5OkmXiJG+pnHcw5LNqLNEy54fxViKAl27Kl1Ag==
-----END CERTIFICATE-----