Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/912d1f55-82ab-4641-9fec-98b39d1c0667.roa
File:                     912d1f55-82ab-4641-9fec-98b39d1c0667.roa (raw, json)
Hash identifier:          14M9799akS4LqUt8DSsG3AejOU1gD1iZJ2/J9Jf4s+4=
Subject key identifier:   A9:78:D4:A0:5A:E7:B3:9A:E0:AB:54:14:D6:77:6F:DA:68:42:7F:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2CD114843A5229D8DFC217A89734E0C6FAB04F6F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/912d1f55-82ab-4641-9fec-98b39d1c0667.roa
Signing time:             Sat 15 Nov 2025 00:30:37 +0000
ROA not before:           Sat 15 Nov 2025 00:30:37 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fef:e000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:d1:14:84:3a:52:29:d8:df:c2:17:a8:97:34:e0:c6:fa:b0:4f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:30:37 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=31e7a24b1c499fd9ac73eac135929bdf1c7cf3a072c6ff24c7f5a99e85afb536, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2f:df:6f:88:3e:86:6a:38:27:f8:4e:e0:76:
                    4a:fb:d3:c1:83:04:39:81:41:8c:a6:b0:dd:21:13:
                    4c:d1:2d:60:cf:e6:60:0a:ca:0d:8b:19:a5:01:18:
                    55:6d:86:c7:de:be:31:4e:49:93:ac:24:00:89:a8:
                    89:c6:b0:5d:09:fc:ad:39:1e:1e:31:11:9a:c3:08:
                    7c:aa:68:b2:e1:6b:c6:74:8b:f9:5b:01:19:f4:5c:
                    1a:6f:46:7c:e7:e4:f2:11:18:76:f9:5f:b7:78:5d:
                    47:02:46:a5:93:c6:0e:47:d2:16:de:cc:3c:81:15:
                    ed:6e:7b:ab:56:70:7e:33:83:04:d3:39:97:e0:28:
                    96:58:26:02:10:25:c1:f8:de:6c:3f:40:6d:f1:ef:
                    c0:3a:1b:5d:66:be:d7:e6:11:2d:ff:34:af:49:6e:
                    b8:8b:ce:c8:87:74:54:f0:4d:0f:9d:8b:77:ca:eb:
                    b8:7b:f9:a9:ec:67:a6:9b:1c:cd:01:0e:f8:fb:d2:
                    14:bd:0a:24:49:01:6d:be:d0:a0:f1:fa:e3:af:b2:
                    ac:92:ce:9b:e0:75:ae:27:0f:0d:d1:98:e5:0f:f0:
                    36:51:51:7c:92:f5:e9:37:2f:0c:be:05:1d:1b:23:
                    ef:dd:e2:b6:d6:9f:30:7b:89:1b:8c:3d:1b:4c:fd:
                    c2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:78:D4:A0:5A:E7:B3:9A:E0:AB:54:14:D6:77:6F:DA:68:42:7F:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/912d1f55-82ab-4641-9fec-98b39d1c0667.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fef:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         6f:e7:95:1a:13:42:2c:87:6c:9d:7b:35:3d:d4:2a:b0:dc:ec:
         a4:1f:d5:8b:d9:f7:6f:09:22:a8:be:a0:8d:a7:72:ee:d9:03:
         00:d2:e0:18:3b:1d:c5:37:a1:d3:bd:85:ce:e2:88:80:29:a6:
         ad:20:21:09:1c:1a:44:8a:b9:5b:78:18:1f:ee:4f:29:c5:e0:
         0a:2f:79:31:7d:fd:4e:10:3e:4f:f6:4d:5d:5a:c3:04:a7:a6:
         b5:39:80:83:eb:08:82:b1:69:60:7e:7a:06:c5:72:32:45:51:
         0e:65:10:f2:69:56:21:f2:a8:89:83:b5:09:e2:d1:4c:31:30:
         13:ab:d5:fd:f4:28:3a:0b:e2:52:48:88:04:f3:86:a8:24:b8:
         dc:4e:75:b6:24:ec:75:6d:b4:44:e1:4d:fb:83:48:f9:ff:7b:
         94:b1:d4:a2:cd:b1:02:a3:42:9e:bc:57:94:43:5b:3a:00:ce:
         ad:c6:a5:2c:43:15:fb:25:17:cd:12:2b:75:09:8d:cc:1d:88:
         0a:ea:09:44:c9:72:b0:e6:83:fa:ff:fa:49:bf:a3:40:f4:58:
         20:4c:37:1c:68:83:7b:04:52:92:b2:25:a9:70:ff:24:3e:86:
         0c:7d:33:97:ea:22:b5:b5:44:3a:0d:b8:c0:1f:7f:8d:6c:26:
         83:26:95:1e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIULNEUhDpSKdjfwheolzTgxvqwT28wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDAzMDM3WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMWU3YTI0YjFjNDk5ZmQ5YWM3M2VhYzEzNTkyOWJkZjFj
N2NmM2EwNzJjNmZmMjRjN2Y1YTk5ZTg1YWZiNTM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1L99viD6Gajgn+E7gdkr708GDBDmBQYymsN0hE0zRLWDP
5mAKyg2LGaUBGFVthsfevjFOSZOsJACJqInGsF0J/K05Hh4xEZrDCHyqaLLha8Z0
i/lbARn0XBpvRnzn5PIRGHb5X7d4XUcCRqWTxg5H0hbezDyBFe1ue6tWcH4zgwTT
OZfgKJZYJgIQJcH43mw/QG3x78A6G11mvtfmES3/NK9JbriLzsiHdFTwTQ+di3fK
67h7+ansZ6abHM0BDvj70hS9CiRJAW2+0KDx+uOvsqySzpvgda4nDw3RmOUP8DZR
UXyS9ek3Lwy+BR0bI+/d4rbWnzB7iRuMPRtM/cJBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUqXjUoFrns5rgq1QU1ndv2mhCf6kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkxMmQxZjU1LTgyYWItNDY0MS05ZmVjLTk4YjM5ZDFjMDY2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/v4DANBgkqhkiG9w0BAQsFAAOCAQEAb+eVGhNCLIdsnXs1PdQqsNzs
pB/Vi9n3bwkiqL6gjady7tkDANLgGDsdxTeh072FzuKIgCmmrSAhCRwaRIq5W3gY
H+5PKcXgCi95MX39ThA+T/ZNXVrDBKemtTmAg+sIgrFpYH56BsVyMkVRDmUQ8mlW
IfKoiYO1CeLRTDEwE6vV/fQoOgviUkiIBPOGqCS43E51tiTsdW20ROFN+4NI+f97
lLHUos2xAqNCnrxXlENbOgDOrcalLEMV+yUXzRIrdQmNzB2ICuoJRMlysOaD+v/6
Sb+jQPRYIEw3HGiDewRSkrIlqXD/JD6GDH0zl+oitbVEOg24wB9/jWwmgyaVHg==
-----END CERTIFICATE-----