Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa
File:                     ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa (raw, json)
Hash identifier:          GEND8vJ1BBEZEPYWbccQ9eRc2QJuONc2QIC+Rg/2QnY=
Subject key identifier:   6A:FB:E1:65:39:C2:A4:15:B9:47:E3:B7:27:0F:96:96:A0:34:82:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78EE969A16A465F6C1BC5130F69E4ECA9532FB3A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa
Signing time:             Tue 28 Oct 2025 00:20:49 +0000
ROA not before:           Tue 28 Oct 2025 00:20:49 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffa:4000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:ee:96:9a:16:a4:65:f6:c1:bc:51:30:f6:9e:4e:ca:95:32:fb:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:20:49 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=ad81c20ec6af93f29e989543725a04900a8a04b46b24cc9d3c19e1040956e479, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ee:9b:22:88:97:42:0b:0f:5b:d1:9a:96:17:
                    fb:2a:fb:49:b9:c3:c7:32:d4:53:a8:e9:c8:40:39:
                    e2:2d:ec:97:6c:f7:71:a8:bd:c5:68:c5:3a:91:7a:
                    d6:97:d5:d5:4c:ef:8e:e4:7c:7a:2b:d6:7b:ab:90:
                    85:d4:4a:76:76:f9:e9:6a:2f:0e:cf:37:0a:bb:04:
                    49:43:34:36:2b:67:3e:8a:09:d9:f7:8f:e9:29:c6:
                    d7:6c:a1:32:b3:d9:9d:50:30:9c:c4:77:d7:bb:ec:
                    10:98:63:c9:33:05:d6:47:70:5c:3a:c4:62:1d:04:
                    89:81:d4:86:de:4a:1d:52:fd:a8:a2:c4:04:6b:09:
                    f1:b8:d4:8b:c2:7d:d8:d5:b0:4f:43:a7:2f:78:62:
                    66:7f:16:12:2b:7e:8e:ff:98:98:96:d9:3a:5b:18:
                    61:1b:88:5b:20:92:0b:8b:52:74:6d:fd:ba:5e:a8:
                    b6:fd:5e:25:3a:28:01:76:d1:a5:bf:f1:3e:f9:0b:
                    27:26:3c:a4:2d:b2:f2:dc:4c:fc:c7:30:5f:99:6b:
                    e1:da:1c:ec:cc:b1:d4:46:57:5b:e3:2f:b0:d7:44:
                    96:0d:53:89:ca:c4:75:f9:42:23:22:3c:57:ee:e1:
                    32:37:fa:67:ac:08:71:41:b2:37:9a:3d:b5:28:1d:
                    d1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FB:E1:65:39:C2:A4:15:B9:47:E3:B7:27:0F:96:96:A0:34:82:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffa:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8a:b3:f4:a7:aa:02:f6:51:66:7f:1b:1b:b7:ea:4d:35:2f:5f:
         e2:f7:f7:19:3c:20:39:60:c8:6b:a8:08:0f:9c:22:21:15:20:
         f8:64:f4:24:98:42:37:78:3e:9c:24:37:00:b2:07:6d:ba:6b:
         10:c4:23:f8:23:ed:eb:70:1c:c0:50:50:ec:8b:9d:97:16:39:
         63:44:9c:c3:a9:b1:da:95:2b:dc:a2:2e:a9:49:6e:73:fd:e6:
         b3:39:40:95:43:42:84:c0:f3:e7:7b:0c:3e:46:eb:07:61:c8:
         3c:49:90:bf:55:92:bb:1a:33:c6:cb:cd:15:0d:bd:ac:f8:b5:
         68:4c:66:25:ff:97:55:0a:39:14:cc:1b:46:e2:6c:56:e3:66:
         2d:fc:a4:fa:ac:4e:a0:01:2d:70:75:17:9a:9b:7c:de:94:4d:
         4a:b6:01:65:f0:46:c4:de:6a:48:e4:dc:62:2d:90:e1:3f:f5:
         ee:cc:62:01:30:36:af:63:0d:b4:fb:a4:09:76:c1:7a:0f:1a:
         ca:74:24:36:3f:09:5a:86:f1:2e:13:e6:ac:67:1b:99:83:2e:
         cc:cd:35:20:73:ac:81:d8:55:cc:5e:6d:cc:d8:ae:94:7e:f9:
         dc:fe:c0:88:4e:80:ae:6e:e0:f7:6b:52:13:35:65:cf:49:1f:
         e3:6d:f3:f8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUeO6WmhakZfbBvFEw9p5OypUy+zowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAyMDQ5WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDgxYzIwZWM2YWY5M2YyOWU5ODk1NDM3MjVhMDQ5MDBh
OGEwNGI0NmIyNGNjOWQzYzE5ZTEwNDA5NTZlNDc5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCR7psiiJdCCw9b0ZqWF/sq+0m5w8cy1FOo6chAOeIt7Jds
93GovcVoxTqRetaX1dVM747kfHor1nurkIXUSnZ2+elqLw7PNwq7BElDNDYrZz6K
Cdn3j+kpxtdsoTKz2Z1QMJzEd9e77BCYY8kzBdZHcFw6xGIdBImB1IbeSh1S/aii
xARrCfG41IvCfdjVsE9Dpy94YmZ/FhIrfo7/mJiW2TpbGGEbiFsgkguLUnRt/bpe
qLb9XiU6KAF20aW/8T75CycmPKQtsvLcTPzHMF+Za+HaHOzMsdRGV1vjL7DXRJYN
U4nKxHX5QiMiPFfu4TI3+mesCHFBsjeaPbUoHdGRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUavvhZTnCpBW5R+O3Jw+WlqA0gkEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlOWNiYWMyLTQ3NDktNDM4NS1iOTUyLTViNGQ5Yjk0ODRkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/6QDANBgkqhkiG9w0BAQsFAAOCAQEAirP0p6oC9lFmfxsbt+pNNS9f
4vf3GTwgOWDIa6gID5wiIRUg+GT0JJhCN3g+nCQ3ALIHbbprEMQj+CPt63AcwFBQ
7IudlxY5Y0Scw6mx2pUr3KIuqUluc/3mszlAlUNChMDz53sMPkbrB2HIPEmQv1WS
uxozxsvNFQ29rPi1aExmJf+XVQo5FMwbRuJsVuNmLfyk+qxOoAEtcHUXmpt83pRN
SrYBZfBGxN5qSOTcYi2Q4T/17sxiATA2r2MNtPukCXbBeg8aynQkNj8JWobxLhPm
rGcbmYMuzM01IHOsgdhVzF5tzNiulH753P7AiE6Arm7g92tSEzVlz0kf423z+A==
-----END CERTIFICATE-----