Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe36f809-544c-406a-9026-627fbf7d8377.roa
File:                     fe36f809-544c-406a-9026-627fbf7d8377.roa (raw, json)
Hash identifier:          9/DB5xHu+LPHFMOvAJ4zVAEZGOCWRIO4x1xpHoyeEgc=
Subject key identifier:   3A:CC:B6:8A:56:0B:CD:96:93:54:5D:E9:AF:BD:44:E7:59:E1:E6:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5973933AFD4F27B800ED63114E30902BBE9CCF1D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe36f809-544c-406a-9026-627fbf7d8377.roa
Signing time:             Wed 08 Oct 2025 00:11:19 +0000
ROA not before:           Wed 08 Oct 2025 00:11:19 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:e000::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:73:93:3a:fd:4f:27:b8:00:ed:63:11:4e:30:90:2b:be:9c:cf:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:11:19 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=7411c722566a8347f4113540a0195752fa7f750ccc58df0574377e21ec535cc0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7e:54:70:ee:30:23:37:75:38:3b:77:bf:17:
                    af:b9:70:3c:cf:61:5b:53:83:2d:db:ae:48:46:b1:
                    d1:ec:43:bb:fa:2e:85:c0:51:cc:bc:22:6e:20:46:
                    b6:e8:1a:ef:19:02:5b:37:a7:79:93:fa:cd:4f:0f:
                    df:02:c2:f2:a2:22:b0:0a:19:6f:93:c5:20:e8:a9:
                    98:c7:01:d9:3d:6c:f5:d3:7f:d5:f7:e4:9a:fa:2f:
                    d0:df:69:5d:80:59:70:6d:0a:24:43:89:2c:14:a4:
                    b3:4d:67:28:8e:b3:a0:ff:ca:a4:7c:3f:3e:07:b2:
                    4e:76:1a:56:d1:2d:e3:92:84:b4:01:66:bd:8e:ca:
                    cb:30:8f:a6:75:93:b4:8c:99:f0:34:80:3c:ef:15:
                    d7:a9:9b:68:2a:43:93:37:f8:d0:64:9e:79:3b:d3:
                    69:55:10:ae:72:3e:6f:02:8e:fd:85:29:3c:61:57:
                    51:9a:5c:31:8f:9f:27:6b:95:4b:16:a7:18:4f:6a:
                    fd:13:37:39:d4:56:36:cb:68:95:a0:83:dd:64:3f:
                    33:6b:ac:40:9e:81:a4:c5:cb:fd:73:39:0d:73:14:
                    37:91:aa:48:ce:3a:08:c5:69:27:7f:81:a9:82:4e:
                    e0:cc:b5:44:5b:36:ae:a9:10:23:eb:e7:db:25:43:
                    0c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:CC:B6:8A:56:0B:CD:96:93:54:5D:E9:AF:BD:44:E7:59:E1:E6:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe36f809-544c-406a-9026-627fbf7d8377.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:e000::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:96:bb:08:c9:a1:43:a6:ee:5c:10:6d:fb:f1:1c:31:5a:6c:
         d8:f7:39:7f:5f:91:cc:72:b5:7c:d6:eb:01:3a:0b:4e:30:83:
         3e:05:ec:00:1f:b5:1c:38:26:84:98:ea:36:0a:24:67:5d:28:
         60:51:a1:b2:f3:85:da:15:b4:5c:1c:74:21:d8:2c:81:d7:b2:
         cd:6c:8c:fb:9d:80:d2:40:5f:8a:ad:ed:8f:f4:f6:a4:c8:2e:
         89:6a:aa:f2:19:c6:31:cf:9a:b9:5b:ba:79:aa:f2:bb:51:8c:
         1d:41:81:d5:1d:82:dd:b5:42:2e:d9:50:ca:69:0f:a1:89:aa:
         59:4b:48:91:61:a4:7a:f7:06:68:2c:7f:8c:6c:dc:3d:fc:3d:
         93:38:c9:fe:5c:9f:a1:ce:1f:b3:85:bc:4d:c4:f7:69:00:01:
         81:d3:70:74:fc:64:bf:f5:d9:7b:1e:10:cd:48:28:68:b6:44:
         94:37:55:cb:f1:1d:17:de:b4:57:bc:e4:3c:fa:05:23:d9:47:
         c4:04:7f:09:0f:14:12:bf:e4:81:ad:38:64:5c:66:8f:92:a4:
         4e:1a:6e:8f:69:0c:40:e4:cb:8c:34:a3:9c:56:b9:1f:a9:82:
         52:d6:58:e4:d6:b8:72:5a:2f:df:22:10:e2:f1:aa:cd:70:67:
         0f:66:25:cb
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUWXOTOv1PJ7gA7WMRTjCQK76czx0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAxMTE5WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDExYzcyMjU2NmE4MzQ3ZjQxMTM1NDBhMDE5NTc1MmZh
N2Y3NTBjY2M1OGRmMDU3NDM3N2UyMWVjNTM1Y2MwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWflRw7jAjN3U4O3e/F6+5cDzPYVtTgy3brkhGsdHsQ7v6
LoXAUcy8Im4gRrboGu8ZAls3p3mT+s1PD98CwvKiIrAKGW+TxSDoqZjHAdk9bPXT
f9X35Jr6L9DfaV2AWXBtCiRDiSwUpLNNZyiOs6D/yqR8Pz4Hsk52GlbRLeOShLQB
Zr2Oysswj6Z1k7SMmfA0gDzvFdepm2gqQ5M3+NBknnk702lVEK5yPm8Cjv2FKTxh
V1GaXDGPnydrlUsWpxhPav0TNznUVjbLaJWgg91kPzNrrECegaTFy/1zOQ1zFDeR
qkjOOgjFaSd/gamCTuDMtURbNq6pECPr59slQwz7AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUOsy2ilYLzZaTVF3pr71E51nh5lswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZlMzZmODA5LTU0NGMtNDA2YS05MDI2LTYyN2ZiZjdkODM3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/24AAwDQYJKoZIhvcNAQELBQADggEBABSWuwjJoUOm7lwQbfvxHDFa
bNj3OX9fkcxytXzW6wE6C04wgz4F7AAftRw4JoSY6jYKJGddKGBRobLzhdoVtFwc
dCHYLIHXss1sjPudgNJAX4qt7Y/09qTILolqqvIZxjHPmrlbunmq8rtRjB1BgdUd
gt21Qi7ZUMppD6GJqllLSJFhpHr3Bmgsf4xs3D38PZM4yf5cn6HOH7OFvE3E92kA
AYHTcHT8ZL/12XseEM1IKGi2RJQ3VcvxHRfetFe85Dz6BSPZR8QEfwkPFBK/5IGt
OGRcZo+SpE4abo9pDEDky4w0o5xWuR+pglLWWOTWuHJaL98iEOLxqs1wZw9mJcs=
-----END CERTIFICATE-----