Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7815cb-1080-4364-8968-f09bb1d6d0f7.roa
File:                     db7815cb-1080-4364-8968-f09bb1d6d0f7.roa (raw, json)
Hash identifier:          qKClsGrh51ci/n3dKy5DU1upB58nWu5DCaKr2LA4pYw=
Subject key identifier:   34:AE:02:73:73:26:81:48:61:BD:66:77:3C:55:64:33:16:9A:09:07
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       61BBA6DA11C7C29A390FBF3EBFBD6688D721FFA8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7815cb-1080-4364-8968-f09bb1d6d0f7.roa
Signing time:             Tue 23 Sep 2025 15:52:30 +0000
ROA not before:           Tue 23 Sep 2025 15:52:30 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f2b:4000::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:bb:a6:da:11:c7:c2:9a:39:0f:bf:3e:bf:bd:66:88:d7:21:ff:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 23 15:52:30 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=3bbc0074495d21d61eb00c3df58afe2c3f346b444f31e34046fde3bdb046356f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6a:c9:dd:f6:0b:bf:a6:30:7b:0e:23:89:0b:
                    b6:d3:bf:6e:a0:f9:1d:92:5c:40:6f:3d:01:d0:2b:
                    42:dd:10:99:b8:e8:72:91:02:99:bb:94:18:7b:77:
                    b1:53:27:dc:b6:42:c9:25:14:d3:74:eb:f5:24:89:
                    0e:a8:e0:12:f3:5f:86:3d:4d:31:f7:21:7c:d9:47:
                    f2:36:b6:2d:0b:83:0b:df:9c:2a:af:ed:be:26:46:
                    53:19:9f:f0:ef:c0:dc:62:86:ad:d5:26:73:f2:f3:
                    7a:96:de:04:69:3d:bc:69:0a:3d:f3:04:b1:d0:38:
                    6e:8b:8e:72:e8:c9:2f:42:75:1d:34:5b:c1:49:6a:
                    53:de:26:1a:79:47:90:67:b4:69:1f:02:8b:e4:8e:
                    51:3b:43:25:95:11:49:de:2f:e0:f6:12:18:2a:3e:
                    de:4b:0b:df:33:17:9d:4c:62:41:f8:4a:73:d8:93:
                    b5:18:cc:cb:99:0c:bf:fc:57:21:cc:e2:8b:c3:d0:
                    3c:84:79:e2:20:a8:ca:94:7b:df:3d:6e:b7:19:c8:
                    ba:30:0f:5f:2c:11:fe:1d:63:0b:3d:ad:af:44:03:
                    ca:f8:23:1c:92:d2:30:c6:92:cd:e3:54:dc:12:39:
                    0c:f2:43:df:88:81:f1:0f:81:7a:6e:b3:9f:1f:56:
                    fd:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AE:02:73:73:26:81:48:61:BD:66:77:3C:55:64:33:16:9A:09:07
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7815cb-1080-4364-8968-f09bb1d6d0f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f2b:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         ac:0d:cf:5e:71:91:9d:c2:0b:6f:30:a9:5c:87:86:cf:45:a3:
         8b:e8:ef:66:8a:5c:fc:56:26:f0:0c:fc:39:e4:96:7a:07:5d:
         0c:2c:3e:c1:19:87:42:15:11:11:ee:0e:9a:19:72:68:6c:d8:
         34:5e:23:80:a6:0a:4d:61:a7:0a:2c:62:79:42:f7:d9:38:c7:
         26:88:bb:bb:35:c2:f9:4f:e7:3e:5d:7c:41:b8:4e:93:0b:eb:
         c0:57:7f:47:8c:2e:ee:60:e2:57:30:a1:ec:91:a4:5f:b8:b3:
         bd:56:45:2d:dd:41:c4:a5:a7:b8:97:b5:17:c8:91:b5:75:6d:
         3a:ec:d7:c8:28:b0:f8:cc:f3:5b:a9:d8:f9:2b:8d:55:63:e0:
         d4:88:c0:6e:d7:59:0a:8f:5d:39:7d:ae:b3:0b:b4:f1:cd:11:
         0e:5b:ca:3b:e8:d1:d1:7f:78:a1:e0:e9:d7:b6:07:57:ae:22:
         f1:52:93:6e:23:bf:77:00:0d:d9:1d:34:0f:f3:14:5f:85:74:
         01:72:0a:7d:2c:90:b1:fd:1f:c4:40:28:db:af:f8:a8:8e:cb:
         c4:7c:08:09:e5:e3:0b:63:3f:80:22:42:de:f9:c3:0c:f1:35:
         f7:92:f1:07:f6:ad:59:16:c4:ab:43:3c:2b:98:02:fc:64:52:
         5f:05:8b:d7
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUYbum2hHHwpo5D78+v71miNch/6gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTIzMTU1MjMwWhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmJjMDA3NDQ5NWQyMWQ2MWViMDBjM2RmNThhZmUyYzNm
MzQ2YjQ0NGYzMWUzNDA0NmZkZTNiZGIwNDYzNTZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8asnd9gu/pjB7DiOJC7bTv26g+R2SXEBvPQHQK0LdEJm4
6HKRApm7lBh7d7FTJ9y2QsklFNN06/UkiQ6o4BLzX4Y9TTH3IXzZR/I2ti0Lgwvf
nCqv7b4mRlMZn/DvwNxihq3VJnPy83qW3gRpPbxpCj3zBLHQOG6LjnLoyS9CdR00
W8FJalPeJhp5R5BntGkfAovkjlE7QyWVEUneL+D2EhgqPt5LC98zF51MYkH4SnPY
k7UYzMuZDL/8VyHM4ovD0DyEeeIgqMqUe989brcZyLowD18sEf4dYws9ra9EA8r4
IxyS0jDGks3jVNwSOQzyQ9+IgfEPgXpus58fVv2xAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUNK4Cc3MmgUhhvWZ3PFVkMxaaCQcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiNzgxNWNiLTEwODAtNDM2NC04OTY4LWYwOWJiMWQ2ZDBmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8rQDANBgkqhkiG9w0BAQsFAAOCAQEArA3PXnGRncILbzCpXIeGz0Wj
i+jvZopc/FYm8Az8OeSWegddDCw+wRmHQhUREe4OmhlyaGzYNF4jgKYKTWGnCixi
eUL32TjHJoi7uzXC+U/nPl18QbhOkwvrwFd/R4wu7mDiVzCh7JGkX7izvVZFLd1B
xKWnuJe1F8iRtXVtOuzXyCiw+MzzW6nY+SuNVWPg1IjAbtdZCo9dOX2uswu08c0R
DlvKO+jR0X94oeDp17YHV64i8VKTbiO/dwAN2R00D/MUX4V0AXIKfSyQsf0fxEAo
26/4qI7LxHwICeXjC2M/gCJC3vnDDPE195LxB/atWRbEq0M8K5gC/GRSXwWL1w==
-----END CERTIFICATE-----