Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56df9d03-0d36-477f-ae34-13bb14573a5c.roa
File:                     56df9d03-0d36-477f-ae34-13bb14573a5c.roa (raw, json)
Hash identifier:          9hb6Wqi+Jls7Bvr8X4Uo8P6d+o7sQ353JL5tE9sn5vw=
Subject key identifier:   4D:10:1B:F5:F1:A3:EA:87:E0:68:E4:E9:87:49:BF:D4:1E:9B:28:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03FC71EFCEF11A930420CCB52065B82A92E2F3DB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56df9d03-0d36-477f-ae34-13bb14573a5c.roa
Signing time:             Wed 12 Nov 2025 00:30:15 +0000
ROA not before:           Wed 12 Nov 2025 00:30:15 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:2000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:fc:71:ef:ce:f1:1a:93:04:20:cc:b5:20:65:b8:2a:92:e2:f3:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:30:15 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=2f27fe8c2061c426894a22abb4c1a1cbf53e1bbb81bcbdb1a52f936076e6b82d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bf:f4:a7:e7:ab:2a:dd:ff:3b:51:6e:26:0e:
                    03:28:db:f9:1c:fc:22:3d:9c:46:56:d9:89:0c:37:
                    68:e6:47:5c:46:0f:63:63:2b:79:c3:c7:86:86:b3:
                    c8:9b:88:e2:cd:bf:e7:46:d4:e3:58:59:ae:73:ad:
                    01:f6:fc:da:03:5f:44:e7:e0:0c:af:25:3a:b1:ad:
                    fa:a8:c7:98:64:20:82:8b:d1:84:7d:e4:38:61:b7:
                    a6:59:c9:2a:38:c9:ba:66:8a:fd:a8:d8:be:9d:d0:
                    8a:dd:37:1e:94:68:96:64:16:e0:01:6e:42:19:d4:
                    92:5a:8f:a0:36:02:7b:aa:74:de:ce:4c:a7:2a:13:
                    be:7f:f7:48:97:7a:b5:78:3a:cf:79:08:cd:87:25:
                    3e:e9:0d:be:73:61:fe:7a:38:57:6f:ab:b2:2f:8e:
                    c1:ab:98:8b:f6:57:a8:38:1e:d8:ce:a7:cf:ac:f8:
                    c2:5b:c7:79:a8:08:06:fc:38:ee:db:a3:a6:84:8d:
                    30:e4:21:b8:43:f3:97:21:2b:99:5c:b2:79:b0:99:
                    e6:86:a7:4d:2d:6a:b5:ad:ab:42:ee:07:0c:16:33:
                    34:60:94:de:72:8a:58:3c:2e:c0:bf:1e:9e:e5:3c:
                    26:2a:da:7b:fd:2c:61:ce:0a:d2:74:e7:32:67:46:
                    11:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:10:1B:F5:F1:A3:EA:87:E0:68:E4:E9:87:49:BF:D4:1E:9B:28:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56df9d03-0d36-477f-ae34-13bb14573a5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:1d:9b:28:5a:8d:b6:a0:21:c9:fc:08:55:f6:a5:93:f7:48:
         61:49:cb:17:5b:7a:82:c4:d7:2c:03:c8:22:ab:a2:ca:37:04:
         c6:a9:6a:78:51:8e:eb:ad:fc:25:57:c7:d8:61:f5:9b:69:37:
         c6:02:3a:01:ec:c9:fa:95:49:15:52:a1:b9:78:b2:52:0b:3c:
         e6:92:ab:72:78:41:43:5c:c4:8c:0e:6e:0f:7a:42:ae:cb:9c:
         b9:dc:a2:88:a7:0e:d6:5a:11:5c:e4:76:2d:db:e7:be:7b:cb:
         5b:3a:3c:c6:eb:0b:33:b1:b7:cd:75:7a:2b:c6:14:90:fd:8c:
         2f:62:a5:7f:10:07:5a:e0:a9:46:58:b4:61:4a:a3:06:1f:f4:
         9a:81:96:75:07:c7:70:6e:64:74:0a:09:2d:0f:9e:0f:8a:eb:
         7d:b0:5e:08:79:9c:21:89:72:3b:4b:c2:82:06:56:4f:42:92:
         44:75:4f:fe:a5:a4:53:8c:b8:31:1e:95:13:27:a7:77:42:ca:
         56:b1:46:bb:46:39:d0:24:94:c3:0b:b4:7e:15:1a:dc:5b:27:
         ba:1a:ae:95:24:e6:5b:fa:d6:6e:24:7a:5c:33:95:a7:67:da:
         c9:ef:fd:07:67:87:3e:89:f1:1d:cd:a8:d6:40:a6:e7:e4:1a:
         c5:e3:51:c3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUA/xx787xGpMEIMy1IGW4KpLi89swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAzMDE1WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjI3ZmU4YzIwNjFjNDI2ODk0YTIyYWJiNGMxYTFjYmY1
M2UxYmJiODFiY2JkYjFhNTJmOTM2MDc2ZTZiODJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIv/Sn56sq3f87UW4mDgMo2/kc/CI9nEZW2YkMN2jmR1xG
D2NjK3nDx4aGs8ibiOLNv+dG1ONYWa5zrQH2/NoDX0Tn4AyvJTqxrfqox5hkIIKL
0YR95Dhht6ZZySo4ybpmiv2o2L6d0IrdNx6UaJZkFuABbkIZ1JJaj6A2AnuqdN7O
TKcqE75/90iXerV4Os95CM2HJT7pDb5zYf56OFdvq7IvjsGrmIv2V6g4HtjOp8+s
+MJbx3moCAb8OO7bo6aEjTDkIbhD85chK5lcsnmwmeaGp00tarWtq0LuBwwWMzRg
lN5yilg8LsC/Hp7lPCYq2nv9LGHOCtJ05zJnRhFJAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUTRAb9fGj6ofgaOTph0m/1B6bKK8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU2ZGY5ZDAzLTBkMzYtNDc3Zi1hZTM0LTEzYmIxNDU3M2E1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/2IDANBgkqhkiG9w0BAQsFAAOCAQEACR2bKFqNtqAhyfwIVfalk/dI
YUnLF1t6gsTXLAPIIquiyjcExqlqeFGO6638JVfH2GH1m2k3xgI6AezJ+pVJFVKh
uXiyUgs85pKrcnhBQ1zEjA5uD3pCrsucudyiiKcO1loRXOR2LdvnvnvLWzo8xusL
M7G3zXV6K8YUkP2ML2KlfxAHWuCpRli0YUqjBh/0moGWdQfHcG5kdAoJLQ+eD4rr
fbBeCHmcIYlyO0vCggZWT0KSRHVP/qWkU4y4MR6VEyend0LKVrFGu0Y50CSUwwu0
fhUa3FsnuhqulSTmW/rWbiR6XDOVp2faye/9B2eHPonxHc2o1kCm5+QaxeNRww==
-----END CERTIFICATE-----