Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89570917-e234-4dbb-8694-dc75eb220444.roa
File:                     89570917-e234-4dbb-8694-dc75eb220444.roa (raw, json)
Hash identifier:          /4oTHt4QCrF1uqz0B5KBUnRY6gccgVwBGdJxEtM2hWQ=
Subject key identifier:   27:74:4B:67:17:CB:8B:E8:39:D3:D1:09:14:F8:D5:EA:D6:25:D5:44
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       42DF2105F8E3CA375F825BFFFA8CB9C0046A7F60
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89570917-e234-4dbb-8694-dc75eb220444.roa
Signing time:             Sat 04 Oct 2025 00:41:47 +0000
ROA not before:           Sat 04 Oct 2025 00:41:47 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff2:8000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:df:21:05:f8:e3:ca:37:5f:82:5b:ff:fa:8c:b9:c0:04:6a:7f:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  4 00:41:47 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=270481e525a2fa283f97bc20afb04c03bede58b3a901fc30489fed2686d65e95, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e8:36:8e:67:7b:8f:a8:7b:20:3d:ca:5e:54:
                    5d:8b:7f:9b:97:6f:74:0e:c7:16:58:ec:8d:fb:8b:
                    f0:c2:07:67:1b:0d:29:67:8a:4e:29:35:34:84:fe:
                    d3:1f:56:cf:4c:2e:46:8c:92:e4:f9:a0:47:25:05:
                    06:29:49:8e:f3:85:f7:33:98:02:b8:2c:d8:a7:d0:
                    7f:cb:ec:87:a9:61:43:0e:5f:bb:a7:71:5a:ee:c6:
                    84:fa:78:ae:a4:92:c0:24:15:e8:3e:c8:53:54:12:
                    62:b2:6e:a1:98:5f:6b:c3:0f:eb:eb:85:be:08:0a:
                    ce:32:fa:45:79:69:68:6f:4d:b1:79:8e:c7:70:75:
                    24:14:36:5c:fd:af:3f:55:94:37:44:60:80:51:88:
                    aa:43:a1:97:87:25:9d:05:ac:50:26:6f:dc:c2:7c:
                    f5:a8:35:7f:b5:cd:a5:34:7e:fe:7d:d6:14:e9:9f:
                    c3:50:e1:ed:64:75:75:06:02:8a:1b:70:95:af:f9:
                    19:8c:d0:4a:ba:12:2a:60:f7:e8:3c:d6:06:7b:13:
                    88:6e:23:30:22:16:81:eb:78:5f:fc:52:75:0e:31:
                    6d:e5:2a:78:29:3e:4d:80:cb:08:0c:9f:09:d1:76:
                    da:83:24:ce:32:e3:7a:bd:88:e7:98:7b:57:77:d5:
                    a7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:74:4B:67:17:CB:8B:E8:39:D3:D1:09:14:F8:D5:EA:D6:25:D5:44
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89570917-e234-4dbb-8694-dc75eb220444.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         64:ab:b7:03:09:eb:90:91:eb:75:d6:30:75:33:2a:ce:ed:0b:
         7a:38:c5:23:d7:9b:6c:a5:e3:69:13:ad:b9:17:cb:2b:14:5b:
         ad:9c:58:6b:39:af:f5:bf:27:ee:e0:da:ce:37:76:50:31:47:
         fd:c1:9a:53:a6:e9:f4:20:f5:3b:4e:54:0a:46:c2:f4:cc:95:
         b1:f9:91:aa:6a:bb:9e:15:6a:01:6e:72:e8:ee:ed:c6:94:f2:
         3d:5c:22:5d:e9:61:35:26:4d:22:00:7e:b4:68:91:de:e3:30:
         d1:bb:7b:8b:d3:c9:40:4d:29:4d:cc:92:ac:f2:c1:20:e8:e6:
         28:62:9b:95:bb:92:a3:45:67:3b:ec:2f:53:c6:af:7b:36:60:
         f7:99:e5:d4:2b:42:81:96:5e:03:48:3f:b7:fa:80:70:a3:b6:
         1b:e3:60:d4:da:3a:40:c9:17:d6:90:5a:bc:a6:7a:f1:1c:29:
         79:67:6e:69:55:eb:60:73:31:1d:6c:da:72:a2:85:4b:f6:69:
         b7:dd:cc:ca:c0:b9:70:d2:f4:33:a9:07:0d:ac:fc:7d:21:1a:
         7c:9a:c1:b1:2c:6d:55:51:54:5a:ca:64:33:9f:82:c0:be:8a:
         06:f8:09:76:84:42:00:92:f8:b0:6f:95:e6:eb:2c:80:c9:21:
         c6:a8:90:1a
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQt8hBfjjyjdfglv/+oy5wARqf2AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA0MDA0MTQ3WhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNzA0ODFlNTI1YTJmYTI4M2Y5N2JjMjBhZmIwNGMwM2Jl
ZGU1OGIzYTkwMWZjMzA0ODlmZWQyNjg2ZDY1ZTk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZ6DaOZ3uPqHsgPcpeVF2Lf5uXb3QOxxZY7I37i/DCB2cb
DSlnik4pNTSE/tMfVs9MLkaMkuT5oEclBQYpSY7zhfczmAK4LNin0H/L7IepYUMO
X7uncVruxoT6eK6kksAkFeg+yFNUEmKybqGYX2vDD+vrhb4ICs4y+kV5aWhvTbF5
jsdwdSQUNlz9rz9VlDdEYIBRiKpDoZeHJZ0FrFAmb9zCfPWoNX+1zaU0fv591hTp
n8NQ4e1kdXUGAoobcJWv+RmM0Eq6Eipg9+g81gZ7E4huIzAiFoHreF/8UnUOMW3l
KngpPk2AywgMnwnRdtqDJM4y43q9iOeYe1d31ae1AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUJ3RLZxfLi+g509EJFPjV6tYl1UQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5NTcwOTE3LWUyMzQtNGRiYi04Njk0LWRjNzVlYjIyMDQ0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/ygDANBgkqhkiG9w0BAQsFAAOCAQEAZKu3AwnrkJHrddYwdTMqzu0L
ejjFI9ebbKXjaROtuRfLKxRbrZxYazmv9b8n7uDazjd2UDFH/cGaU6bp9CD1O05U
CkbC9MyVsfmRqmq7nhVqAW5y6O7txpTyPVwiXelhNSZNIgB+tGiR3uMw0bt7i9PJ
QE0pTcySrPLBIOjmKGKblbuSo0VnO+wvU8avezZg95nl1CtCgZZeA0g/t/qAcKO2
G+Ng1No6QMkX1pBavKZ68RwpeWduaVXrYHMxHWzacqKFS/Zpt93MysC5cNL0M6kH
Daz8fSEafJrBsSxtVVFUWspkM5+CwL6KBvgJdoRCAJL4sG+V5ussgMkhxqiQGg==
-----END CERTIFICATE-----