Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79b3e168-0fa7-4da6-8746-4089ce7254f1.roa
File:                     79b3e168-0fa7-4da6-8746-4089ce7254f1.roa (raw, json)
Hash identifier:          Kf7NPNrf1/vkYLqLhqC0mDgABLYJstxhLJI2w7eRWXc=
Subject key identifier:   55:7D:22:CF:0D:E8:E3:A7:37:22:09:35:69:3A:8E:DC:41:43:10:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       19C6C3C2B8591C5E653B43AB5B067663B51EF1F3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79b3e168-0fa7-4da6-8746-4089ce7254f1.roa
Signing time:             Sat 18 Oct 2025 01:21:23 +0000
ROA not before:           Sat 18 Oct 2025 01:21:23 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f15:400::/38 maxlen: 38
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:c6:c3:c2:b8:59:1c:5e:65:3b:43:ab:5b:06:76:63:b5:1e:f1:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:21:23 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=06f87634869a98127f6824b6d1d3e47791c077703a25bb08ff54f11f02ed0b57, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:98:39:04:65:90:ab:d9:0d:3b:f2:c8:0c:60:
                    10:b1:23:51:ec:10:22:38:c4:a5:cd:f9:79:89:2d:
                    61:2a:3f:17:9a:a6:e9:57:80:0c:f3:84:a9:42:1d:
                    d2:16:7a:8b:8e:89:61:9d:66:82:0e:43:3b:3e:24:
                    88:91:03:5a:65:9c:f2:5b:ff:a9:f9:32:29:7d:c2:
                    22:bd:a5:7d:1c:2d:cd:7c:be:e5:49:d7:5d:34:91:
                    9c:d5:d6:b9:4a:6d:fb:86:81:cb:7d:3b:90:ac:f8:
                    eb:04:83:43:c4:b3:04:b6:85:2f:b9:e7:ca:70:2e:
                    58:c0:db:ef:ca:11:29:04:19:e4:c1:25:8b:1c:94:
                    81:9a:cd:0d:e1:c0:77:13:58:63:f2:d4:59:07:c1:
                    d0:0b:fe:3a:a7:5e:21:65:2b:8b:a9:a2:60:94:32:
                    77:60:94:63:53:4a:04:9f:34:79:20:34:fa:db:70:
                    63:1c:7a:60:aa:0a:a1:8d:c1:09:7f:4d:b5:51:05:
                    15:fe:3a:4d:ee:7a:bd:f1:a3:8a:2a:91:52:74:a0:
                    93:88:f0:5f:69:9f:ea:7b:fa:57:3d:d1:f8:51:58:
                    7c:2f:46:71:5e:bd:da:fc:80:de:50:35:c4:5f:02:
                    9c:44:ea:5b:cc:70:33:72:6c:3b:b6:c2:21:e0:a9:
                    79:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:7D:22:CF:0D:E8:E3:A7:37:22:09:35:69:3A:8E:DC:41:43:10:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79b3e168-0fa7-4da6-8746-4089ce7254f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f15:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         95:61:ea:6f:ba:07:bc:c8:c5:4d:78:a7:81:78:1b:84:74:2b:
         85:ef:08:13:83:52:fb:c8:dc:dd:5d:e1:ce:bc:26:a4:91:82:
         b1:3b:7f:7d:33:6c:f9:bb:b1:cd:c9:62:56:53:2a:a7:94:08:
         9e:8d:01:42:2c:57:91:2c:22:50:56:45:49:4e:ba:0d:95:3f:
         af:45:74:f5:64:df:4d:90:fd:10:43:c3:66:8e:e7:41:1d:50:
         da:e4:a5:6a:d7:82:3d:14:91:1b:ca:51:ad:ef:87:b3:e6:6a:
         b5:1b:70:7b:60:60:9a:5d:59:cf:dd:c1:6c:63:e1:d0:58:79:
         05:50:d2:7d:61:bb:eb:0d:60:52:79:10:ff:64:40:fc:0e:49:
         f8:cd:53:76:b1:6c:7a:a2:dc:82:82:af:38:d5:59:5c:47:11:
         9b:0e:ae:ec:3a:9d:67:ee:fd:7c:be:71:4a:9a:a7:e6:9e:72:
         a4:b9:e3:54:70:a1:98:36:ab:92:3a:e0:02:4e:59:d5:c3:2c:
         00:13:79:c5:fb:51:1b:65:90:ad:53:93:c5:60:bf:e1:03:7c:
         9e:c8:1a:df:0f:cf:2c:54:33:48:ac:6b:a7:e3:8d:97:ca:3b:
         96:43:e5:51:8e:3b:1d:a8:b6:da:dd:7f:34:c7:cc:99:5d:c3:
         9c:d9:ab:69
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGcbDwrhZHF5lO0OrWwZ2Y7Ue8fMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDEyMTIzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNmY4NzYzNDg2OWE5ODEyN2Y2ODI0YjZkMWQzZTQ3Nzkx
YzA3NzcwM2EyNWJiMDhmZjU0ZjExZjAyZWQwYjU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTmDkEZZCr2Q078sgMYBCxI1HsECI4xKXN+XmJLWEqPxea
pulXgAzzhKlCHdIWeouOiWGdZoIOQzs+JIiRA1plnPJb/6n5Mil9wiK9pX0cLc18
vuVJ1100kZzV1rlKbfuGgct9O5Cs+OsEg0PEswS2hS+558pwLljA2+/KESkEGeTB
JYsclIGazQ3hwHcTWGPy1FkHwdAL/jqnXiFlK4upomCUMndglGNTSgSfNHkgNPrb
cGMcemCqCqGNwQl/TbVRBRX+Ok3uer3xo4oqkVJ0oJOI8F9pn+p7+lc90fhRWHwv
RnFevdr8gN5QNcRfApxE6lvMcDNybDu2wiHgqXnzAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUVX0izw3o46c3Igk1aTqO3EFDEDQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc5YjNlMTY4LTBmYTctNGRhNi04NzQ2LTQwODljZTcyNTRmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgImAB8VBDANBgkqhkiG9w0BAQsFAAOCAQEAlWHqb7oHvMjFTXingXgbhHQr
he8IE4NS+8jc3V3hzrwmpJGCsTt/fTNs+buxzcliVlMqp5QIno0BQixXkSwiUFZF
SU66DZU/r0V09WTfTZD9EEPDZo7nQR1Q2uSlateCPRSRG8pRre+Hs+ZqtRtwe2Bg
ml1Zz93BbGPh0Fh5BVDSfWG76w1gUnkQ/2RA/A5J+M1TdrFseqLcgoKvONVZXEcR
mw6u7DqdZ+79fL5xSpqn5p5ypLnjVHChmDarkjrgAk5Z1cMsABN5xftRG2WQrVOT
xWC/4QN8nsga3w/PLFQzSKxrp+ONl8o7lkPlUY47Hai22t1/NMfMmV3DnNmraQ==
-----END CERTIFICATE-----