Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d41ff51-e213-454b-bf01-4829839d9568.roa
File:                     6d41ff51-e213-454b-bf01-4829839d9568.roa (raw, json)
Hash identifier:          t4FYd0QbgLFhTPFWGFw9TkfabZ5Oiftk4Zk2sG1+exs=
Subject key identifier:   1B:60:C9:A6:F8:98:E6:99:6F:1D:FA:DE:6D:7B:74:EA:B1:60:75:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       043D814EC4EE9AACD5DC31BE03B048F3E60E7126
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d41ff51-e213-454b-bf01-4829839d9568.roa
Signing time:             Wed 12 Nov 2025 01:11:00 +0000
ROA not before:           Wed 12 Nov 2025 01:11:00 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1c:c00::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:3d:81:4e:c4:ee:9a:ac:d5:dc:31:be:03:b0:48:f3:e6:0e:71:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:11:00 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=062d9ae97d362db1181d0c11bc0dddb76845c754f26400cabc2efe06f1ef2473, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:de:33:26:c4:a1:f7:7f:91:e3:69:aa:c4:2b:
                    2e:58:7c:2e:68:08:32:33:a5:94:df:37:38:fb:8e:
                    89:7a:04:e9:4c:e6:b0:22:4f:71:6b:e4:d2:06:a2:
                    6b:ad:e8:99:aa:ce:62:6f:73:53:bf:9c:57:8f:e7:
                    ab:7c:28:c6:0f:ab:4f:44:3a:e9:51:4c:ae:88:c1:
                    89:57:6c:0b:d5:3b:d1:1f:6c:b4:97:4e:f2:cd:89:
                    4f:35:b8:67:82:92:9c:95:de:17:66:6e:a7:58:c7:
                    91:f1:c0:d1:90:5e:6c:bd:5a:9d:7f:23:cb:5d:30:
                    d3:7e:2b:ce:b6:f6:f5:04:3e:49:6f:f1:e3:82:d0:
                    6f:58:cf:cc:91:b3:5e:07:52:cc:76:48:41:c3:4d:
                    5b:06:03:66:41:bd:b5:cf:b7:5e:c9:23:91:73:58:
                    ba:bd:0d:ac:cc:9f:e7:11:d2:b0:73:25:f6:0a:df:
                    f3:40:87:9f:2a:e5:7e:74:af:ef:89:0a:b6:f1:b6:
                    76:b7:00:ec:67:8f:02:bc:da:7f:9b:39:b4:19:b4:
                    42:4d:d0:f3:ee:57:b7:24:57:bc:69:44:cc:52:33:
                    a3:6c:65:3c:69:61:7f:ef:ee:ac:29:9e:b7:71:64:
                    9c:f4:39:21:ac:74:09:1c:ac:b6:69:f1:11:5b:84:
                    ef:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:60:C9:A6:F8:98:E6:99:6F:1D:FA:DE:6D:7B:74:EA:B1:60:75:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d41ff51-e213-454b-bf01-4829839d9568.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1c:c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         25:78:fd:9a:e1:f1:47:4c:d8:a2:59:d1:9e:b6:39:1c:03:96:
         6a:88:61:37:42:39:1e:72:e8:d0:2c:e1:1d:fe:65:22:2c:4c:
         09:30:36:76:d5:00:e1:29:09:0a:9d:81:ff:0f:55:76:8e:06:
         50:c3:09:b0:e3:ad:98:8a:03:f7:18:3d:c9:45:88:8e:88:7f:
         24:44:58:a2:45:11:4b:4c:45:08:36:d6:64:5a:eb:a8:32:c3:
         3a:9d:7b:13:18:3c:a7:6b:4c:71:08:34:c3:c7:96:7d:2b:5b:
         5b:d3:b4:55:d9:71:f3:80:cf:c8:90:e7:02:7d:7e:44:54:00:
         3b:8c:f3:e7:cd:d1:ff:0e:a4:5f:4f:f6:85:da:7d:e5:d8:e7:
         c2:87:9b:33:f4:3f:a4:30:7c:29:68:f3:aa:fa:88:4b:6d:9f:
         e2:3f:f0:e7:49:d1:b5:07:9c:b0:59:30:fa:8b:42:6a:7a:cb:
         e0:f0:34:7e:f6:7b:f5:ec:2e:1c:dd:54:cf:94:76:82:9f:4a:
         39:f5:e8:13:75:08:f4:c1:d5:1a:71:32:ba:08:38:16:e8:2c:
         b6:51:0d:b4:f0:91:e6:84:4c:d6:4d:60:4c:2f:ec:0a:a6:ed:
         7a:34:d2:5c:53:0b:aa:8a:74:8c:05:98:7a:30:b2:e1:b4:7c:
         ce:c9:f0:52
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUBD2BTsTumqzV3DG+A7BI8+YOcSYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDExMTAwWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNjJkOWFlOTdkMzYyZGIxMTgxZDBjMTFiYzBkZGRiNzY4
NDVjNzU0ZjI2NDAwY2FiYzJlZmUwNmYxZWYyNDczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCg3jMmxKH3f5HjaarEKy5YfC5oCDIzpZTfNzj7jol6BOlM
5rAiT3Fr5NIGomut6JmqzmJvc1O/nFeP56t8KMYPq09EOulRTK6IwYlXbAvVO9Ef
bLSXTvLNiU81uGeCkpyV3hdmbqdYx5HxwNGQXmy9Wp1/I8tdMNN+K8629vUEPklv
8eOC0G9Yz8yRs14HUsx2SEHDTVsGA2ZBvbXPt17JI5FzWLq9DazMn+cR0rBzJfYK
3/NAh58q5X50r++JCrbxtna3AOxnjwK82n+bObQZtEJN0PPuV7ckV7xpRMxSM6Ns
ZTxpYX/v7qwpnrdxZJz0OSGsdAkcrLZp8RFbhO8XAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUG2DJpviY5plvHfrebXt06rFgdXowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZkNDFmZjUxLWUyMTMtNDU0Yi1iZjAxLTQ4Mjk4MzlkOTU2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgImAB8cDDANBgkqhkiG9w0BAQsFAAOCAQEAJXj9muHxR0zYolnRnrY5HAOW
aohhN0I5HnLo0CzhHf5lIixMCTA2dtUA4SkJCp2B/w9Vdo4GUMMJsOOtmIoD9xg9
yUWIjoh/JERYokURS0xFCDbWZFrrqDLDOp17Exg8p2tMcQg0w8eWfStbW9O0Vdlx
84DPyJDnAn1+RFQAO4zz583R/w6kX0/2hdp95djnwoebM/Q/pDB8KWjzqvqIS22f
4j/w50nRtQecsFkw+otCanrL4PA0fvZ79ewuHN1Uz5R2gp9KOfXoE3UI9MHVGnEy
ugg4FugstlENtPCR5oRM1k1gTC/sCqbtejTSXFMLqop0jAWYejCy4bR8zsnwUg==
-----END CERTIFICATE-----