Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28bd6f98-f067-4fb1-ad83-83c73490e09e.roa
File:                     28bd6f98-f067-4fb1-ad83-83c73490e09e.roa (raw, json)
Hash identifier:          kzkSF6NN+psUedmSa0m2IqERdROZw/AKqoBd3th0h3Y=
Subject key identifier:   2A:FB:8A:9B:26:7D:7C:0B:76:CF:70:DF:73:A1:9F:0D:5C:0F:05:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77BC3B7C76DCD65EB3A0C06A75EEDC821380ECD9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28bd6f98-f067-4fb1-ad83-83c73490e09e.roa
Signing time:             Tue 28 Oct 2025 00:30:43 +0000
ROA not before:           Tue 28 Oct 2025 00:30:43 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffe:1000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:bc:3b:7c:76:dc:d6:5e:b3:a0:c0:6a:75:ee:dc:82:13:80:ec:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:30:43 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=915520d90d7c7de0b29d57ede4c57effac072c3e979a388f6c252e4d3df250bf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b5:c5:08:7e:d7:0b:6b:d7:de:e3:e6:dc:b9:
                    fe:29:5c:9e:fc:c3:4b:d2:75:61:d4:4a:05:60:d8:
                    ee:ea:a5:10:1f:07:af:f0:b2:ef:5b:b2:3d:af:70:
                    3d:04:16:3c:0b:b7:b6:92:82:1d:3c:62:62:f8:55:
                    ce:a2:c6:b1:33:ba:10:01:1c:b2:61:e4:49:7f:1d:
                    c4:bc:0f:6c:cf:67:f6:9d:63:73:36:a5:2d:86:bb:
                    e2:3d:e2:5d:18:84:da:95:26:53:73:cd:80:fc:ec:
                    29:4f:56:e6:4b:10:4e:90:3a:88:65:31:64:79:b6:
                    24:97:68:98:b0:74:59:ef:29:1b:66:c9:ce:4c:e1:
                    b8:8b:48:84:e7:13:ae:c2:17:a0:17:18:de:d1:e3:
                    b3:53:7e:5c:ed:fa:05:e8:eb:0b:c7:4f:5b:55:64:
                    1d:61:a4:56:1b:52:4f:26:05:2e:0f:d2:81:98:a1:
                    3e:96:89:80:78:9b:06:08:63:4d:ff:a3:6a:f1:08:
                    7b:1c:3e:2f:c5:2e:14:d8:9b:77:88:e9:b6:10:38:
                    1a:60:24:11:a5:08:e4:a1:22:6d:46:9b:d3:47:65:
                    4f:d3:a6:05:4f:65:63:ec:c1:eb:8e:0c:89:23:83:
                    41:9f:28:9e:62:44:bb:c2:60:62:03:47:c3:f3:d1:
                    29:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FB:8A:9B:26:7D:7C:0B:76:CF:70:DF:73:A1:9F:0D:5C:0F:05:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28bd6f98-f067-4fb1-ad83-83c73490e09e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffe:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3b:4c:f0:52:89:9e:b2:33:d9:6a:6f:7d:40:31:54:15:a4:0e:
         4c:3b:9b:a7:d7:33:17:e9:7d:63:21:62:05:95:7f:a7:05:02:
         12:86:50:36:c0:11:c9:78:ae:92:b3:f8:fa:9d:5b:10:93:30:
         3e:fb:93:48:a8:b6:77:94:31:ca:fa:55:31:84:a4:35:74:61:
         14:ed:3d:ab:3b:81:1f:35:40:fc:06:35:f0:f0:e1:6a:19:06:
         a1:f4:4f:82:49:83:f7:c5:b7:c6:75:60:d8:45:0e:ee:04:1b:
         44:2b:e1:36:2b:80:72:3f:a0:33:dd:4b:70:bd:65:4b:69:49:
         ed:2b:51:65:a2:32:3f:8e:af:12:76:a2:04:16:7f:15:c4:e4:
         ff:14:5e:10:7a:46:a7:88:fd:47:3c:c4:a2:79:60:8f:d9:4f:
         98:1a:e4:6d:ef:fc:3b:62:2c:c2:97:bb:2b:fa:45:74:72:c6:
         02:56:a9:5b:c8:e3:7b:a2:9a:6d:14:69:2f:d2:6e:47:53:14:
         1a:39:ed:92:67:eb:fb:4a:f3:76:d5:90:dd:85:24:ef:8d:99:
         94:ad:ad:25:ec:e8:56:86:58:fc:70:59:f3:eb:1a:35:49:53:
         63:eb:4a:c9:1a:01:f5:83:9e:c2:a7:02:bb:e7:8b:3c:b6:56:
         4d:b4:e6:ad
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUd7w7fHbc1l6zoMBqde7cghOA7NkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAzMDQzWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTU1MjBkOTBkN2M3ZGUwYjI5ZDU3ZWRlNGM1N2VmZmFj
MDcyYzNlOTc5YTM4OGY2YzI1MmU0ZDNkZjI1MGJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCztcUIftcLa9fe4+bcuf4pXJ78w0vSdWHUSgVg2O7qpRAf
B6/wsu9bsj2vcD0EFjwLt7aSgh08YmL4Vc6ixrEzuhABHLJh5El/HcS8D2zPZ/ad
Y3M2pS2Gu+I94l0YhNqVJlNzzYD87ClPVuZLEE6QOohlMWR5tiSXaJiwdFnvKRtm
yc5M4biLSITnE67CF6AXGN7R47NTflzt+gXo6wvHT1tVZB1hpFYbUk8mBS4P0oGY
oT6WiYB4mwYIY03/o2rxCHscPi/FLhTYm3eI6bYQOBpgJBGlCOShIm1Gm9NHZU/T
pgVPZWPsweuODIkjg0GfKJ5iRLvCYGIDR8Pz0Sk/AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUKvuKmyZ9fAt2z3Dfc6GfDVwPBYUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4YmQ2Zjk4LWYwNjctNGZiMS1hZDgzLTgzYzczNDkwZTA5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/+EDANBgkqhkiG9w0BAQsFAAOCAQEAO0zwUomesjPZam99QDFUFaQO
TDubp9czF+l9YyFiBZV/pwUCEoZQNsARyXiukrP4+p1bEJMwPvuTSKi2d5QxyvpV
MYSkNXRhFO09qzuBHzVA/AY18PDhahkGofRPgkmD98W3xnVg2EUO7gQbRCvhNiuA
cj+gM91LcL1lS2lJ7StRZaIyP46vEnaiBBZ/FcTk/xReEHpGp4j9RzzEonlgj9lP
mBrkbe/8O2Iswpe7K/pFdHLGAlapW8jje6KabRRpL9JuR1MUGjntkmfr+0rzdtWQ
3YUk742ZlK2tJezoVoZY/HBZ8+saNUlTY+tKyRoB9YOewqcCu+eLPLZWTbTmrQ==
-----END CERTIFICATE-----