Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d0e00f9-4fe7-42f8-b3f5-8a7ff43c5e5d.roa
File:                     9d0e00f9-4fe7-42f8-b3f5-8a7ff43c5e5d.roa (raw, json)
Hash identifier:          lJMytWIKvqwZQzWhyHbsaH997aDpKaHBHJTAEKUmcww=
Subject key identifier:   E8:E9:29:CB:26:CB:BB:5E:A9:85:C3:75:1B:28:80:B3:CC:88:8A:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       028E5AC77321B76CB163771F28B507F1109670E3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d0e00f9-4fe7-42f8-b3f5-8a7ff43c5e5d.roa
Signing time:             Tue 11 Nov 2025 01:50:55 +0000
ROA not before:           Tue 11 Nov 2025 01:50:55 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:1040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:8e:5a:c7:73:21:b7:6c:b1:63:77:1f:28:b5:07:f1:10:96:70:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:50:55 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=939c31422da50c6d959200421a8fd677158c1e340d85f89219c8469cccb6d490, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e3:f2:0c:62:5e:5a:8a:a5:7b:f9:cf:05:55:
                    22:f6:82:de:c5:96:e1:bf:8b:9c:dd:76:44:8f:fe:
                    1c:0d:a2:15:02:83:53:b2:3b:f3:98:9e:be:ec:ac:
                    89:2b:60:c5:9d:d9:c6:58:19:97:be:57:23:55:f9:
                    9c:7b:c0:67:7f:0c:bc:42:81:ba:a6:b8:8d:60:f9:
                    a5:d1:fb:6e:a8:97:b4:c6:dd:ce:a2:74:22:94:7c:
                    1d:bf:30:6d:db:ba:06:5d:87:86:a5:dd:00:af:30:
                    da:5d:bf:9a:27:53:37:70:29:c2:69:f0:dd:ab:84:
                    1d:6b:fd:aa:1b:3e:bf:4f:cb:ca:62:9a:91:7d:a1:
                    9a:82:37:d2:55:80:b2:ce:41:f9:de:08:80:d1:8d:
                    fe:f9:3b:2c:8b:a3:1f:e0:e2:40:bb:fe:9a:ac:27:
                    68:67:81:94:88:20:cd:81:fb:e4:5c:0f:55:f1:16:
                    50:16:a0:ff:cd:80:48:d4:13:5e:b9:6f:26:74:71:
                    86:76:53:39:b1:f6:ed:1c:17:35:09:7b:19:74:4c:
                    c2:d9:33:24:9c:ef:19:dd:45:3a:7c:c6:17:61:f5:
                    0f:49:8f:fc:96:d0:36:01:c8:79:dd:16:e1:4d:85:
                    c0:39:86:80:f7:ce:8e:e0:0b:36:3a:e8:84:ca:6f:
                    63:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:E9:29:CB:26:CB:BB:5E:A9:85:C3:75:1B:28:80:B3:CC:88:8A:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d0e00f9-4fe7-42f8-b3f5-8a7ff43c5e5d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:1040::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:01:d3:ad:ff:36:ae:92:25:6a:2d:84:30:fb:8d:cf:7b:06:
         b1:e6:11:59:57:75:ef:bd:03:94:33:ee:eb:ec:1c:97:2b:38:
         68:ac:40:03:02:19:02:66:8a:94:94:b6:0a:f4:e6:7c:09:76:
         ce:3f:7f:4c:06:64:e6:20:a6:4d:8c:fb:43:07:d4:47:74:01:
         7c:ea:0e:33:7d:9c:4e:2a:80:b6:c9:cc:53:b6:76:5c:3a:84:
         22:0c:ef:b5:74:7a:5e:3b:ff:c6:fb:41:dd:76:35:c9:4d:86:
         f2:77:e6:07:25:4e:7c:68:03:d0:fb:37:da:6e:fb:67:50:e4:
         f0:00:1a:0a:31:ae:b1:87:0c:b8:04:ad:53:64:c1:4c:a4:b8:
         e8:de:e8:86:78:52:d1:40:df:e5:d5:94:4a:71:55:9c:32:82:
         dc:64:27:f1:25:32:a4:7b:de:8c:a0:3b:87:72:ef:07:ab:9a:
         ee:27:46:39:37:4a:94:65:fa:43:e3:67:5a:2f:e2:d6:a1:0e:
         1f:92:2e:f8:8b:a8:d8:cb:51:7d:b3:5d:3d:d0:b1:1d:30:8f:
         ab:b2:00:57:f5:41:1e:2f:a5:6e:c0:54:78:f2:c0:cd:67:a6:
         70:69:85:34:fb:9e:7d:f1:55:ab:ce:0a:a7:d9:41:94:eb:a5:
         13:36:e1:e7
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUAo5ax3Mht2yxY3cfKLUH8RCWcOMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDE1MDU1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzljMzE0MjJkYTUwYzZkOTU5MjAwNDIxYThmZDY3NzE1
OGMxZTM0MGQ4NWY4OTIxOWM4NDY5Y2NjYjZkNDkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCF4/IMYl5aiqV7+c8FVSL2gt7FluG/i5zddkSP/hwNohUC
g1OyO/OYnr7srIkrYMWd2cZYGZe+VyNV+Zx7wGd/DLxCgbqmuI1g+aXR+26ol7TG
3c6idCKUfB2/MG3bugZdh4al3QCvMNpdv5onUzdwKcJp8N2rhB1r/aobPr9Py8pi
mpF9oZqCN9JVgLLOQfneCIDRjf75OyyLox/g4kC7/pqsJ2hngZSIIM2B++RcD1Xx
FlAWoP/NgEjUE165byZ0cYZ2Uzmx9u0cFzUJexl0TMLZMySc7xndRTp8xhdh9Q9J
j/yW0DYByHndFuFNhcA5hoD3zo7gCzY66ITKb2M/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU6OkpyybLu16phcN1GyiAs8yIigowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkMGUwMGY5LTRmZTctNDJmOC1iM2Y1LThhN2ZmNDNjNWU1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AEEAwDQYJKoZIhvcNAQELBQADggEBAFQB063/Nq6SJWothDD7jc97
BrHmEVlXde+9A5Qz7uvsHJcrOGisQAMCGQJmipSUtgr05nwJds4/f0wGZOYgpk2M
+0MH1Ed0AXzqDjN9nE4qgLbJzFO2dlw6hCIM77V0el47/8b7Qd12NclNhvJ35gcl
TnxoA9D7N9pu+2dQ5PAAGgoxrrGHDLgErVNkwUykuOje6IZ4UtFA3+XVlEpxVZwy
gtxkJ/ElMqR73oygO4dy7wermu4nRjk3SpRl+kPjZ1ov4tahDh+SLviLqNjLUX2z
XT3QsR0wj6uyAFf1QR4vpW7AVHjywM1npnBphTT7nn3xVavOCqfZQZTrpRM24ec=
-----END CERTIFICATE-----