Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e9a2495a-b565-4518-8d91-a9fb127abca6.roa
File:                     e9a2495a-b565-4518-8d91-a9fb127abca6.roa (raw, json)
Hash identifier:          lk30XVbfyETT9ZMHgfhvGM3sG5dng/1P9ZbwhL4yj+Y=
Subject key identifier:   EC:9A:AF:13:50:A8:84:8A:F9:00:BA:0B:A7:62:D3:32:4C:79:CF:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1742D03F92ACB6035180C7CEE65E90A1C4201557
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e9a2495a-b565-4518-8d91-a9fb127abca6.roa
Signing time:             Tue 11 Nov 2025 01:11:55 +0000
ROA not before:           Tue 11 Nov 2025 01:11:55 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:1020::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:42:d0:3f:92:ac:b6:03:51:80:c7:ce:e6:5e:90:a1:c4:20:15:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:11:55 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=d49c844a362deb7a9c8ff4b942588505d787c529453cdfb29e8487dda859656e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ad:a6:38:d6:77:5b:f5:2c:80:71:d1:78:ae:
                    f9:68:3e:0f:67:22:83:fd:fd:b9:26:ff:b9:cd:38:
                    cc:00:f7:8d:a4:6e:fc:cc:95:fe:c6:fb:20:d7:75:
                    5f:72:9a:af:a6:59:1c:97:c8:0d:6b:bc:b6:e9:85:
                    b9:45:95:e3:4e:e7:03:d8:79:08:aa:ce:93:f4:52:
                    a0:d2:2f:77:db:3b:a0:64:33:7e:63:04:b1:38:0e:
                    b7:33:89:ee:4a:cd:31:f4:35:49:aa:0f:c9:70:16:
                    32:7c:f4:1f:c8:1b:e3:10:8b:53:7b:21:46:b1:ff:
                    30:37:9d:1c:66:b7:ea:c4:a1:69:48:17:67:03:be:
                    59:9e:e9:db:b7:9a:74:e7:3a:4c:de:6c:8a:14:75:
                    e9:49:17:55:02:db:72:9c:05:c2:84:4a:73:6a:b5:
                    2c:e2:70:5e:5f:39:45:cb:79:39:89:b4:82:1c:76:
                    d6:d7:9e:74:d9:e3:46:b0:c6:82:5b:67:7a:97:75:
                    cd:d7:99:0b:d6:d3:8c:a8:14:f0:bb:73:ef:54:3f:
                    db:94:16:e9:67:75:a2:a8:25:fd:f2:a5:65:51:f1:
                    ff:22:32:72:2c:02:b6:a3:77:c8:89:a1:28:5a:d3:
                    84:d0:66:03:dd:52:12:76:d6:17:8f:8e:47:ea:ab:
                    a6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:9A:AF:13:50:A8:84:8A:F9:00:BA:0B:A7:62:D3:32:4C:79:CF:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e9a2495a-b565-4518-8d91-a9fb127abca6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:1020::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:f4:3d:98:dc:a0:16:65:ec:d7:a0:f0:23:2f:26:4a:c1:87:
         c7:b6:88:32:45:6d:d5:12:11:a3:0c:34:49:32:c9:86:a9:6e:
         ce:0a:0f:e0:ce:54:b7:28:c6:57:da:d4:b5:bc:71:c9:56:6d:
         f4:48:83:e8:7b:8e:38:b7:63:11:4f:31:7c:16:93:63:d8:9e:
         ad:50:1e:37:16:27:58:67:c3:b5:3c:db:b5:28:d7:80:b8:71:
         07:e1:57:16:1c:a6:2c:bf:52:ac:34:0d:7b:d0:e8:54:3a:21:
         4e:09:00:c9:14:92:61:56:a4:f1:bb:30:12:80:e3:b4:5c:ef:
         20:1c:bb:90:8a:cd:36:9e:2f:34:95:70:ed:6e:cf:1c:d2:43:
         48:85:b4:48:f0:98:21:d9:6f:48:41:bf:95:c8:fc:33:e0:90:
         d2:eb:e6:c6:7e:03:a2:2b:bd:e0:74:c7:32:24:11:b1:20:3f:
         b0:38:d9:5d:4b:7e:b2:cd:2a:67:9f:a7:36:ff:84:e3:0f:2e:
         b9:4d:ac:3e:21:42:cf:48:34:d9:f6:92:3f:25:46:93:6e:05:
         24:02:25:4e:02:b0:21:a3:68:b1:2d:93:9c:7d:20:39:4e:cd:
         f8:0c:d8:56:c6:07:24:42:b3:fb:11:47:54:0b:3a:75:b7:80:
         8c:60:5a:2f
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUF0LQP5KstgNRgMfO5l6QocQgFVcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDExMTU1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDljODQ0YTM2MmRlYjdhOWM4ZmY0Yjk0MjU4ODUwNWQ3
ODdjNTI5NDUzY2RmYjI5ZTg0ODdkZGE4NTk2NTZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTraY41ndb9SyAcdF4rvloPg9nIoP9/bkm/7nNOMwA942k
bvzMlf7G+yDXdV9ymq+mWRyXyA1rvLbphblFleNO5wPYeQiqzpP0UqDSL3fbO6Bk
M35jBLE4Drczie5KzTH0NUmqD8lwFjJ89B/IG+MQi1N7IUax/zA3nRxmt+rEoWlI
F2cDvlme6du3mnTnOkzebIoUdelJF1UC23KcBcKESnNqtSzicF5fOUXLeTmJtIIc
dtbXnnTZ40awxoJbZ3qXdc3XmQvW04yoFPC7c+9UP9uUFulndaKoJf3ypWVR8f8i
MnIsArajd8iJoSha04TQZgPdUhJ21hePjkfqq6YZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU7JqvE1CohIr5ALoLp2LTMkx5z/YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U5YTI0OTVhLWI1NjUtNDUxOC04ZDkxLWE5ZmIxMjdhYmNhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hECAwDQYJKoZIhvcNAQELBQADggEBABv0PZjcoBZl7Neg8CMvJkrB
h8e2iDJFbdUSEaMMNEkyyYapbs4KD+DOVLcoxlfa1LW8cclWbfRIg+h7jji3YxFP
MXwWk2PYnq1QHjcWJ1hnw7U827Uo14C4cQfhVxYcpiy/Uqw0DXvQ6FQ6IU4JAMkU
kmFWpPG7MBKA47Rc7yAcu5CKzTaeLzSVcO1uzxzSQ0iFtEjwmCHZb0hBv5XI/DPg
kNLr5sZ+A6IrveB0xzIkEbEgP7A42V1LfrLNKmefpzb/hOMPLrlNrD4hQs9INNn2
kj8lRpNuBSQCJU4CsCGjaLEtk5x9IDlOzfgM2FbGByRCs/sRR1QLOnW3gIxgWi8=
-----END CERTIFICATE-----