Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b573d167-bef3-47e2-8426-20800f67adc9.roa
File:                     b573d167-bef3-47e2-8426-20800f67adc9.roa (raw, json)
Hash identifier:          lTlFi6hii2xvPT0qurd/f/V2lZ+kdmUo+qt14oinORw=
Subject key identifier:   29:36:9A:7A:A4:F1:E9:9D:AB:35:19:05:59:3B:57:4D:79:72:C5:64
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       35E81C1F31BDFB65AAB7C2C806E8D3967173FD72
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b573d167-bef3-47e2-8426-20800f67adc9.roa
Signing time:             Mon 22 Sep 2025 17:52:10 +0000
ROA not before:           Mon 22 Sep 2025 17:52:10 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f61:80a0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:e8:1c:1f:31:bd:fb:65:aa:b7:c2:c8:06:e8:d3:96:71:73:fd:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 17:52:10 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=02768142166cf9fc0ec95cbc8dd493663de66ba818251126f4807f6cef0dc753, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:03:cb:bb:23:3d:40:05:c2:f4:e8:10:e4:14:
                    12:af:ee:7b:8d:f0:cc:74:48:3a:53:d2:91:e8:cb:
                    9d:21:ae:20:21:b3:04:d5:28:df:b6:fd:87:d8:2d:
                    48:3b:8c:03:d8:fb:0c:f4:a3:34:f8:fe:70:90:11:
                    ad:02:fc:5f:75:79:0b:7f:ad:c8:b4:af:3b:a4:4c:
                    d2:4b:71:3e:6e:36:05:dc:4d:2e:1a:34:c6:ac:54:
                    7c:e1:bb:7c:15:77:7e:1f:6c:b3:79:d3:1c:2c:0c:
                    d3:ee:fa:d5:ce:e1:cf:2b:88:05:2a:7f:07:97:de:
                    e8:bd:77:43:78:56:b9:fc:dc:b4:02:f1:9e:b8:7c:
                    86:4e:42:78:05:41:a9:8a:d6:35:ff:c6:eb:bf:08:
                    17:96:66:01:91:5c:db:19:41:6e:7f:9c:02:30:ad:
                    8c:a2:cd:95:b2:4d:87:0a:59:4e:ca:95:66:92:6b:
                    bb:40:eb:0e:e2:c6:80:a1:2e:83:22:c4:9f:a0:c7:
                    c2:21:2e:28:27:aa:34:dc:ea:60:44:3f:4d:b3:fc:
                    ca:9f:ae:59:e6:e7:0c:16:8a:5c:b0:e2:fc:eb:d6:
                    c6:03:c1:f8:8f:c2:c2:d4:62:2b:79:8f:44:98:a1:
                    13:a4:9f:45:3f:64:1c:80:7c:42:55:b2:de:1b:45:
                    37:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:36:9A:7A:A4:F1:E9:9D:AB:35:19:05:59:3B:57:4D:79:72:C5:64
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b573d167-bef3-47e2-8426-20800f67adc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:80a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:5a:1b:5f:f8:c3:4a:63:b9:88:68:ea:51:20:9d:e6:a3:87:
         86:41:8b:b7:63:bb:84:0b:96:0f:51:43:00:7f:65:56:67:52:
         ed:e9:e7:c1:17:75:e5:82:d3:dd:8f:07:dd:76:9a:4c:82:4a:
         e6:1a:8a:bd:40:d4:ea:e4:07:4d:4f:69:2a:6d:1d:6a:9d:fa:
         a2:0b:eb:3a:8c:80:58:a4:cc:a6:d8:49:cd:28:d4:c0:37:99:
         21:f8:a3:e7:e7:88:e3:4c:39:eb:de:85:f2:e0:73:04:a4:5b:
         12:3a:54:54:64:35:b5:a8:d8:53:b4:81:d9:6f:9a:9c:7d:db:
         10:20:5b:18:dd:b7:0d:c7:41:e7:cc:5c:a9:29:4c:57:4f:dd:
         ae:5a:f0:d4:15:bc:0e:98:ef:91:5f:88:51:68:b8:30:fe:ef:
         04:33:1c:4d:9c:10:a2:9d:be:99:47:f0:f0:02:89:43:ed:ad:
         b9:af:a4:b9:7b:49:4a:f8:10:7b:92:ce:47:1c:16:85:f6:1d:
         3e:e3:28:30:29:94:b1:75:f6:b6:f8:d8:74:63:12:fe:67:f6:
         43:ff:d1:e7:74:74:6b:84:b8:77:95:b9:85:14:e0:bf:51:4a:
         14:b6:e7:77:c6:90:b3:19:14:f3:a4:ec:da:2e:5c:88:cc:7d:
         1b:2c:64:f6
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUNegcHzG9+2Wqt8LIBujTlnFz/XIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTIyMTc1MjEwWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjc2ODE0MjE2NmNmOWZjMGVjOTVjYmM4ZGQ0OTM2NjNk
ZTY2YmE4MTgyNTExMjZmNDgwN2Y2Y2VmMGRjNzUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsA8u7Iz1ABcL06BDkFBKv7nuN8Mx0SDpT0pHoy50hriAh
swTVKN+2/YfYLUg7jAPY+wz0ozT4/nCQEa0C/F91eQt/rci0rzukTNJLcT5uNgXc
TS4aNMasVHzhu3wVd34fbLN50xwsDNPu+tXO4c8riAUqfweX3ui9d0N4Vrn83LQC
8Z64fIZOQngFQamK1jX/xuu/CBeWZgGRXNsZQW5/nAIwrYyizZWyTYcKWU7KlWaS
a7tA6w7ixoChLoMixJ+gx8IhLignqjTc6mBEP02z/Mqfrlnm5wwWilyw4vzr1sYD
wfiPwsLUYit5j0SYoROkn0U/ZByAfEJVst4bRTd/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUKTaaeqTx6Z2rNRkFWTtXTXlyxWQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1NzNkMTY3LWJlZjMtNDdlMi04NDI2LTIwODAwZjY3YWRjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hgKAwDQYJKoZIhvcNAQELBQADggEBAExaG1/4w0pjuYho6lEgneaj
h4ZBi7dju4QLlg9RQwB/ZVZnUu3p58EXdeWC092PB912mkyCSuYair1A1OrkB01P
aSptHWqd+qIL6zqMgFikzKbYSc0o1MA3mSH4o+fniONMOevehfLgcwSkWxI6VFRk
NbWo2FO0gdlvmpx92xAgWxjdtw3HQefMXKkpTFdP3a5a8NQVvA6Y75FfiFFouDD+
7wQzHE2cEKKdvplH8PACiUPtrbmvpLl7SUr4EHuSzkccFoX2HT7jKDAplLF19rb4
2HRjEv5n9kP/0ed0dGuEuHeVuYUU4L9RShS253fGkLMZFPOk7NouXIjMfRssZPY=
-----END CERTIFICATE-----