Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd26ae3f-13d1-4471-b951-67069e36eae2.roa
File:                     dd26ae3f-13d1-4471-b951-67069e36eae2.roa (raw, json)
Hash identifier:          2R4DD+ybE+/5c/qCCIO+tvQ/OlYKtwUe1lFdPdxUYk4=
Subject key identifier:   A9:30:9D:B0:B6:FD:5B:F3:50:F2:19:AB:ED:3B:02:1F:5C:6D:78:19
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4423CF40D8AB2DA18C3AE84466DB1DA74F6B0937
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd26ae3f-13d1-4471-b951-67069e36eae2.roa
Signing time:             Tue 14 Oct 2025 15:42:23 +0000
ROA not before:           Tue 14 Oct 2025 15:42:23 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fec:a800::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:23:cf:40:d8:ab:2d:a1:8c:3a:e8:44:66:db:1d:a7:4f:6b:09:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 15:42:23 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=fa071ae4e9c2e3033a8705979009ad03f7f0e1827a56e761fc9bd7e8281ea1ef, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:81:b3:3c:1f:c4:4b:a5:f8:29:e7:b9:11:99:
                    46:fa:69:08:b3:c5:4b:c4:5a:e5:3e:90:30:38:4a:
                    c6:a1:61:d5:de:c8:ff:69:b4:0f:b0:07:d2:ae:ea:
                    44:5d:69:7b:31:ca:34:cc:7a:a0:20:f9:17:28:a7:
                    ff:59:5a:0a:49:05:56:da:35:45:70:28:ab:a4:9f:
                    a1:b7:9c:c6:e9:dd:50:8a:82:1d:70:5a:f3:c9:b4:
                    3e:e0:53:25:66:34:27:24:51:10:96:2c:9f:2e:7a:
                    bb:aa:6f:09:70:52:a2:d6:d8:dc:61:3d:ae:85:03:
                    c3:ff:d3:0e:3a:15:ec:bc:48:6e:c3:e1:a1:67:3a:
                    dd:d1:31:de:25:b9:35:41:12:6e:3f:b0:58:1f:bd:
                    11:81:da:f7:cd:5e:d1:68:57:2e:f1:32:b1:10:ca:
                    09:f5:f8:fe:5c:4b:36:6f:54:44:28:d3:f1:f9:34:
                    1d:34:85:7c:40:12:1b:3f:67:90:74:0b:7d:03:b7:
                    6e:ad:13:b6:53:19:0f:11:f4:aa:49:12:c9:5d:66:
                    42:8e:58:50:32:32:83:45:05:a4:62:0e:79:c8:de:
                    13:8c:7c:70:9d:e7:03:68:b2:9b:c6:dd:67:99:7e:
                    d1:8f:10:72:15:c0:7e:3d:49:aa:97:10:a4:e7:7c:
                    7b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:30:9D:B0:B6:FD:5B:F3:50:F2:19:AB:ED:3B:02:1F:5C:6D:78:19
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd26ae3f-13d1-4471-b951-67069e36eae2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fec:a800::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:3d:3b:fd:2e:20:5b:7e:6c:8d:d2:fb:63:ce:9b:fe:5a:05:
         0e:78:f9:b6:65:c9:d8:d6:e9:9a:9c:e1:44:00:03:5c:88:65:
         d3:45:a5:9e:8d:3a:0b:ba:e8:50:df:6d:d6:03:d6:ad:81:c0:
         a9:d3:3e:a4:ee:4c:50:cb:d7:93:eb:f5:fd:2d:c1:1d:d6:b2:
         7d:96:2a:b6:da:f8:04:10:17:37:d9:05:0b:55:5d:2f:13:99:
         07:8b:7a:fb:56:78:87:59:a7:18:71:72:27:be:8c:74:e4:2c:
         6c:08:95:4a:6d:bf:f6:bb:0c:44:a3:7f:a7:7f:fb:5e:aa:5d:
         db:43:7c:04:76:ea:92:e7:f5:8d:fe:a7:e4:51:1c:0e:05:cc:
         e6:b5:c3:0b:ed:71:77:3e:f6:ca:26:d2:d3:ad:50:56:ce:df:
         c4:bd:63:8e:30:18:0d:5d:64:32:e4:3e:8a:8e:7d:c7:57:36:
         f1:9b:a3:a5:09:9a:b8:92:84:75:27:6c:2b:e3:5e:51:63:47:
         7b:be:73:87:14:b4:e3:d9:d7:24:da:04:68:f0:f8:3b:f1:47:
         28:0a:4e:b9:ec:44:39:92:56:4e:74:da:4a:2c:36:84:38:0e:
         04:a9:9d:f2:17:bc:09:c1:d5:a4:27:ac:6c:5b:44:61:14:29:
         24:d6:65:40
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIURCPPQNirLaGMOuhEZtsdp09rCTcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTU0MjIzWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTA3MWFlNGU5YzJlMzAzM2E4NzA1OTc5MDA5YWQwM2Y3
ZjBlMTgyN2E1NmU3NjFmYzliZDdlODI4MWVhMWVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDegbM8H8RLpfgp57kRmUb6aQizxUvEWuU+kDA4SsahYdXe
yP9ptA+wB9Ku6kRdaXsxyjTMeqAg+Rcop/9ZWgpJBVbaNUVwKKukn6G3nMbp3VCK
gh1wWvPJtD7gUyVmNCckURCWLJ8ueruqbwlwUqLW2NxhPa6FA8P/0w46Fey8SG7D
4aFnOt3RMd4luTVBEm4/sFgfvRGB2vfNXtFoVy7xMrEQygn1+P5cSzZvVEQo0/H5
NB00hXxAEhs/Z5B0C30Dt26tE7ZTGQ8R9KpJEsldZkKOWFAyMoNFBaRiDnnI3hOM
fHCd5wNospvG3WeZftGPEHIVwH49SaqXEKTnfHu9AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUqTCdsLb9W/NQ8hmr7TsCH1xteBkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RkMjZhZTNmLTEzZDEtNDQ3MS1iOTUxLTY3MDY5ZTM2ZWFlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/sqAAwDQYJKoZIhvcNAQELBQADggEBAFE9O/0uIFt+bI3S+2POm/5a
BQ54+bZlydjW6Zqc4UQAA1yIZdNFpZ6NOgu66FDfbdYD1q2BwKnTPqTuTFDL15Pr
9f0twR3Wsn2WKrba+AQQFzfZBQtVXS8TmQeLevtWeIdZpxhxcie+jHTkLGwIlUpt
v/a7DESjf6d/+16qXdtDfAR26pLn9Y3+p+RRHA4FzOa1wwvtcXc+9som0tOtUFbO
38S9Y44wGA1dZDLkPoqOfcdXNvGbo6UJmriShHUnbCvjXlFjR3u+c4cUtOPZ1yTa
BGjw+DvxRygKTrnsRDmSVk502kosNoQ4DgSpnfIXvAnB1aQnrGxbRGEUKSTWZUA=
-----END CERTIFICATE-----