Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/290d02a9-553f-48c7-9fab-bc674743abac.roa
File:                     290d02a9-553f-48c7-9fab-bc674743abac.roa (raw, json)
Hash identifier:          bnm3V2rK+bNOsg7e21wBGXU0XWlS8Y9xBewITvHgC94=
Subject key identifier:   4C:6C:BD:38:EA:E2:73:63:C2:25:08:64:B3:C2:4F:8B:D3:60:32:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       720B05EB72C0F4DCEA52C1AECF774F469909B5B6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/290d02a9-553f-48c7-9fab-bc674743abac.roa
Signing time:             Wed 29 Oct 2025 07:24:54 +0000
ROA not before:           Wed 29 Oct 2025 07:24:54 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fea:10c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:0b:05:eb:72:c0:f4:dc:ea:52:c1:ae:cf:77:4f:46:99:09:b5:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 07:24:54 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=cd1fddc88c7150d9d7b94a37fd3bdfd4c60aa5eadec20ad86433964cf56078ab, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3a:d7:d3:38:66:77:70:33:fe:9f:a2:bd:c7:
                    b4:93:4c:bc:84:64:23:b9:d6:7e:c2:ae:fd:8b:3c:
                    bd:de:2e:fe:83:12:dd:1c:5c:35:25:50:5f:b6:48:
                    41:e5:d1:a6:93:9b:b6:32:0e:52:48:23:84:0e:43:
                    71:1b:ba:dd:1e:da:f1:b5:c4:3e:7d:d8:00:9f:38:
                    48:d9:9a:9c:d7:06:91:89:c9:f2:cb:f0:f0:84:18:
                    70:90:47:08:a8:6e:22:23:70:4f:0d:74:8b:dd:7a:
                    39:72:3f:1c:72:48:ca:4f:c9:c2:a8:13:26:2a:3f:
                    b7:89:b0:2a:17:19:30:c2:09:43:0d:be:c4:80:e0:
                    ec:ca:e6:d0:38:42:9b:ff:db:88:ac:4c:7d:99:7f:
                    77:f6:e0:f9:aa:d1:9b:09:c7:af:cd:77:fb:20:a5:
                    3c:ee:db:75:60:04:44:b0:aa:4e:e5:9f:6f:fd:40:
                    02:6f:65:d0:00:6a:a3:75:cf:6c:82:d6:6f:a3:f1:
                    a7:8a:db:d7:80:f7:52:31:af:58:b7:fc:8b:20:58:
                    50:f4:93:fd:fe:13:34:ba:02:6c:54:6b:21:28:d0:
                    67:dd:32:87:3a:18:72:d9:37:f3:4b:db:4a:73:0e:
                    e4:d5:6c:3a:6b:8f:08:b0:d7:df:72:e4:41:22:61:
                    b5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:6C:BD:38:EA:E2:73:63:C2:25:08:64:B3:C2:4F:8B:D3:60:32:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/290d02a9-553f-48c7-9fab-bc674743abac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fea:10c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:e9:67:ec:80:39:54:e8:ec:67:3a:35:85:9a:e9:e9:9d:82:
         d1:62:f1:3f:4c:e9:f3:e7:0d:a4:13:50:66:67:e0:a4:4d:d0:
         90:a0:72:4b:f4:8d:bc:94:b5:52:37:75:5d:66:26:e9:61:9d:
         aa:e7:ac:7e:1c:c8:1f:22:89:b5:53:8c:6f:14:18:0b:2a:81:
         62:d8:b2:aa:e0:32:5d:b0:31:d2:4b:2d:72:c1:d8:ff:1a:a1:
         ed:35:73:bc:ec:e1:46:61:81:3a:70:93:53:08:38:ac:de:d4:
         04:a7:22:57:18:1c:ea:3e:62:57:0f:c9:e4:31:e2:89:42:5a:
         81:25:67:14:53:a4:63:45:32:e9:64:22:4a:9e:57:90:d8:95:
         fc:af:09:66:a1:6e:42:67:c9:91:47:82:ec:9f:02:b6:e0:80:
         52:e1:fe:ac:af:04:8e:62:f8:d4:ee:74:06:a2:d9:8d:5c:34:
         2e:28:2e:8e:70:5d:9e:4d:16:ca:58:7f:ed:98:d2:91:af:9e:
         1b:a0:0b:1c:96:89:e4:9d:89:53:e2:0f:5d:67:75:50:f4:86:
         88:08:ab:1c:d8:ee:5d:88:b4:1b:15:79:e4:e2:15:b2:d6:75:
         05:8a:16:63:e4:7e:d5:e3:5c:dc:e4:fb:a5:ab:05:7f:dc:6e:
         b4:6f:ef:2b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcgsF63LA9NzqUsGuz3dPRpkJtbYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDcyNDU0WhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZDFmZGRjODhjNzE1MGQ5ZDdiOTRhMzdmZDNiZGZkNGM2
MGFhNWVhZGVjMjBhZDg2NDMzOTY0Y2Y1NjA3OGFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCIOtfTOGZ3cDP+n6K9x7STTLyEZCO51n7Crv2LPL3eLv6D
Et0cXDUlUF+2SEHl0aaTm7YyDlJII4QOQ3Ebut0e2vG1xD592ACfOEjZmpzXBpGJ
yfLL8PCEGHCQRwiobiIjcE8NdIvdejlyPxxySMpPycKoEyYqP7eJsCoXGTDCCUMN
vsSA4OzK5tA4Qpv/24isTH2Zf3f24Pmq0ZsJx6/Nd/sgpTzu23VgBESwqk7ln2/9
QAJvZdAAaqN1z2yC1m+j8aeK29eA91Ixr1i3/IsgWFD0k/3+EzS6AmxUayEo0Gfd
Moc6GHLZN/NL20pzDuTVbDprjwiw199y5EEiYbXpAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUTGy9OOric2PCJQhks8JPi9NgMv0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI5MGQwMmE5LTU1M2YtNDhjNy05ZmFiLWJjNjc0NzQzYWJhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/qEMAwDQYJKoZIhvcNAQELBQADggEBAEPpZ+yAOVTo7Gc6NYWa6emd
gtFi8T9M6fPnDaQTUGZn4KRN0JCgckv0jbyUtVI3dV1mJulhnarnrH4cyB8iibVT
jG8UGAsqgWLYsqrgMl2wMdJLLXLB2P8aoe01c7zs4UZhgTpwk1MIOKze1ASnIlcY
HOo+YlcPyeQx4olCWoElZxRTpGNFMulkIkqeV5DYlfyvCWahbkJnyZFHguyfArbg
gFLh/qyvBI5i+NTudAai2Y1cNC4oLo5wXZ5NFspYf+2Y0pGvnhugCxyWieSdiVPi
D11ndVD0hogIqxzY7l2ItBsVeeTiFbLWdQWKFmPkftXjXNzk+6WrBX/cbrRv7ys=
-----END CERTIFICATE-----