Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efc992f9-00af-49f7-9474-d7a5b0a4a931.roa
File:                     efc992f9-00af-49f7-9474-d7a5b0a4a931.roa (raw, json)
Hash identifier:          oFy/cRacFONde7Ax90skfn5t9puXYdOHDNDROsErfok=
Subject key identifier:   44:07:4C:80:EF:D8:D2:68:52:51:57:F6:38:34:CB:5F:14:3D:B6:68
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04E21E0BF4BC9CFC0B148C544045E4C095D10A8E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efc992f9-00af-49f7-9474-d7a5b0a4a931.roa
Signing time:             Fri 03 Oct 2025 00:11:58 +0000
ROA not before:           Fri 03 Oct 2025 00:11:58 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f01:4850::/47 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:e2:1e:0b:f4:bc:9c:fc:0b:14:8c:54:40:45:e4:c0:95:d1:0a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:11:58 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=fd8255c27b4d32d74c9f01c8d49ecad15049338d144df7eef1ba40eb495c682f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e0:0b:b0:d5:52:42:55:31:e2:4a:ff:39:6a:
                    89:40:57:6b:0c:ae:ec:8a:a7:e6:02:77:8c:22:2d:
                    7d:db:ab:ce:57:08:82:6d:7c:4f:32:ed:01:76:5c:
                    44:d3:cc:4d:61:ea:b8:00:56:27:3a:24:e2:51:3e:
                    2d:ea:83:9b:d1:27:c1:71:84:73:2a:ea:f5:0e:f9:
                    0e:54:07:bb:9b:14:70:e2:7f:da:07:50:44:f8:fe:
                    79:2f:f0:d9:cf:55:ec:82:2d:4e:b9:1b:ed:5a:31:
                    04:b5:62:04:e0:ab:0d:cc:6f:47:91:9e:35:64:ee:
                    d0:c1:fa:55:d1:16:2c:40:9e:c5:4c:93:e1:3b:7d:
                    aa:4f:be:60:60:44:4f:44:92:35:b5:fb:da:a5:ec:
                    57:20:be:c5:10:26:ba:4c:6d:46:3e:46:03:d0:13:
                    83:13:f9:35:14:a6:c9:44:12:dc:a4:2f:c6:5c:6d:
                    c5:e4:73:c4:49:7f:83:df:2d:24:80:b1:3c:5d:1c:
                    11:ab:a4:2a:8b:8b:27:39:c8:2f:1d:f6:a2:99:62:
                    b6:43:06:7b:ee:24:99:61:95:c8:8e:b6:14:64:e2:
                    47:2f:10:23:09:e6:d7:0a:84:6b:5f:01:cd:3f:65:
                    1b:66:ed:f8:4d:39:ed:75:19:74:b7:a4:15:32:a2:
                    b2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:07:4C:80:EF:D8:D2:68:52:51:57:F6:38:34:CB:5F:14:3D:B6:68
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efc992f9-00af-49f7-9474-d7a5b0a4a931.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f01:4850::/47

    Signature Algorithm: sha256WithRSAEncryption
         38:b3:04:2f:93:d6:97:7e:6f:1c:0b:ae:f3:26:ac:0f:69:b5:
         20:40:61:d2:99:b7:0c:d6:d2:53:b1:39:e7:9a:d1:96:f5:a4:
         e1:9c:dc:43:0c:20:64:67:c9:eb:65:57:d8:fb:dd:ce:a6:1b:
         d7:58:d3:a5:f5:33:07:0c:08:ad:57:4d:3b:cd:21:d4:cf:39:
         74:4f:4e:68:4f:df:6b:af:37:b9:a4:58:7a:9b:b8:81:d9:b2:
         6d:a7:41:52:49:2f:f0:26:36:7e:5e:9c:7c:28:13:2c:f7:60:
         89:b9:38:00:18:08:e4:ba:3a:23:d8:16:14:9b:a3:cb:3a:fd:
         dd:f1:7c:56:9b:78:33:9e:fc:0e:58:a8:53:49:c6:03:fa:83:
         28:60:91:2d:c2:2e:04:91:50:4b:8b:39:92:0f:33:e7:9e:00:
         89:5a:91:c1:14:c5:e9:0e:66:d0:23:2b:67:6c:83:fc:95:9e:
         3b:f7:b4:1b:f0:4f:69:9c:78:8d:85:d4:b8:27:0a:d2:6d:41:
         d2:27:37:fd:0c:f7:84:7f:f5:7b:43:62:30:91:5a:5e:ea:64:
         9d:1f:55:f0:71:a7:eb:29:9b:50:00:a6:3f:be:3f:ca:c4:58:
         7c:74:e7:e3:d0:b6:90:ee:07:ad:bb:5a:1a:99:38:68:eb:05:
         02:36:45:8e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUBOIeC/S8nPwLFIxUQEXkwJXRCo4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAxMTU4WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDgyNTVjMjdiNGQzMmQ3NGM5ZjAxYzhkNDllY2FkMTUw
NDkzMzhkMTQ0ZGY3ZWVmMWJhNDBlYjQ5NWM2ODJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi4Auw1VJCVTHiSv85aolAV2sMruyKp+YCd4wiLX3bq85X
CIJtfE8y7QF2XETTzE1h6rgAVic6JOJRPi3qg5vRJ8FxhHMq6vUO+Q5UB7ubFHDi
f9oHUET4/nkv8NnPVeyCLU65G+1aMQS1YgTgqw3Mb0eRnjVk7tDB+lXRFixAnsVM
k+E7fapPvmBgRE9EkjW1+9ql7FcgvsUQJrpMbUY+RgPQE4MT+TUUpslEEtykL8Zc
bcXkc8RJf4PfLSSAsTxdHBGrpCqLiyc5yC8d9qKZYrZDBnvuJJlhlciOthRk4kcv
ECMJ5tcKhGtfAc0/ZRtm7fhNOe11GXS3pBUyorLJAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQURAdMgO/Y0mhSUVf2ODTLXxQ9tmgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmYzk5MmY5LTAwYWYtNDlmNy05NDc0LWQ3YTViMGE0YTkzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAB8BSFAwDQYJKoZIhvcNAQELBQADggEBADizBC+T1pd+bxwLrvMmrA9p
tSBAYdKZtwzW0lOxOeea0Zb1pOGc3EMMIGRnyetlV9j73c6mG9dY06X1MwcMCK1X
TTvNIdTPOXRPTmhP32uvN7mkWHqbuIHZsm2nQVJJL/AmNn5enHwoEyz3YIm5OAAY
COS6OiPYFhSbo8s6/d3xfFabeDOe/A5YqFNJxgP6gyhgkS3CLgSRUEuLOZIPM+ee
AIlakcEUxekOZtAjK2dsg/yVnjv3tBvwT2mceI2F1LgnCtJtQdInN/0M94R/9XtD
YjCRWl7qZJ0fVfBxp+spm1AApj++P8rEWHx05+PQtpDuB627WhqZOGjrBQI2RY4=
-----END CERTIFICATE-----