Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fca66e5-1583-4d16-a2d8-bb8ef34ed54d.roa
File:                     1fca66e5-1583-4d16-a2d8-bb8ef34ed54d.roa (raw, json)
Hash identifier:          bW8NRGDOZ6T/qoxgfhtLHJNQUsYg/TANXpsFoZmhLQo=
Subject key identifier:   17:4B:7A:F8:B9:3B:49:33:EC:77:B8:79:77:96:29:81:BA:41:A0:F3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       36B6DC915D35015D67D335AFF99BA22276D9209D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fca66e5-1583-4d16-a2d8-bb8ef34ed54d.roa
Signing time:             Wed 12 Nov 2025 02:31:00 +0000
ROA not before:           Wed 12 Nov 2025 02:31:00 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:5040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:b6:dc:91:5d:35:01:5d:67:d3:35:af:f9:9b:a2:22:76:d9:20:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:31:00 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=d6305962e9ee5f2d8ee9153fe3e981392744ee202238ee7235c9084b9536b604, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c7:79:21:62:b1:4e:f1:d2:69:09:74:a1:7b:
                    40:cc:2c:42:73:be:4f:71:9d:68:ec:ac:7e:11:9e:
                    c3:61:75:f6:68:9b:b1:98:95:03:01:73:60:ee:a4:
                    20:a2:af:0a:ad:9b:10:c8:95:b9:85:59:e0:9d:93:
                    7e:dd:58:49:c5:46:63:d6:55:20:7c:6e:ef:39:cc:
                    99:77:a7:4b:34:87:cb:f0:5d:98:09:20:3a:41:ae:
                    bb:73:42:16:a1:e8:84:69:d5:5f:65:20:b1:66:29:
                    ee:f4:54:df:5d:63:89:98:3b:ff:ac:73:6b:a8:0a:
                    97:98:a4:25:d5:94:48:0e:43:dd:b8:b2:68:17:b4:
                    b4:ec:40:79:45:ed:49:1b:ad:b7:c6:f3:ef:1f:9c:
                    f7:6d:9a:04:00:6a:df:2e:88:c7:e1:0b:a5:33:be:
                    4f:f5:33:a4:c9:23:5b:c5:cf:5b:6e:ed:58:00:8f:
                    27:07:91:f9:f1:d9:b4:ed:0d:ab:96:55:45:d4:77:
                    4b:e2:05:ad:05:fc:1d:57:13:b8:ce:02:43:d2:70:
                    78:4e:30:0b:c5:74:e7:2f:82:b4:3b:ff:3e:97:12:
                    d9:62:c7:ea:df:7c:2f:14:ce:a1:86:ad:5a:b4:bc:
                    5a:0f:46:a5:bf:23:05:0d:e9:a1:ae:4b:36:3f:2b:
                    62:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4B:7A:F8:B9:3B:49:33:EC:77:B8:79:77:96:29:81:BA:41:A0:F3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fca66e5-1583-4d16-a2d8-bb8ef34ed54d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:5040::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:8e:52:0d:a7:b2:cb:0d:f6:b9:d7:dc:4b:de:ff:18:d7:c2:
         54:ed:3d:f7:84:cd:7e:ad:4d:e5:b6:19:6e:06:c2:69:7e:6b:
         72:51:96:e8:ef:9e:3e:d7:e8:8f:bc:b2:db:8a:b6:93:15:31:
         62:c8:29:83:a5:08:ef:b1:a6:c7:aa:98:5e:81:71:4d:9a:ac:
         d5:52:a3:ec:67:5a:7b:9c:ed:3f:71:e9:01:e6:b4:ea:5c:b2:
         e5:06:9c:2a:e1:74:77:e5:fc:99:12:e7:38:6f:bc:c1:ff:2f:
         ef:96:b8:13:f3:b6:62:a6:f2:92:f3:e3:3f:02:a2:d7:40:9d:
         cd:33:35:0c:17:12:c9:d3:f4:b4:70:e3:e6:00:e1:11:d3:ef:
         d1:a3:24:6d:24:a3:4e:68:4e:e6:19:ee:2c:5a:69:b2:9e:f6:
         50:46:a1:91:5c:b2:a0:50:48:99:df:fd:ff:60:f8:b2:1b:45:
         38:4a:74:d6:47:b1:09:18:29:6c:43:15:f4:cf:b2:cf:d7:84:
         dc:9f:7f:80:68:06:71:2b:fa:e2:63:dd:95:60:17:3a:7e:76:
         8f:df:35:99:e5:88:00:33:f0:6b:28:e5:78:d2:07:f2:73:b8:
         62:d8:64:1d:1f:96:a8:5a:ab:ae:e8:c6:e0:c0:74:ce:50:fc:
         9c:55:4a:74
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUNrbckV01AV1n0zWv+ZuiInbZIJ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIzMTAwWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjMwNTk2MmU5ZWU1ZjJkOGVlOTE1M2ZlM2U5ODEzOTI3
NDRlZTIwMjIzOGVlNzIzNWM5MDg0Yjk1MzZiNjA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSx3khYrFO8dJpCXShe0DMLEJzvk9xnWjsrH4RnsNhdfZo
m7GYlQMBc2DupCCirwqtmxDIlbmFWeCdk37dWEnFRmPWVSB8bu85zJl3p0s0h8vw
XZgJIDpBrrtzQhah6IRp1V9lILFmKe70VN9dY4mYO/+sc2uoCpeYpCXVlEgOQ924
smgXtLTsQHlF7UkbrbfG8+8fnPdtmgQAat8uiMfhC6Uzvk/1M6TJI1vFz1tu7VgA
jycHkfnx2bTtDauWVUXUd0viBa0F/B1XE7jOAkPScHhOMAvFdOcvgrQ7/z6XEtli
x+rffC8UzqGGrVq0vFoPRqW/IwUN6aGuSzY/K2IlAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUF0t6+Lk7STPsd7h5d5YpgbpBoPMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmY2E2NmU1LTE1ODMtNGQxNi1hMmQ4LWJiOGVmMzRlZDU0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hUEAwDQYJKoZIhvcNAQELBQADggEBACyOUg2nsssN9rnX3Eve/xjX
wlTtPfeEzX6tTeW2GW4Gwml+a3JRlujvnj7X6I+8stuKtpMVMWLIKYOlCO+xpseq
mF6BcU2arNVSo+xnWnuc7T9x6QHmtOpcsuUGnCrhdHfl/JkS5zhvvMH/L++WuBPz
tmKm8pLz4z8CotdAnc0zNQwXEsnT9LRw4+YA4RHT79GjJG0ko05oTuYZ7ixaabKe
9lBGoZFcsqBQSJnf/f9g+LIbRThKdNZHsQkYKWxDFfTPss/XhNyff4BoBnEr+uJj
3ZVgFzp+do/fNZnliAAz8Gso5XjSB/JzuGLYZB0flqhaq67oxuDAdM5Q/JxVSnQ=
-----END CERTIFICATE-----