Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f72c868e-09c6-45bf-b69f-5299536cb0fc.roa
File:                     f72c868e-09c6-45bf-b69f-5299536cb0fc.roa (raw, json)
Hash identifier:          dkVThJernNpoPSDUfcr9Um81ZMz5+4JHldI5Z24YPQo=
Subject key identifier:   AF:49:AC:40:90:71:D9:A7:9C:CB:C1:EA:18:F3:2B:C2:71:66:52:6C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3153AE6850A445167DCF4346D2F2FC04AE0D1C39
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f72c868e-09c6-45bf-b69f-5299536cb0fc.roa
Signing time:             Sat 04 Oct 2025 00:52:28 +0000
ROA not before:           Sat 04 Oct 2025 00:52:28 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ff3:2000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:53:ae:68:50:a4:45:16:7d:cf:43:46:d2:f2:fc:04:ae:0d:1c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  4 00:52:28 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=7e0985b615a6afe4f9cbdc128593113a8595ef4cda87a1285d7fe03046302f20, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2c:5f:86:4c:2f:0e:12:2e:2a:ae:fc:41:86:
                    bf:cc:15:72:91:73:eb:3d:68:99:a0:10:ca:0b:e3:
                    94:ab:fb:fb:bf:28:fd:12:ff:77:42:22:74:dc:63:
                    1f:56:22:ee:07:f5:ed:3c:7b:9b:db:71:b7:9a:5f:
                    74:ff:5e:5e:70:26:b7:ba:2d:16:db:31:f5:d9:30:
                    b9:4a:33:dd:1e:ce:6f:22:c1:00:13:3e:96:f0:ca:
                    2c:e5:87:c2:63:76:bf:f8:0a:4b:bf:3d:ea:46:54:
                    66:5e:8d:5a:79:23:ce:f9:85:53:a2:52:17:e1:0d:
                    3d:6f:f2:55:e3:6b:9f:16:fa:c5:18:42:b5:4a:e7:
                    01:96:e3:ae:0c:b4:ff:66:9d:8d:8b:8c:41:50:e5:
                    1b:4c:07:d4:f4:6b:b6:ce:28:dc:79:32:e5:f5:f6:
                    6d:b4:08:c7:de:e2:62:ee:c3:d0:7e:ed:0f:3b:5c:
                    2c:c9:29:af:f7:9d:ed:14:31:64:c1:3e:2f:c9:e2:
                    2c:f2:a2:bd:83:d5:fd:62:a2:62:b4:72:03:3d:22:
                    a0:1e:aa:b6:66:35:43:9d:70:53:57:bd:cc:31:1d:
                    b1:f5:c7:d9:2d:06:59:e7:2a:ef:e4:9d:b1:61:37:
                    83:18:9a:ec:92:04:a0:f0:69:3b:66:53:f1:65:26:
                    f9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:49:AC:40:90:71:D9:A7:9C:CB:C1:EA:18:F3:2B:C2:71:66:52:6C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f72c868e-09c6-45bf-b69f-5299536cb0fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff3:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         04:5f:18:50:b4:12:61:a1:fc:1c:37:39:a7:8c:20:4b:b2:64:
         34:fa:69:9f:6d:ae:e7:88:26:ed:98:c0:50:7e:b2:7c:b9:18:
         88:73:ee:bd:c4:eb:ef:14:91:46:11:cf:31:7b:2f:0d:65:c1:
         7e:6e:5d:ff:a0:5a:d2:83:45:ef:d6:8c:a8:6c:02:15:b9:38:
         76:a4:9e:e4:79:11:e5:8e:73:62:1f:14:00:69:b7:51:18:3c:
         db:6a:7b:31:03:3d:86:1d:e2:ce:15:d4:1b:07:7d:ad:29:cb:
         4e:3b:17:6a:2f:7b:1f:8a:22:b6:19:87:c9:a2:62:e4:7e:a8:
         32:e6:4a:1f:41:a9:9b:9f:b0:e3:18:62:9c:d7:7e:1d:9d:30:
         cc:a3:bb:ce:53:61:c5:77:60:46:c6:6d:a2:db:ae:56:64:73:
         4d:07:2a:6f:bb:ed:82:e0:59:d0:f2:bc:fe:e3:8a:be:a7:3b:
         83:43:99:e2:93:29:34:2c:c0:a7:ff:c3:81:de:f9:4e:3d:97:
         7c:f6:49:4d:b1:9b:f1:8a:80:5f:49:04:e0:82:ff:85:d1:08:
         2e:77:17:e3:2a:2d:33:50:b6:9a:91:90:d2:be:04:6e:00:0a:
         07:7b:10:91:8f:46:3e:bb:cc:6d:f7:a7:4e:28:39:92:ca:c4:
         15:70:94:34
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMVOuaFCkRRZ9z0NG0vL8BK4NHDkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA0MDA1MjI4WhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZTA5ODViNjE1YTZhZmU0ZjljYmRjMTI4NTkzMTEzYTg1
OTVlZjRjZGE4N2ExMjg1ZDdmZTAzMDQ2MzAyZjIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmLF+GTC8OEi4qrvxBhr/MFXKRc+s9aJmgEMoL45Sr+/u/
KP0S/3dCInTcYx9WIu4H9e08e5vbcbeaX3T/Xl5wJre6LRbbMfXZMLlKM90ezm8i
wQATPpbwyizlh8Jjdr/4Cku/PepGVGZejVp5I875hVOiUhfhDT1v8lXja58W+sUY
QrVK5wGW464MtP9mnY2LjEFQ5RtMB9T0a7bOKNx5MuX19m20CMfe4mLuw9B+7Q87
XCzJKa/3ne0UMWTBPi/J4izyor2D1f1iomK0cgM9IqAeqrZmNUOdcFNXvcwxHbH1
x9ktBlnnKu/knbFhN4MYmuySBKDwaTtmU/FlJvnXAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUr0msQJBx2aecy8HqGPMrwnFmUmwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y3MmM4NjhlLTA5YzYtNDViZi1iNjlmLTUyOTk1MzZjYjBmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/zIDANBgkqhkiG9w0BAQsFAAOCAQEABF8YULQSYaH8HDc5p4wgS7Jk
NPppn22u54gm7ZjAUH6yfLkYiHPuvcTr7xSRRhHPMXsvDWXBfm5d/6Ba0oNF79aM
qGwCFbk4dqSe5HkR5Y5zYh8UAGm3URg822p7MQM9hh3izhXUGwd9rSnLTjsXai97
H4oithmHyaJi5H6oMuZKH0Gpm5+w4xhinNd+HZ0wzKO7zlNhxXdgRsZtotuuVmRz
TQcqb7vtguBZ0PK8/uOKvqc7g0OZ4pMpNCzAp//Dgd75Tj2XfPZJTbGb8YqAX0kE
4IL/hdEILncX4yotM1C2mpGQ0r4EbgAKB3sQkY9GPrvMbfenTig5ksrEFXCUNA==
-----END CERTIFICATE-----