Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa
File:                     65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa (raw, json)
Hash identifier:          jE+s0wpeHndh8TTvb68qcXwAmg0zphxckC7m45cZD1M=
Subject key identifier:   26:A0:79:B1:3F:74:07:AE:63:4F:38:D0:BA:4E:94:ED:A8:C8:1B:1C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76CFD3C418ECAF67B226C076160D894C214F24AF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa
Signing time:             Mon 22 Sep 2025 17:51:18 +0000
ROA not before:           Mon 22 Sep 2025 17:51:18 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ffd:807b::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:cf:d3:c4:18:ec:af:67:b2:26:c0:76:16:0d:89:4c:21:4f:24:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 17:51:18 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=ec21f3dedcead7acbc7a2e48c398f256c6d90c140c1955314948eb74280d1d3d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:dd:6f:15:6e:27:a6:62:f0:be:3b:8c:33:f3:
                    10:eb:a7:e5:10:d4:f6:da:09:6e:35:88:d6:f5:f0:
                    61:01:d7:89:86:4b:44:ca:fc:91:f8:b4:10:1f:a8:
                    ec:b8:69:a6:91:7c:dc:ca:fd:aa:5a:4d:49:a9:4e:
                    a4:de:2f:5e:a2:66:37:4f:a3:4f:eb:4f:ff:a1:76:
                    df:e5:ba:a9:a7:e0:b3:25:ac:cb:81:7b:c0:59:66:
                    e7:49:71:2d:aa:be:7b:a0:2b:32:13:21:74:70:e0:
                    8c:34:bb:55:49:06:6a:e1:fb:db:16:5d:09:90:6e:
                    2e:f7:16:74:79:b0:e0:eb:68:32:b0:a0:dd:b1:17:
                    3e:c9:90:02:5c:72:e8:52:52:b7:da:26:14:92:f0:
                    bb:d0:0b:18:32:a5:60:fd:2b:59:d1:45:69:ee:af:
                    a1:90:c5:b6:20:12:5d:d1:ad:54:36:c0:e7:33:06:
                    e5:94:37:d3:c2:50:48:68:07:33:cf:75:61:2f:bc:
                    cc:b9:4e:fa:20:1a:d5:7a:32:40:5f:a9:0d:c0:79:
                    e4:3f:92:e6:f2:c6:11:58:fb:54:73:e9:d8:09:c8:
                    21:ae:a3:fb:82:6b:44:7e:0b:d5:0f:0e:0a:37:ed:
                    fd:c3:b1:8d:46:81:46:c9:7f:9f:60:7c:53:ff:9a:
                    88:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:A0:79:B1:3F:74:07:AE:63:4F:38:D0:BA:4E:94:ED:A8:C8:1B:1C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65c7e436-50a0-4c45-a6d2-a899c8f5e790.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:807b::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:9a:a0:fc:7d:a7:ed:c0:49:49:eb:0a:55:3e:70:90:8d:de:
         94:da:01:05:59:cf:34:8f:f5:28:09:d1:e7:14:9f:5d:b2:95:
         b3:6b:ad:cd:29:ee:46:57:db:62:e7:cb:fb:d2:3e:2f:49:34:
         f6:01:40:e5:ad:92:f3:90:e4:59:00:7f:57:f7:13:9b:1a:53:
         22:08:62:0a:e3:2d:80:5d:fb:98:97:ba:f7:0f:2a:dc:a8:8c:
         35:03:c4:fb:4d:8e:35:1a:44:3f:37:90:42:bc:ae:80:eb:ce:
         46:66:8e:bf:e8:a5:8d:07:7a:18:2f:ad:f7:db:77:b9:e0:14:
         d7:8d:81:14:65:77:5c:8f:76:0d:2f:3a:4b:b0:1a:3d:63:3a:
         34:ab:c9:90:54:c7:b4:cf:bb:42:18:31:62:04:5e:96:cd:46:
         b2:1f:8a:3b:42:9e:02:ff:19:9d:cd:20:ad:af:9b:9c:a7:9d:
         51:9a:e5:0f:12:15:3b:53:10:c2:5f:1f:ae:cb:59:17:ac:6b:
         ba:a1:8b:fe:0a:cc:8b:c5:f2:2c:50:ee:84:7c:ee:db:4f:40:
         5f:0b:af:f0:14:88:8e:d8:fc:4a:2c:7c:85:3d:00:85:d5:8d:
         4c:19:cf:e6:86:62:89:8c:72:f8:bc:bf:3b:9a:d6:7c:e2:dd:
         88:81:eb:c2
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUds/TxBjsr2eyJsB2Fg2JTCFPJK8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTIyMTc1MTE4WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzIxZjNkZWRjZWFkN2FjYmM3YTJlNDhjMzk4ZjI1NmM2
ZDkwYzE0MGMxOTU1MzE0OTQ4ZWI3NDI4MGQxZDNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDy3W8VbiemYvC+O4wz8xDrp+UQ1PbaCW41iNb18GEB14mG
S0TK/JH4tBAfqOy4aaaRfNzK/apaTUmpTqTeL16iZjdPo0/rT/+hdt/luqmn4LMl
rMuBe8BZZudJcS2qvnugKzITIXRw4Iw0u1VJBmrh+9sWXQmQbi73FnR5sODraDKw
oN2xFz7JkAJccuhSUrfaJhSS8LvQCxgypWD9K1nRRWnur6GQxbYgEl3RrVQ2wOcz
BuWUN9PCUEhoBzPPdWEvvMy5TvogGtV6MkBfqQ3AeeQ/kubyxhFY+1Rz6dgJyCGu
o/uCa0R+C9UPDgo37f3DsY1GgUbJf59gfFP/mohZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJqB5sT90B65jTzjQuk6U7ajIGxwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1YzdlNDM2LTUwYTAtNGM0NS1hNmQyLWE4OTljOGY1ZTc5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gHswDQYJKoZIhvcNAQELBQADggEBAJ2aoPx9p+3ASUnrClU+cJCN
3pTaAQVZzzSP9SgJ0ecUn12ylbNrrc0p7kZX22Lny/vSPi9JNPYBQOWtkvOQ5FkA
f1f3E5saUyIIYgrjLYBd+5iXuvcPKtyojDUDxPtNjjUaRD83kEK8roDrzkZmjr/o
pY0Hehgvrffbd7ngFNeNgRRld1yPdg0vOkuwGj1jOjSryZBUx7TPu0IYMWIEXpbN
RrIfijtCngL/GZ3NIK2vm5ynnVGa5Q8SFTtTEMJfH67LWResa7qhi/4KzIvF8ixQ
7oR87ttPQF8Lr/AUiI7Y/EosfIU9AIXVjUwZz+aGYomMcvi8vzua1nzi3YiB68I=
-----END CERTIFICATE-----