Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02a8835-d035-4e0b-951a-27f71b3a4549.roa
File:                     e02a8835-d035-4e0b-951a-27f71b3a4549.roa (raw, json)
Hash identifier:          8Y7IsvE4ZEUZbk743fLRfOAK4TeRe1a1Ilk+BGf5F2I=
Subject key identifier:   1C:41:7E:1D:D2:34:8B:BC:FF:B2:5C:FF:C4:F4:CB:7A:EC:2C:81:76
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5456209DF60D8611D93F7B48132081E4B61B17E8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02a8835-d035-4e0b-951a-27f71b3a4549.roa
Signing time:             Mon 06 Oct 2025 16:02:01 +0000
ROA not before:           Mon 06 Oct 2025 16:02:01 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:ec00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:56:20:9d:f6:0d:86:11:d9:3f:7b:48:13:20:81:e4:b6:1b:17:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:02:01 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=c3bedfc9d716406a38f529809d24b36c60487520088577a40ebabe7de37edf19, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a0:0f:5a:7c:40:33:40:e6:1f:f1:06:15:72:
                    38:b4:5a:52:58:68:eb:f1:cc:ec:f8:b2:7b:83:51:
                    ac:8b:99:20:0c:c2:f0:11:8c:c6:4c:7f:12:91:33:
                    c7:51:59:b0:2e:28:e9:ee:be:f6:d7:30:a6:99:dd:
                    a2:e7:b4:e1:fc:22:8a:1c:ee:5a:4e:b8:29:3b:cf:
                    8a:1d:f1:c2:01:ba:28:88:8b:32:68:f8:11:d6:98:
                    89:ea:44:ab:f5:cf:82:c0:ed:a2:7a:23:c0:e8:a0:
                    ad:39:c6:33:0d:ea:4a:1d:dd:92:25:3f:2a:83:64:
                    e5:bd:f2:7d:ae:4d:c4:88:9f:e8:a4:f1:fd:87:84:
                    00:34:ee:49:75:66:8b:1d:5a:79:0f:d1:f7:35:8b:
                    eb:77:47:61:3f:95:48:04:c0:e5:70:aa:12:99:5a:
                    46:e7:58:f3:1c:ec:87:7f:28:2f:8c:6c:8e:04:ea:
                    21:5c:0f:10:0c:93:f1:51:a7:a8:3c:54:f3:44:d8:
                    12:19:29:91:c4:74:5e:93:b3:6d:5b:58:66:1e:d6:
                    43:a1:c3:df:9a:6b:6d:d4:e3:a6:e1:cd:1b:b1:4a:
                    94:2f:a3:78:49:ae:81:16:b2:a3:8d:1c:66:2d:19:
                    4e:73:8c:81:64:4e:4f:c2:07:8c:e9:99:bf:e8:4c:
                    2b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:41:7E:1D:D2:34:8B:BC:FF:B2:5C:FF:C4:F4:CB:7A:EC:2C:81:76
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02a8835-d035-4e0b-951a-27f71b3a4549.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:ec00::/40

    Signature Algorithm: sha256WithRSAEncryption
         22:e8:0c:80:1c:d4:20:15:73:5a:54:bc:af:ac:e1:a9:99:33:
         f0:eb:aa:77:4f:ca:3a:f3:31:28:aa:ea:c6:8f:55:2d:5b:77:
         33:62:0f:f7:33:09:34:95:14:97:89:66:95:9e:f9:18:40:06:
         fd:70:bd:0a:35:3d:46:dd:fb:6a:6e:9a:96:7d:99:9f:ab:47:
         82:08:26:d4:aa:74:52:bf:78:54:21:35:0d:72:3b:e1:cc:0e:
         cb:3c:5d:7d:92:a3:93:dd:30:1b:c7:c6:30:6f:bd:ff:c3:8d:
         be:c3:45:c0:f7:5f:a8:b1:e7:01:33:a6:83:ab:03:03:9b:3d:
         c9:cb:ba:bd:1b:41:23:92:cd:1a:af:d0:88:70:c6:34:6d:36:
         56:3c:f4:90:98:56:80:19:26:ac:b7:3b:e6:e6:6f:2b:c2:e4:
         d3:72:06:86:66:66:84:35:7e:5e:a2:4d:f7:49:80:f0:2e:b8:
         5b:e3:17:ca:36:1d:e8:14:52:9b:61:eb:30:d0:c2:63:c7:27:
         1f:bc:07:38:47:ec:aa:d8:a5:cb:cb:9d:7b:f7:6d:6d:ba:1b:
         b6:ef:e0:9d:af:a6:55:50:90:de:73:91:e0:09:33:52:99:2a:
         6f:74:fd:8a:de:1f:a4:69:ce:ea:c6:e7:53:30:3b:72:26:6e:
         50:4c:42:2f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUVFYgnfYNhhHZP3tIEyCB5LYbF+gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYwMjAxWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjM2JlZGZjOWQ3MTY0MDZhMzhmNTI5ODA5ZDI0YjM2YzYw
NDg3NTIwMDg4NTc3YTQwZWJhYmU3ZGUzN2VkZjE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYoA9afEAzQOYf8QYVcji0WlJYaOvxzOz4snuDUayLmSAM
wvARjMZMfxKRM8dRWbAuKOnuvvbXMKaZ3aLntOH8Iooc7lpOuCk7z4od8cIBuiiI
izJo+BHWmInqRKv1z4LA7aJ6I8DooK05xjMN6kod3ZIlPyqDZOW98n2uTcSIn+ik
8f2HhAA07kl1ZosdWnkP0fc1i+t3R2E/lUgEwOVwqhKZWkbnWPMc7Id/KC+MbI4E
6iFcDxAMk/FRp6g8VPNE2BIZKZHEdF6Ts21bWGYe1kOhw9+aa23U46bhzRuxSpQv
o3hJroEWsqONHGYtGU5zjIFkTk/CB4zpmb/oTCu1AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUHEF+HdI0i7z/slz/xPTLeuwsgXYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UwMmE4ODM1LWQwMzUtNGUwYi05NTFhLTI3ZjcxYjNhNDU0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8y7DANBgkqhkiG9w0BAQsFAAOCAQEAIugMgBzUIBVzWlS8r6zhqZkz
8Ouqd0/KOvMxKKrqxo9VLVt3M2IP9zMJNJUUl4lmlZ75GEAG/XC9CjU9Rt37am6a
ln2Zn6tHgggm1Kp0Ur94VCE1DXI74cwOyzxdfZKjk90wG8fGMG+9/8ONvsNFwPdf
qLHnATOmg6sDA5s9ycu6vRtBI5LNGq/QiHDGNG02Vjz0kJhWgBkmrLc75uZvK8Lk
03IGhmZmhDV+XqJN90mA8C64W+MXyjYd6BRSm2HrMNDCY8cnH7wHOEfsqtily8ud
e/dtbbobtu/gna+mVVCQ3nOR4AkzUpkqb3T9it4fpGnO6sbnUzA7ciZuUExCLw==
-----END CERTIFICATE-----