Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/346064b3-f3d1-4884-abe1-0e54d6d91914.roa
File:                     346064b3-f3d1-4884-abe1-0e54d6d91914.roa (raw, json)
Hash identifier:          nAsoyRy92bJroK1WI8Y63MzSa0XXRYP4p0KiXoFRrKI=
Subject key identifier:   DC:BC:02:7B:51:36:61:A8:26:AE:CC:C6:69:2F:34:59:E7:D4:3E:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       415E15FA8DE864211A56962B75914C951FC75F4D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/346064b3-f3d1-4884-abe1-0e54d6d91914.roa
Signing time:             Tue 11 Nov 2025 02:01:18 +0000
ROA not before:           Tue 11 Nov 2025 02:01:18 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:80a0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:5e:15:fa:8d:e8:64:21:1a:56:96:2b:75:91:4c:95:1f:c7:5f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:01:18 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=13dee0e528bc606e8821e842338bad89559d713989293592cd1dd07cad5d1150, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:55:82:3b:cd:85:92:75:c4:c9:38:d7:5e:2b:
                    dd:2b:6e:da:5a:19:e6:23:78:bc:3b:0c:f7:c3:fc:
                    1e:1c:90:3c:d8:ce:7a:14:b1:96:1c:c4:c1:e9:b9:
                    73:db:5d:af:80:c8:eb:bb:52:87:3c:b5:b8:a4:7b:
                    6a:4c:05:cc:4d:3b:5b:9b:01:dc:ec:fa:8d:a0:80:
                    04:30:5d:67:27:61:28:68:37:89:7b:90:e1:1a:4c:
                    ce:c1:6a:3d:78:67:73:a9:3b:c4:88:73:a4:8e:73:
                    2b:ec:f7:d4:9b:c1:44:11:ff:36:5b:c6:19:28:82:
                    73:b6:68:a5:b0:df:9b:2c:c3:f3:02:42:11:52:23:
                    6b:6a:4a:0c:08:55:16:23:c8:34:0f:b7:9a:12:aa:
                    4b:57:3e:cc:83:8b:bb:28:f1:41:19:0c:fc:41:06:
                    5e:6b:98:cb:aa:67:58:69:1e:50:7c:08:1b:56:21:
                    6e:ce:5e:ed:5d:55:28:c3:7d:05:6f:71:53:15:a2:
                    92:42:af:4b:b3:d5:ba:8a:18:db:9c:2c:97:5c:ad:
                    49:6f:40:83:92:ae:e9:3a:da:d3:c3:39:03:85:f8:
                    50:e7:78:3e:13:de:05:68:b3:59:5b:46:f7:d6:33:
                    99:86:69:2b:3d:1f:7e:d5:dc:57:78:10:73:e5:55:
                    ef:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BC:02:7B:51:36:61:A8:26:AE:CC:C6:69:2F:34:59:E7:D4:3E:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/346064b3-f3d1-4884-abe1-0e54d6d91914.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:80a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:0a:c2:94:4e:28:f6:05:64:2b:d2:4b:2d:6f:60:14:e5:76:
         4e:de:30:f1:9b:28:39:22:ed:81:17:f5:77:28:2f:08:9f:05:
         e5:5b:f6:a7:5f:15:35:2c:eb:a5:5b:5a:70:19:3c:18:53:74:
         d1:36:6d:0b:7f:b5:9b:43:02:2c:0c:b2:bb:d3:a5:87:8b:af:
         e3:5f:35:2b:bb:3c:2e:8f:3b:c2:42:11:71:f1:f1:44:c1:cc:
         e0:41:f8:96:dd:37:da:d1:f6:6d:4f:a4:af:ed:fa:7e:40:3c:
         d4:66:c9:e5:ff:90:1f:67:98:fa:64:ce:68:21:80:8d:40:f6:
         16:1f:c3:7c:28:1d:a4:c7:f4:fc:ee:3e:99:89:b5:52:80:f0:
         12:f5:ed:6c:c5:00:04:45:98:d5:ff:7c:92:e5:5e:be:94:32:
         10:ab:6f:d1:28:d4:cc:0d:b5:ab:f7:84:29:ee:06:8a:52:9b:
         3c:41:11:09:5a:30:21:71:73:1c:d5:a7:44:5f:62:91:83:24:
         a9:ec:62:33:62:9c:9f:b8:11:ab:d2:23:70:ce:10:f9:6d:24:
         42:80:d0:fd:3e:ce:ad:5c:6e:69:a8:c4:70:8c:e8:1e:ee:75:
         84:13:c6:e1:f9:d1:c8:df:cc:e7:7b:da:b0:51:77:7f:e1:89:
         8a:55:61:e4
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQV4V+o3oZCEaVpYrdZFMlR/HX00wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIwMTE4WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxM2RlZTBlNTI4YmM2MDZlODgyMWU4NDIzMzhiYWQ4OTU1
OWQ3MTM5ODkyOTM1OTJjZDFkZDA3Y2FkNWQxMTUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDsVYI7zYWSdcTJONdeK90rbtpaGeYjeLw7DPfD/B4ckDzY
znoUsZYcxMHpuXPbXa+AyOu7Uoc8tbike2pMBcxNO1ubAdzs+o2ggAQwXWcnYSho
N4l7kOEaTM7Baj14Z3OpO8SIc6SOcyvs99SbwUQR/zZbxhkognO2aKWw35ssw/MC
QhFSI2tqSgwIVRYjyDQPt5oSqktXPsyDi7so8UEZDPxBBl5rmMuqZ1hpHlB8CBtW
IW7OXu1dVSjDfQVvcVMVopJCr0uz1bqKGNucLJdcrUlvQIOSruk62tPDOQOF+FDn
eD4T3gVos1lbRvfWM5mGaSs9H37V3Fd4EHPlVe/3AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU3LwCe1E2YagmrszGaS80WefUPlgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0NjA2NGIzLWYzZDEtNDg4NC1hYmUxLTBlNTRkNmQ5MTkxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hgKAwDQYJKoZIhvcNAQELBQADggEBAI0KwpROKPYFZCvSSy1vYBTl
dk7eMPGbKDki7YEX9XcoLwifBeVb9qdfFTUs66VbWnAZPBhTdNE2bQt/tZtDAiwM
srvTpYeLr+NfNSu7PC6PO8JCEXHx8UTBzOBB+JbdN9rR9m1PpK/t+n5APNRmyeX/
kB9nmPpkzmghgI1A9hYfw3woHaTH9PzuPpmJtVKA8BL17WzFAARFmNX/fJLlXr6U
MhCrb9Eo1MwNtav3hCnuBopSmzxBEQlaMCFxcxzVp0RfYpGDJKnsYjNinJ+4EavS
I3DOEPltJEKA0P0+zq1cbmmoxHCM6B7udYQTxuH50cjfzOd72rBRd3/hiYpVYeQ=
-----END CERTIFICATE-----