Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d48cd169-d456-4d40-abbf-bbdf7ede92be.roa
File:                     d48cd169-d456-4d40-abbf-bbdf7ede92be.roa (raw, json)
Hash identifier:          VZHfZnxH1Q7rZSGLWk/tyMBgU3Sq+4VpJns/zlBhea0=
Subject key identifier:   64:C5:D9:EB:00:8A:98:3F:83:EA:78:8F:CB:9B:24:D5:F3:87:F5:E9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B06503ECFF297BA189F352954B709FF7BB8E831
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d48cd169-d456-4d40-abbf-bbdf7ede92be.roa
Signing time:             Tue 11 Nov 2025 01:00:11 +0000
ROA not before:           Tue 11 Nov 2025 01:00:11 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:80c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:06:50:3e:cf:f2:97:ba:18:9f:35:29:54:b7:09:ff:7b:b8:e8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:00:11 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=62bfb7414976180e2cb9ce8afefbbbcc18e2a8f63fcbcf2cd2a709224a187a3a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7d:52:dc:71:64:90:b4:2f:14:77:12:a1:4f:
                    52:63:d8:3a:f7:ce:01:26:9e:b8:0d:aa:48:b1:1a:
                    03:0d:4f:a7:b8:cd:6f:e5:75:cc:4f:dd:d9:af:27:
                    30:03:cc:71:e4:5e:9c:8a:22:8e:c1:b9:c5:0b:12:
                    7d:e3:28:a1:4c:8a:84:20:c4:fa:ce:ed:32:86:30:
                    71:73:ee:97:bd:fa:8b:3b:b9:23:14:23:5a:a3:6f:
                    84:fe:7f:2d:e0:44:a3:2d:99:11:4e:f8:10:a9:63:
                    a9:a8:55:53:a7:b9:a9:c4:3a:2f:5e:61:4e:ca:f1:
                    37:0d:e6:66:a7:6e:a0:b0:7c:f0:9c:a8:38:3a:63:
                    f3:d6:c6:cf:87:c1:99:cd:ca:c0:e4:0f:11:2b:9b:
                    b7:a9:90:57:80:dc:9e:64:30:cf:c9:d3:51:1f:c6:
                    8e:cc:8b:29:bb:a5:22:6c:28:c7:f6:c8:59:ef:5e:
                    19:15:f0:87:b0:78:3c:a7:a9:e5:8e:6c:21:3b:52:
                    ae:3a:fc:4a:74:42:51:21:36:a1:42:51:0b:c3:55:
                    95:6e:ef:00:15:a4:53:cc:4f:04:a1:e7:d0:a9:57:
                    4e:0a:99:54:b0:ec:7f:bc:30:62:48:5b:61:93:ac:
                    dc:eb:5a:11:57:24:65:ad:5c:ec:f9:cb:0b:a7:66:
                    bf:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C5:D9:EB:00:8A:98:3F:83:EA:78:8F:CB:9B:24:D5:F3:87:F5:E9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d48cd169-d456-4d40-abbf-bbdf7ede92be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:80c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:c5:c2:9a:f0:6d:0f:d6:35:c5:ca:ed:4c:95:c5:f7:69:8e:
         cd:00:17:3c:e0:75:29:d7:5f:7f:f8:9a:96:31:ec:9f:f2:65:
         c9:99:8d:ed:2b:44:fa:36:a9:4e:d1:98:3b:00:36:1f:75:37:
         88:1e:a1:4f:96:9a:b2:d4:b8:a0:b7:84:a1:99:c4:e3:cd:8f:
         2a:e1:11:64:81:f8:d0:74:47:9f:6b:c0:df:90:34:3a:16:93:
         68:58:69:a3:62:63:e8:39:da:67:91:91:59:36:77:05:24:49:
         4f:2b:4e:c6:b4:5d:17:f7:62:64:c0:64:ac:c2:2e:a7:19:96:
         61:63:e8:7e:9e:03:f2:c7:9b:e2:90:b9:c4:83:63:39:53:a4:
         5e:25:fc:82:84:00:e7:2e:b8:21:c6:13:21:0d:08:d3:d6:32:
         b2:d8:8c:20:23:c4:4a:6f:34:2f:be:5e:3b:43:ad:b2:83:38:
         0a:90:d7:15:82:cb:fd:96:a0:dd:d7:e0:da:30:4b:b3:25:3c:
         2a:f8:9c:2f:56:70:41:a1:41:d8:d5:42:c7:7f:f1:28:58:a7:
         80:c9:81:cb:c6:9d:90:f7:e3:b5:50:f4:8e:df:9e:55:83:0b:
         3f:ba:86:81:76:22:43:92:40:bc:b5:d1:5e:b1:4a:db:5a:a3:
         98:83:57:ea
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUawZQPs/yl7oYnzUpVLcJ/3u46DEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEwMDExWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmJmYjc0MTQ5NzYxODBlMmNiOWNlOGFmZWZiYmJjYzE4
ZTJhOGY2M2ZjYmNmMmNkMmE3MDkyMjRhMTg3YTNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyfVLccWSQtC8UdxKhT1Jj2Dr3zgEmnrgNqkixGgMNT6e4
zW/ldcxP3dmvJzADzHHkXpyKIo7BucULEn3jKKFMioQgxPrO7TKGMHFz7pe9+os7
uSMUI1qjb4T+fy3gRKMtmRFO+BCpY6moVVOnuanEOi9eYU7K8TcN5manbqCwfPCc
qDg6Y/PWxs+HwZnNysDkDxErm7epkFeA3J5kMM/J01Efxo7Miym7pSJsKMf2yFnv
XhkV8IeweDynqeWObCE7Uq46/Ep0QlEhNqFCUQvDVZVu7wAVpFPMTwSh59CpV04K
mVSw7H+8MGJIW2GTrNzrWhFXJGWtXOz5ywunZr8zAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUZMXZ6wCKmD+D6niPy5sk1fOH9ekwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0OGNkMTY5LWQ0NTYtNGQ0MC1hYmJmLWJiZGY3ZWRlOTJiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84gMAwDQYJKoZIhvcNAQELBQADggEBAJDFwprwbQ/WNcXK7UyVxfdp
js0AFzzgdSnXX3/4mpYx7J/yZcmZje0rRPo2qU7RmDsANh91N4geoU+WmrLUuKC3
hKGZxOPNjyrhEWSB+NB0R59rwN+QNDoWk2hYaaNiY+g52meRkVk2dwUkSU8rTsa0
XRf3YmTAZKzCLqcZlmFj6H6eA/LHm+KQucSDYzlTpF4l/IKEAOcuuCHGEyENCNPW
MrLYjCAjxEpvNC++XjtDrbKDOAqQ1xWCy/2WoN3X4NowS7MlPCr4nC9WcEGhQdjV
Qsd/8ShYp4DJgcvGnZD347VQ9I7fnlWDCz+6hoF2IkOSQLy10V6xSttao5iDV+o=
-----END CERTIFICATE-----