Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d04681e-2458-4f39-84be-dcccbbcbdab0.roa
File:                     6d04681e-2458-4f39-84be-dcccbbcbdab0.roa (raw, json)
Hash identifier:          4ZehwncuJUqSeofLjha71ZHGPSGDQ+H4AxeGqMYUTRM=
Subject key identifier:   BF:50:32:86:83:44:97:AB:F3:19:78:F1:27:D0:DF:D4:47:52:74:2D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73149132BC553E7614F3B3A0AF1A9AA583483FF8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d04681e-2458-4f39-84be-dcccbbcbdab0.roa
Signing time:             Wed 08 Oct 2025 00:12:00 +0000
ROA not before:           Wed 08 Oct 2025 00:12:00 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f60:c000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:14:91:32:bc:55:3e:76:14:f3:b3:a0:af:1a:9a:a5:83:48:3f:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:12:00 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=a6f524b360dfa6e8dde7f45a447a680c7c210a848749232220f980ec956a3764, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9a:ab:c1:4c:8c:13:01:a1:6b:dc:0d:9a:79:
                    15:d1:3f:7c:cd:b9:a7:c6:66:87:e3:ca:cc:a8:7c:
                    eb:f7:e5:bc:3f:d5:d4:9e:a8:19:c2:07:04:7c:f8:
                    ce:5d:63:59:83:1a:d2:a3:74:f2:2a:01:a2:93:82:
                    2a:b0:c5:4b:cb:5d:87:58:5c:d8:e9:1c:8c:af:99:
                    19:49:4c:33:d1:31:08:50:9b:0f:f5:82:11:fa:01:
                    32:5d:67:2a:f2:76:a1:d5:bd:c2:36:13:92:b1:cf:
                    86:ee:25:59:fd:f9:29:5e:d5:ca:44:3e:24:0b:cf:
                    13:ae:99:28:24:91:9a:dc:87:96:0d:3e:da:25:05:
                    d6:85:ae:c0:47:a0:6e:51:dc:c1:0c:7f:01:ff:98:
                    d3:60:f2:00:52:01:40:dc:9b:ab:60:82:d2:f8:b7:
                    bb:34:2f:95:04:30:d8:7a:95:2f:a1:c7:f3:a1:55:
                    5a:4e:2d:56:3f:f2:3d:64:ec:a2:7f:2f:9a:c1:7a:
                    86:40:8a:28:52:95:69:20:a0:79:0d:8a:9a:64:9d:
                    8f:5c:f0:f6:ef:89:df:b7:ed:21:2e:22:12:ea:54:
                    fc:56:dc:3e:f5:a5:da:71:5f:d6:dc:e1:f9:9b:ec:
                    67:05:29:69:2b:d6:0e:fe:00:18:2e:49:9e:c2:d9:
                    7b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:50:32:86:83:44:97:AB:F3:19:78:F1:27:D0:DF:D4:47:52:74:2D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d04681e-2458-4f39-84be-dcccbbcbdab0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ad:0c:06:b4:a0:15:48:af:2d:90:45:74:ba:1a:d9:06:f5:14:
         4b:8a:cc:77:d6:84:af:81:1c:99:fc:6d:07:d5:87:95:04:e0:
         97:46:03:3b:08:08:f7:10:30:4a:87:8f:7a:83:05:24:9c:86:
         e8:08:dd:2b:5a:55:44:09:e6:6d:45:c4:6e:d6:87:76:d0:20:
         6b:b5:e7:5c:18:da:75:58:b5:17:c4:dc:aa:a6:d4:dd:1d:cb:
         d1:dc:f6:61:b5:74:73:ab:43:63:1d:d8:75:0c:66:36:f3:8f:
         ab:85:ee:4d:7b:57:fe:09:ab:94:84:94:64:d6:c2:22:ab:57:
         8e:7e:f9:5f:d8:ca:0a:96:c1:f9:45:8c:f3:08:85:ff:50:86:
         96:dd:bc:7e:e4:e8:aa:8b:f1:99:fd:f3:3a:c0:5a:37:37:a1:
         78:02:ee:d3:33:5f:9c:b5:db:85:6b:c2:1b:1f:b5:fa:08:95:
         d4:c1:40:d0:ba:36:25:90:63:0c:d4:7b:fa:1a:cf:09:6e:10:
         c4:7c:b4:74:91:bc:35:67:a6:ed:1f:d6:43:2a:4c:71:71:aa:
         f0:60:31:68:93:0b:52:9a:88:ce:e3:17:a5:90:a0:21:c9:44:
         73:93:70:18:85:6f:5c:14:f2:8a:32:8d:0b:dc:76:3f:c3:cd:
         39:38:a2:8b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUcxSRMrxVPnYU87OgrxqapYNIP/gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAxMjAwWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNmY1MjRiMzYwZGZhNmU4ZGRlN2Y0NWE0NDdhNjgwYzdj
MjEwYTg0ODc0OTIzMjIyMGY5ODBlYzk1NmEzNzY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYmqvBTIwTAaFr3A2aeRXRP3zNuafGZofjysyofOv35bw/
1dSeqBnCBwR8+M5dY1mDGtKjdPIqAaKTgiqwxUvLXYdYXNjpHIyvmRlJTDPRMQhQ
mw/1ghH6ATJdZyrydqHVvcI2E5Kxz4buJVn9+Sle1cpEPiQLzxOumSgkkZrch5YN
PtolBdaFrsBHoG5R3MEMfwH/mNNg8gBSAUDcm6tggtL4t7s0L5UEMNh6lS+hx/Oh
VVpOLVY/8j1k7KJ/L5rBeoZAiihSlWkgoHkNippknY9c8Pbvid+37SEuIhLqVPxW
3D71pdpxX9bc4fmb7GcFKWkr1g7+ABguSZ7C2XsxAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUv1AyhoNEl6vzGXjxJ9Df1EdSdC0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZkMDQ2ODFlLTI0NTgtNGYzOS04NGJlLWRjY2NiYmNiZGFiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gwDANBgkqhkiG9w0BAQsFAAOCAQEArQwGtKAVSK8tkEV0uhrZBvUU
S4rMd9aEr4EcmfxtB9WHlQTgl0YDOwgI9xAwSoePeoMFJJyG6AjdK1pVRAnmbUXE
btaHdtAga7XnXBjadVi1F8TcqqbU3R3L0dz2YbV0c6tDYx3YdQxmNvOPq4XuTXtX
/gmrlISUZNbCIqtXjn75X9jKCpbB+UWM8wiF/1CGlt28fuToqovxmf3zOsBaNzeh
eALu0zNfnLXbhWvCGx+1+giV1MFA0Lo2JZBjDNR7+hrPCW4QxHy0dJG8NWem7R/W
QypMcXGq8GAxaJMLUpqIzuMXpZCgIclEc5NwGIVvXBTyijKNC9x2P8PNOTiiiw==
-----END CERTIFICATE-----