Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b48c916-3858-4b00-8e15-9c902a1cc973.roa
File:                     9b48c916-3858-4b00-8e15-9c902a1cc973.roa (raw, json)
Hash identifier:          0Db+ADOENKHH56SWjbxLUYZ9WN+BRIW+F/OVjreioiQ=
Subject key identifier:   D6:B7:21:FA:44:0C:58:B9:3D:5B:89:84:E1:D0:9D:4A:75:85:CA:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       38310A1EB0239CAC5E67522FE110ECE8EE7A8053
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b48c916-3858-4b00-8e15-9c902a1cc973.roa
Signing time:             Tue 11 Nov 2025 02:00:09 +0000
ROA not before:           Tue 11 Nov 2025 02:00:09 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:6080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:31:0a:1e:b0:23:9c:ac:5e:67:52:2f:e1:10:ec:e8:ee:7a:80:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:00:09 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=d0e43b3825f9ccfb7492ac9e75ae5ed5947c9a3c55ce562e8c3cb304aec6da0a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:21:a8:76:8a:2e:16:64:ec:d6:53:94:4b:2d:
                    ac:c3:9e:2a:67:b2:ba:7b:0a:b3:a8:20:8b:33:78:
                    5a:19:c1:1d:37:0e:a0:a5:05:f1:c0:9c:17:be:c8:
                    3e:f6:8f:e1:f8:11:00:c6:cb:e9:0b:54:67:25:6b:
                    b0:73:cf:f8:2a:0c:64:a7:2f:5c:7f:cc:59:24:e2:
                    a8:2f:b4:38:d6:70:25:e3:18:d0:27:45:25:9d:51:
                    bf:75:08:02:70:78:76:e3:e2:e3:40:f6:37:d4:cc:
                    65:e1:9f:e8:c6:9f:81:ff:0f:83:bc:9b:73:df:e4:
                    58:f6:47:09:03:fb:a7:4b:02:c5:69:0e:dd:48:cb:
                    87:58:10:b6:b4:5c:fb:25:dc:c6:0d:48:62:56:4b:
                    ed:a6:ee:be:96:f2:f6:79:72:d9:35:ec:b2:12:e7:
                    74:a7:4c:d7:90:4d:a4:e6:95:e9:e4:53:b9:7b:7c:
                    1b:40:ce:56:8b:81:04:d9:08:77:70:0d:19:fb:b9:
                    73:e9:67:3c:86:21:85:18:20:19:de:12:97:7f:54:
                    24:13:d2:38:c7:76:b2:28:d7:32:f9:70:71:d5:9b:
                    f0:f8:c8:89:8b:2f:2e:a0:3f:8e:89:a0:e6:82:44:
                    4b:de:af:5b:46:c0:a5:35:a1:54:56:8b:c2:58:06:
                    8e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:B7:21:FA:44:0C:58:B9:3D:5B:89:84:E1:D0:9D:4A:75:85:CA:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b48c916-3858-4b00-8e15-9c902a1cc973.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:6080::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:1a:1c:2d:f4:07:78:e8:99:c0:d4:82:0b:65:c1:4d:b2:1d:
         14:2c:06:8e:04:36:47:3c:90:d1:4c:95:11:4e:3c:fd:be:6d:
         00:14:9c:0e:81:00:ec:f0:18:3d:f7:e6:bb:ea:ae:92:4b:95:
         b0:5f:f7:70:22:5a:3b:3c:8c:69:54:61:4f:9b:2f:a6:af:bd:
         62:50:05:0b:46:49:77:c6:5b:6c:9f:7f:e6:71:07:74:13:d5:
         21:23:9e:77:75:93:b7:b9:90:ca:1b:db:e9:d8:85:eb:a7:c5:
         7b:6b:0b:7c:4e:b8:d2:d1:07:2e:7e:e3:c8:90:29:d3:19:1e:
         8e:3e:34:b7:9b:c1:4f:93:ad:8d:18:18:a5:61:e4:90:c7:20:
         bb:53:c4:03:e4:af:87:7d:c1:b3:c3:20:f7:82:eb:a3:d2:0f:
         97:cf:65:40:66:63:36:00:cb:27:10:ef:36:a1:57:0e:21:45:
         5f:d2:93:e7:38:ce:e2:13:61:b7:b0:6e:be:8f:33:5b:59:18:
         aa:3f:c1:65:18:9e:02:aa:bc:9c:d9:e4:ed:5a:2a:90:60:04:
         cb:a8:8d:41:ba:2c:cf:fc:09:b6:18:79:7a:7f:a9:5a:6a:55:
         5a:96:6f:f7:8d:a5:0e:6b:da:a4:34:a0:d2:7d:40:49:24:e3:
         ee:b5:11:98
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUODEKHrAjnKxeZ1Iv4RDs6O56gFMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIwMDA5WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMGU0M2IzODI1ZjljY2ZiNzQ5MmFjOWU3NWFlNWVkNTk0
N2M5YTNjNTVjZTU2MmU4YzNjYjMwNGFlYzZkYTBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpIah2ii4WZOzWU5RLLazDnipnsrp7CrOoIIszeFoZwR03
DqClBfHAnBe+yD72j+H4EQDGy+kLVGcla7Bzz/gqDGSnL1x/zFkk4qgvtDjWcCXj
GNAnRSWdUb91CAJweHbj4uNA9jfUzGXhn+jGn4H/D4O8m3Pf5Fj2RwkD+6dLAsVp
Dt1Iy4dYELa0XPsl3MYNSGJWS+2m7r6W8vZ5ctk17LIS53SnTNeQTaTmlenkU7l7
fBtAzlaLgQTZCHdwDRn7uXPpZzyGIYUYIBneEpd/VCQT0jjHdrIo1zL5cHHVm/D4
yImLLy6gP46JoOaCREver1tGwKU1oVRWi8JYBo6RAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU1rch+kQMWLk9W4mE4dCdSnWFyv0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliNDhjOTE2LTM4NTgtNGIwMC04ZTE1LTljOTAyYTFjYzk3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hYIAwDQYJKoZIhvcNAQELBQADggEBAIIaHC30B3jomcDUggtlwU2y
HRQsBo4ENkc8kNFMlRFOPP2+bQAUnA6BAOzwGD335rvqrpJLlbBf93AiWjs8jGlU
YU+bL6avvWJQBQtGSXfGW2yff+ZxB3QT1SEjnnd1k7e5kMob2+nYheunxXtrC3xO
uNLRBy5+48iQKdMZHo4+NLebwU+TrY0YGKVh5JDHILtTxAPkr4d9wbPDIPeC66PS
D5fPZUBmYzYAyycQ7zahVw4hRV/Sk+c4zuITYbewbr6PM1tZGKo/wWUYngKqvJzZ
5O1aKpBgBMuojUG6LM/8CbYYeXp/qVpqVVqWb/eNpQ5r2qQ0oNJ9QEkk4+61EZg=
-----END CERTIFICATE-----