Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e4a399bd-92c0-4ab0-8b7a-be88117e012b.roa
File:                     e4a399bd-92c0-4ab0-8b7a-be88117e012b.roa (raw, json)
Hash identifier:          Krb/lPfKXrTTS+GI0E9awx7a/+3H2IdUl/CwqoLLqtk=
Subject key identifier:   9F:8A:F7:3D:BF:94:94:C4:D5:AC:28:AC:9F:73:6C:7E:4E:09:BE:4C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7CEB392FD802BAC6E1F9C21C81355F1598A35EB6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e4a399bd-92c0-4ab0-8b7a-be88117e012b.roa
Signing time:             Wed 12 Nov 2025 02:12:02 +0000
ROA not before:           Wed 12 Nov 2025 02:12:02 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:6000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:eb:39:2f:d8:02:ba:c6:e1:f9:c2:1c:81:35:5f:15:98:a3:5e:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:12:02 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=78f0acbf850d45d51356d91a5b1be544ee9e98f5f9d272dcad3747cdf8f60513, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d7:1f:53:59:73:e7:a5:a2:14:ef:83:cb:9a:
                    50:71:88:fa:8a:62:96:04:50:9e:13:00:6b:13:e5:
                    76:b8:9a:96:52:7e:01:ef:65:77:19:2b:ef:92:64:
                    2b:5a:07:11:a0:fe:2a:56:50:4b:9f:ad:be:3d:c5:
                    aa:db:9b:d3:7e:c5:77:a4:ef:59:56:41:56:fa:15:
                    37:c4:ac:57:7e:80:cf:0c:8c:ee:c3:e6:23:7c:4b:
                    ad:2f:ba:7c:6e:eb:1a:72:a0:b8:9a:41:93:87:e3:
                    60:c3:53:d7:74:f9:d0:b7:6f:88:5a:30:47:d5:00:
                    0e:07:56:70:60:b5:ab:e0:2c:cb:6c:a2:88:2e:03:
                    f5:da:2f:c3:f4:f6:a8:5f:5d:5a:c0:63:05:3b:a2:
                    50:90:c7:30:90:84:7f:64:25:7d:b7:c5:9f:72:e9:
                    83:48:5b:f8:8f:74:2a:a3:9f:4d:59:46:d2:81:5e:
                    fb:77:56:44:ec:4a:62:5e:04:69:a4:ed:c5:9c:b5:
                    38:c0:fd:bb:ac:8a:b0:4c:08:14:8f:f3:de:3a:6a:
                    53:e6:80:66:7d:02:03:41:6d:b7:20:a7:b2:4f:a4:
                    78:5f:5a:22:09:ac:3e:3c:05:53:d7:9a:33:f0:16:
                    9b:a0:d3:ed:94:96:8b:4e:20:02:4f:78:50:19:6e:
                    0f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:8A:F7:3D:BF:94:94:C4:D5:AC:28:AC:9F:73:6C:7E:4E:09:BE:4C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e4a399bd-92c0-4ab0-8b7a-be88117e012b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:75:74:4e:4d:25:c5:25:bf:57:0f:0d:a9:98:5e:43:61:28:
         f0:48:35:7b:fe:af:e0:c9:57:8b:d5:a5:96:e5:e8:4b:e3:ee:
         92:62:2a:00:3f:17:73:27:15:6e:ae:86:22:e6:e7:73:fb:db:
         cf:74:6e:e6:c4:e2:a4:ed:b3:35:b0:3b:47:65:ec:5c:bb:e0:
         40:fb:2c:ea:84:1e:33:dd:de:13:35:14:23:8c:09:19:ae:ee:
         9c:da:db:95:a5:a5:01:d6:0f:6c:85:d3:10:a2:ea:6f:5f:5e:
         87:94:a3:c5:23:5e:91:3a:80:8f:ab:d1:68:6e:4b:b8:5b:b3:
         f4:7c:ce:0b:8b:9d:9b:15:8a:03:d8:91:46:fe:c7:15:45:d0:
         6f:f2:91:17:26:f0:4c:90:15:9c:65:0f:36:d6:0c:61:fa:1c:
         e9:01:1e:b0:d5:a5:81:e5:83:ec:e5:c6:1f:3b:06:f2:1f:3f:
         8c:e9:e8:0e:07:90:e8:c0:49:da:9e:36:aa:2f:bc:89:fc:f4:
         96:cf:d2:0d:39:91:f6:53:84:5a:72:14:cd:d5:a9:65:04:63:
         aa:0f:5e:11:18:49:2e:2f:76:1b:a2:88:55:56:7b:6a:25:77:
         4c:30:f4:63:8e:23:73:d3:58:52:ef:8b:2d:0d:a2:b4:83:75:
         19:d0:3f:c1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUfOs5L9gCusbh+cIcgTVfFZijXrYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIxMjAyWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OGYwYWNiZjg1MGQ0NWQ1MTM1NmQ5MWE1YjFiZTU0NGVl
OWU5OGY1ZjlkMjcyZGNhZDM3NDdjZGY4ZjYwNTEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI1x9TWXPnpaIU74PLmlBxiPqKYpYEUJ4TAGsT5Xa4mpZS
fgHvZXcZK++SZCtaBxGg/ipWUEufrb49xarbm9N+xXek71lWQVb6FTfErFd+gM8M
jO7D5iN8S60vunxu6xpyoLiaQZOH42DDU9d0+dC3b4haMEfVAA4HVnBgtavgLMts
ooguA/XaL8P09qhfXVrAYwU7olCQxzCQhH9kJX23xZ9y6YNIW/iPdCqjn01ZRtKB
Xvt3VkTsSmJeBGmk7cWctTjA/busirBMCBSP8946alPmgGZ9AgNBbbcgp7JPpHhf
WiIJrD48BVPXmjPwFpug0+2UlotOIAJPeFAZbg87AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUn4r3Pb+UlMTVrCisn3Nsfk4JvkwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U0YTM5OWJkLTkyYzAtNGFiMC04YjdhLWJlODgxMTdlMDEyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8yYDANBgkqhkiG9w0BAQsFAAOCAQEAaHV0Tk0lxSW/Vw8NqZheQ2Eo
8Eg1e/6v4MlXi9WlluXoS+PukmIqAD8XcycVbq6GIubnc/vbz3Ru5sTipO2zNbA7
R2XsXLvgQPss6oQeM93eEzUUI4wJGa7unNrblaWlAdYPbIXTEKLqb19eh5SjxSNe
kTqAj6vRaG5LuFuz9HzOC4udmxWKA9iRRv7HFUXQb/KRFybwTJAVnGUPNtYMYfoc
6QEesNWlgeWD7OXGHzsG8h8/jOnoDgeQ6MBJ2p42qi+8ifz0ls/SDTmR9lOEWnIU
zdWpZQRjqg9eERhJLi92G6KIVVZ7aiV3TDD0Y44jc9NYUu+LLQ2itIN1GdA/wQ==
-----END CERTIFICATE-----