Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09e0eed7-f971-49f0-8b15-65706a28f0d4.roa
File:                     09e0eed7-f971-49f0-8b15-65706a28f0d4.roa (raw, json)
Hash identifier:          Kgl7DXfWSe1uHWHsnmYi3InU9Jgn7376aoVOLmMToWM=
Subject key identifier:   11:C1:F6:06:B4:6A:BD:28:FA:B4:86:D8:97:46:C3:6E:D8:C1:C0:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       212CE602B75736A349DABA4B5C70B0AEF0BF5283
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09e0eed7-f971-49f0-8b15-65706a28f0d4.roa
Signing time:             Tue 11 Nov 2025 01:01:12 +0000
ROA not before:           Tue 11 Nov 2025 01:01:12 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:4010::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:2c:e6:02:b7:57:36:a3:49:da:ba:4b:5c:70:b0:ae:f0:bf:52:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:01:12 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=d440ddcc22731fa1c6b107259e2249577b547aeec8606d91fd23e6c612cedb98, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6b:71:61:04:67:ec:01:ee:69:cf:b5:8c:9a:
                    52:5f:60:0f:6f:8c:cb:d6:e7:a1:55:de:dd:d9:57:
                    6c:5b:f1:23:b7:ef:36:5e:4f:31:16:95:ba:7d:c8:
                    0e:d6:02:d4:75:5e:a3:af:fd:02:ac:99:fc:2b:f3:
                    01:87:2e:ee:3f:ff:b0:47:78:e3:5e:4d:18:48:a9:
                    ab:a6:5c:a7:3c:31:2a:19:45:03:6a:2f:12:d1:d0:
                    8c:d9:0b:94:dc:df:ff:82:14:bb:ca:48:e9:c8:78:
                    50:de:fc:70:4c:b7:33:4a:1c:ac:b6:68:6e:f4:ae:
                    a5:34:b6:b8:41:6c:d9:fd:66:13:35:ac:b9:e2:7b:
                    70:c3:b4:c6:a9:b2:7b:4d:6f:41:50:c0:dd:43:62:
                    53:42:8c:84:e2:d2:13:18:cf:43:81:f7:b3:a7:65:
                    0f:07:3c:d0:95:90:64:45:29:28:67:06:fd:76:63:
                    0c:10:9b:9b:1e:18:7e:56:a2:41:a4:37:1d:a1:6d:
                    32:0f:e2:b7:1b:03:1d:c6:40:bf:ff:a9:fe:1f:ba:
                    b5:c5:c0:33:26:0d:62:04:97:97:78:ef:f8:c4:c6:
                    a7:bc:41:ea:fa:af:8f:cb:4a:cc:c4:9f:ab:ba:5f:
                    ad:cd:0e:7d:72:40:e1:cb:d8:bb:f7:5c:67:1c:15:
                    a8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C1:F6:06:B4:6A:BD:28:FA:B4:86:D8:97:46:C3:6E:D8:C1:C0:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09e0eed7-f971-49f0-8b15-65706a28f0d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:4010::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:c1:a4:cb:32:48:e2:35:0c:21:13:ea:4b:d1:41:8d:61:8c:
         d9:01:6a:92:88:eb:c0:d0:3a:69:d3:73:81:98:9a:d5:b6:08:
         ca:ae:ab:6b:a9:52:31:cf:94:bf:f5:65:b5:e8:9d:fa:b8:21:
         52:79:c2:7c:bb:99:0b:b7:7d:5d:1f:3e:0e:bf:c6:d0:71:cd:
         ad:e8:49:23:cd:b6:97:10:7a:6d:6d:ac:c0:56:3a:11:10:0a:
         ca:e1:f7:0a:b5:e7:05:47:29:f1:18:d9:43:ea:e5:c4:30:7d:
         59:50:f7:a1:30:b2:02:1a:ed:27:b7:21:1f:ea:5a:00:56:51:
         a7:ef:48:d0:1a:4b:0b:b0:e7:ad:c4:17:c8:c0:a0:c4:d2:ef:
         23:1b:74:2b:35:d0:79:44:ca:be:e9:c7:a3:40:a3:a4:74:cb:
         13:f9:9f:ab:d1:18:10:ae:d5:16:72:59:56:c1:d5:a8:20:5e:
         61:4b:1b:8b:47:c5:09:d0:47:ca:76:4f:45:0d:a8:80:d8:fa:
         79:e9:67:9a:6a:72:0b:52:56:9d:da:6f:73:7f:b8:80:3e:3e:
         e5:04:c1:66:b1:dd:e8:a2:1d:ea:d4:4f:f3:4b:53:7b:6d:38:
         71:d2:45:19:42:d3:a0:d0:8b:30:f3:db:2b:3f:67:31:92:5d:
         0a:15:c5:ec
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUISzmArdXNqNJ2rpLXHCwrvC/UoMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEwMTEyWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDQwZGRjYzIyNzMxZmExYzZiMTA3MjU5ZTIyNDk1Nzdi
NTQ3YWVlYzg2MDZkOTFmZDIzZTZjNjEyY2VkYjk4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCta3FhBGfsAe5pz7WMmlJfYA9vjMvW56FV3t3ZV2xb8SO3
7zZeTzEWlbp9yA7WAtR1XqOv/QKsmfwr8wGHLu4//7BHeONeTRhIqaumXKc8MSoZ
RQNqLxLR0IzZC5Tc3/+CFLvKSOnIeFDe/HBMtzNKHKy2aG70rqU0trhBbNn9ZhM1
rLnie3DDtMapsntNb0FQwN1DYlNCjITi0hMYz0OB97OnZQ8HPNCVkGRFKShnBv12
YwwQm5seGH5WokGkNx2hbTIP4rcbAx3GQL//qf4furXFwDMmDWIEl5d47/jExqe8
Qer6r4/LSszEn6u6X63NDn1yQOHL2Lv3XGccFagrAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUEcH2BrRqvSj6tIbYl0bDbtjBwFswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA5ZTBlZWQ3LWY5NzEtNDlmMC04YjE1LTY1NzA2YTI4ZjBkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AQBAwDQYJKoZIhvcNAQELBQADggEBAKbBpMsySOI1DCET6kvRQY1h
jNkBapKI68DQOmnTc4GYmtW2CMquq2upUjHPlL/1ZbXonfq4IVJ5wny7mQu3fV0f
Pg6/xtBxza3oSSPNtpcQem1trMBWOhEQCsrh9wq15wVHKfEY2UPq5cQwfVlQ96Ew
sgIa7Se3IR/qWgBWUafvSNAaSwuw563EF8jAoMTS7yMbdCs10HlEyr7px6NAo6R0
yxP5n6vRGBCu1RZyWVbB1aggXmFLG4tHxQnQR8p2T0UNqIDY+nnpZ5pqcgtSVp3a
b3N/uIA+PuUEwWax3eiiHerUT/NLU3ttOHHSRRlC06DQizDz2ys/ZzGSXQoVxew=
-----END CERTIFICATE-----