Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f70919ec-f6ef-4ba5-a2b7-c04c9a2fc45e.roa
File:                     f70919ec-f6ef-4ba5-a2b7-c04c9a2fc45e.roa (raw, json)
Hash identifier:          HadbS4iyf3+4EfWl9p+YntfUFS1kaG6W4nrRnfHAo+U=
Subject key identifier:   86:82:F4:F2:65:76:F4:80:6C:6F:8D:56:98:27:E2:C0:3B:04:72:74
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4499A2B6CEB1975FBED75DABDC0E0BEA2065E6C5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f70919ec-f6ef-4ba5-a2b7-c04c9a2fc45e.roa
Signing time:             Tue 11 Nov 2025 01:20:55 +0000
ROA not before:           Tue 11 Nov 2025 01:20:55 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:4070::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:99:a2:b6:ce:b1:97:5f:be:d7:5d:ab:dc:0e:0b:ea:20:65:e6:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:20:55 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=444bcc0166c45ccfe7df8b4c1b56f85edda00c428cd59ac09ff1d8c1cf7725da, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4c:c3:ec:9c:97:fa:73:ba:72:c6:46:f3:86:
                    70:a8:84:c2:79:0e:57:b9:8c:97:53:24:0c:a0:2e:
                    38:a2:e5:91:4e:8c:66:1e:16:a9:86:9d:77:8e:3d:
                    89:b1:18:f2:9b:7c:ed:24:57:b8:1e:86:1e:1f:a3:
                    19:cd:0d:f0:96:8c:9c:9f:e9:d4:68:8a:9a:87:39:
                    40:94:e5:fc:12:8f:3b:d4:55:84:0d:07:b6:3c:a7:
                    22:24:6a:fb:50:fb:a2:99:20:b4:d4:46:c1:54:5d:
                    19:85:99:a7:1f:e5:67:f0:33:43:30:dc:47:cf:47:
                    7e:78:3b:86:09:bf:b2:48:d9:c8:a0:1f:40:3e:53:
                    de:9f:b1:37:7e:38:1d:24:7a:07:3e:e8:8b:13:7f:
                    04:d3:e4:28:c8:13:67:19:d7:ed:ec:e8:b8:a1:97:
                    6c:7d:7a:5b:1b:7d:4d:5d:c8:35:35:36:57:02:b5:
                    22:5f:54:40:64:44:56:ef:33:25:48:6a:ee:a2:40:
                    5f:89:c2:a1:71:41:5b:66:2f:2d:1b:5a:bf:42:8d:
                    4a:98:ba:ac:9f:f7:fc:fc:b5:ab:4a:56:c6:c3:21:
                    a1:61:c8:3e:49:38:57:e9:f9:d5:33:48:6b:10:17:
                    db:5f:a1:ed:b0:50:3e:28:69:a5:a9:72:56:55:87:
                    50:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:82:F4:F2:65:76:F4:80:6C:6F:8D:56:98:27:E2:C0:3B:04:72:74
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f70919ec-f6ef-4ba5-a2b7-c04c9a2fc45e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:4070::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:e0:b7:34:12:9c:88:69:54:af:d2:0c:64:4c:31:6e:3e:52:
         09:b2:1a:3d:3d:8e:c6:2f:e7:72:f0:c7:d6:af:1e:8e:9f:4f:
         39:b4:92:d7:d6:08:a0:01:2b:fe:8a:e2:ab:fe:bd:16:3e:b4:
         a2:25:c8:81:80:f5:45:a5:b1:d8:8d:5d:08:d9:cc:c0:16:57:
         c7:6c:aa:56:fd:ea:ae:57:55:62:54:f6:4f:a0:37:0a:a8:d8:
         a0:33:bb:96:58:dc:b6:b8:16:e3:ac:97:9b:dd:9d:be:df:f3:
         26:03:1f:38:fa:43:fa:51:ad:ea:94:9b:24:54:df:0a:4d:c0:
         7e:03:e0:04:20:d2:97:57:f3:13:92:20:cf:ee:36:ef:80:0d:
         28:72:e9:8e:29:f7:08:fa:0e:2e:29:21:3d:ac:ce:0a:11:dc:
         49:ed:cb:dc:d0:8b:6e:b3:33:a3:1f:f5:ae:68:1a:a9:63:ed:
         6b:c7:6f:37:f5:4a:86:de:6b:f4:45:2a:11:c0:66:2a:7b:3f:
         35:08:41:70:22:e4:c8:5e:ec:76:74:94:6b:0b:06:cd:f2:45:
         3b:18:98:33:9b:1c:9e:91:97:e3:18:05:f3:99:81:f5:f0:35:
         5e:f4:d7:cf:5f:72:d1:53:89:26:7d:3f:6c:8e:f0:ae:f8:fd:
         0f:40:8a:ae
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIURJmits6xl1++112r3A4L6iBl5sUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEyMDU1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDRiY2MwMTY2YzQ1Y2NmZTdkZjhiNGMxYjU2Zjg1ZWRk
YTAwYzQyOGNkNTlhYzA5ZmYxZDhjMWNmNzcyNWRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQTMPsnJf6c7pyxkbzhnCohMJ5Dle5jJdTJAygLjii5ZFO
jGYeFqmGnXeOPYmxGPKbfO0kV7gehh4foxnNDfCWjJyf6dRoipqHOUCU5fwSjzvU
VYQNB7Y8pyIkavtQ+6KZILTURsFUXRmFmacf5WfwM0Mw3EfPR354O4YJv7JI2cig
H0A+U96fsTd+OB0kegc+6IsTfwTT5CjIE2cZ1+3s6Lihl2x9elsbfU1dyDU1NlcC
tSJfVEBkRFbvMyVIau6iQF+JwqFxQVtmLy0bWr9CjUqYuqyf9/z8tatKVsbDIaFh
yD5JOFfp+dUzSGsQF9tfoe2wUD4oaaWpclZVh1DhAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUhoL08mV29IBsb41WmCfiwDsEcnQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y3MDkxOWVjLWY2ZWYtNGJhNS1hMmI3LWMwNGM5YTJmYzQ1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AQHAwDQYJKoZIhvcNAQELBQADggEBAMbgtzQSnIhpVK/SDGRMMW4+
UgmyGj09jsYv53Lwx9avHo6fTzm0ktfWCKABK/6K4qv+vRY+tKIlyIGA9UWlsdiN
XQjZzMAWV8dsqlb96q5XVWJU9k+gNwqo2KAzu5ZY3La4FuOsl5vdnb7f8yYDHzj6
Q/pRreqUmyRU3wpNwH4D4AQg0pdX8xOSIM/uNu+ADShy6Y4p9wj6Di4pIT2szgoR
3Enty9zQi26zM6Mf9a5oGqlj7WvHbzf1Sobea/RFKhHAZip7PzUIQXAi5Mhe7HZ0
lGsLBs3yRTsYmDObHJ6Rl+MYBfOZgfXwNV70189fctFTiSZ9P2yO8K74/Q9Aiq4=
-----END CERTIFICATE-----