Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4966cf4-6152-416b-a346-1c6569529a9e.roa
File:                     b4966cf4-6152-416b-a346-1c6569529a9e.roa (raw, json)
Hash identifier:          24HDGMwpkzbcFYknqgO84x4/bVepsW+Y6L+JPTGLwbo=
Subject key identifier:   09:C6:E6:9C:38:6E:BE:91:2A:63:3D:84:31:71:3E:D6:BB:E1:0B:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4F986B13EC3C34E7FD3CA2041C3AB7CC7C04F036
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4966cf4-6152-416b-a346-1c6569529a9e.roa
Signing time:             Tue 11 Nov 2025 01:32:11 +0000
ROA not before:           Tue 11 Nov 2025 01:32:11 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:2040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:98:6b:13:ec:3c:34:e7:fd:3c:a2:04:1c:3a:b7:cc:7c:04:f0:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:32:11 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=2b055f6e20362bebb397713eb421e4c120962a84d28fd7a19ba60869f53b2b85, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8e:b8:f8:2a:c0:20:c1:ef:48:53:e1:2e:78:
                    f4:c7:38:80:a1:6a:af:d2:d0:c5:d5:e1:32:2f:72:
                    9d:f2:1c:15:9e:87:c9:64:d9:6b:d2:a5:58:18:9b:
                    39:7a:7a:d4:b3:a1:cb:50:61:65:8f:99:59:75:11:
                    e0:86:69:5a:33:48:f3:54:1d:ae:61:37:6a:73:8f:
                    3c:c3:6b:f6:f6:6b:29:f5:c6:be:d8:ed:bd:9d:dd:
                    bf:17:59:a7:f2:ff:de:7b:ed:01:ec:b2:ee:4e:3e:
                    0f:bf:e2:f6:b9:0e:58:da:24:5d:bb:9a:ba:2c:dd:
                    f5:79:a7:cc:99:2a:ee:ff:a1:eb:62:94:7b:0c:5d:
                    1b:fe:e9:83:52:88:5d:13:20:72:ea:e2:7a:f3:69:
                    d3:b4:ed:09:b4:b8:9e:6d:99:c1:21:30:92:31:b3:
                    20:32:2b:af:a8:cb:81:b1:4c:0f:16:14:e6:9d:43:
                    4a:a5:ce:af:e4:a4:41:25:d5:81:cb:92:e8:60:4f:
                    19:69:d7:85:21:a0:d0:cb:af:96:08:8a:ca:8d:ba:
                    a9:fa:37:cd:aa:9e:c7:6a:c9:1e:05:e6:01:a9:03:
                    c8:cf:15:0a:bb:ef:c1:6b:8d:f6:19:4b:d9:cb:e9:
                    21:64:db:dd:72:f8:d3:69:89:c3:b4:90:53:c4:b6:
                    4a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C6:E6:9C:38:6E:BE:91:2A:63:3D:84:31:71:3E:D6:BB:E1:0B:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4966cf4-6152-416b-a346-1c6569529a9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         d4:9c:c8:c9:65:0b:06:e6:dc:3e:77:24:f7:69:f7:9d:88:8e:
         c4:ba:87:13:cd:78:99:b7:a7:6b:f4:f8:96:69:59:e6:9b:af:
         1a:a3:2b:f8:bb:f2:79:1f:05:25:d8:82:50:a7:32:a9:41:ae:
         97:f3:65:a8:e6:f4:c8:43:f4:c0:a3:48:01:8f:27:de:7a:5e:
         3c:1c:b4:83:0d:eb:2a:5b:9b:e6:db:4e:9e:96:2a:27:84:50:
         a5:b0:88:57:bf:cd:c9:bd:75:7e:16:0e:03:32:e8:24:11:99:
         7b:c6:49:ed:bc:b0:2c:36:50:56:87:17:a7:e4:08:3f:be:c6:
         c2:57:ef:c1:5f:f3:3c:9a:b4:93:17:de:49:70:63:2c:8d:c6:
         b3:d1:98:b6:37:c1:5b:8e:c0:6a:b2:7b:86:b0:8c:c9:16:d6:
         b7:74:70:9e:bf:0a:12:48:82:7f:ef:9e:83:33:49:de:eb:c3:
         13:f0:c5:f9:25:20:ff:e2:f0:ea:6a:f8:69:74:81:e7:09:98:
         a1:1c:61:7b:fb:70:2a:c0:08:fa:ba:e9:d6:42:54:e2:af:2d:
         63:c9:22:90:da:7b:e6:28:0b:50:26:8c:45:06:79:75:94:9a:
         c7:36:15:15:fc:00:51:5d:78:cd:77:c7:44:4c:e1:99:4a:67:
         50:b5:b4:c5
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUT5hrE+w8NOf9PKIEHDq3zHwE8DYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEzMjExWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjA1NWY2ZTIwMzYyYmViYjM5NzcxM2ViNDIxZTRjMTIw
OTYyYTg0ZDI4ZmQ3YTE5YmE2MDg2OWY1M2IyYjg1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOjrj4KsAgwe9IU+EuePTHOIChaq/S0MXV4TIvcp3yHBWe
h8lk2WvSpVgYmzl6etSzoctQYWWPmVl1EeCGaVozSPNUHa5hN2pzjzzDa/b2ayn1
xr7Y7b2d3b8XWafy/9577QHssu5OPg+/4va5DljaJF27mros3fV5p8yZKu7/oeti
lHsMXRv+6YNSiF0TIHLq4nrzadO07Qm0uJ5tmcEhMJIxsyAyK6+oy4GxTA8WFOad
Q0qlzq/kpEEl1YHLkuhgTxlp14UhoNDLr5YIisqNuqn6N82qnsdqyR4F5gGpA8jP
FQq778FrjfYZS9nL6SFk291y+NNpicO0kFPEtkrtAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUCcbmnDhuvpEqYz2EMXE+1rvhC3MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I0OTY2Y2Y0LTYxNTItNDE2Yi1hMzQ2LTFjNjU2OTUyOWE5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84IEAwDQYJKoZIhvcNAQELBQADggEBANScyMllCwbm3D53JPdp952I
jsS6hxPNeJm3p2v0+JZpWeabrxqjK/i78nkfBSXYglCnMqlBrpfzZajm9MhD9MCj
SAGPJ956XjwctIMN6ypbm+bbTp6WKieEUKWwiFe/zcm9dX4WDgMy6CQRmXvGSe28
sCw2UFaHF6fkCD++xsJX78Ff8zyatJMX3klwYyyNxrPRmLY3wVuOwGqye4awjMkW
1rd0cJ6/ChJIgn/vnoMzSd7rwxPwxfklIP/i8Opq+Gl0gecJmKEcYXv7cCrACPq6
6dZCVOKvLWPJIpDae+YoC1AmjEUGeXWUmsc2FRX8AFFdeM13x0RM4ZlKZ1C1tMU=
-----END CERTIFICATE-----