Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a240dc64-65f0-461a-ad6a-8c137b9d8aba.roa
File:                     a240dc64-65f0-461a-ad6a-8c137b9d8aba.roa (raw, json)
Hash identifier:          4ddXaPjy2uflmU2XGYSHhBHK33fqyqFuRzlOX5+dcZc=
Subject key identifier:   0D:C1:27:BA:10:61:0B:EF:CF:74:F3:F4:6F:C3:74:37:10:E2:24:24
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A75262BA7BA677F19EFB630C401075B69EA3F7D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a240dc64-65f0-461a-ad6a-8c137b9d8aba.roa
Signing time:             Fri 03 Oct 2025 00:11:17 +0000
ROA not before:           Fri 03 Oct 2025 00:11:17 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:8188::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:75:26:2b:a7:ba:67:7f:19:ef:b6:30:c4:01:07:5b:69:ea:3f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:11:17 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=302e39d156ec3f870aee9ea976090c1f4c7e3107e795418c5b128526363cebac, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5a:5f:39:cf:7c:c1:66:f1:33:6e:f2:83:8b:
                    be:71:d3:51:a2:64:10:f9:c8:9d:bb:80:a6:db:2a:
                    e4:83:03:62:7a:8c:43:6d:00:de:21:85:55:4d:82:
                    90:9b:5c:32:4a:5c:96:b4:5d:5d:4c:ab:bf:e9:56:
                    bb:20:66:8b:f2:7b:b1:1d:f9:a6:e5:02:74:2b:a5:
                    68:c5:59:88:ff:20:7a:8e:38:72:6f:3c:fe:b5:56:
                    74:8a:47:24:ee:73:91:e1:86:70:12:ea:db:19:bc:
                    40:85:58:ec:db:80:d5:bd:08:87:d1:41:88:b7:53:
                    08:dd:bc:24:a6:07:cc:49:85:17:ea:36:6a:57:7c:
                    85:fd:7f:6e:6a:ef:dc:06:3a:bd:15:70:5e:b2:a9:
                    87:c9:89:6e:45:2d:e2:59:4d:a2:fe:64:5b:e7:9f:
                    24:c8:16:02:46:23:a8:f8:44:05:55:72:be:51:fe:
                    b5:ab:dc:08:b0:32:a9:0a:cf:52:9f:1d:ae:d2:0a:
                    98:cd:3b:d5:b8:2a:b7:c3:a3:9c:0a:58:3e:52:73:
                    2e:af:01:81:7c:b4:1c:17:42:77:8a:82:aa:52:29:
                    34:c2:12:54:0d:a8:5c:b2:5d:41:e9:22:1a:e3:11:
                    5a:6b:14:d7:7f:8a:b1:8a:ed:05:8e:90:9a:4f:6a:
                    13:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C1:27:BA:10:61:0B:EF:CF:74:F3:F4:6F:C3:74:37:10:E2:24:24
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a240dc64-65f0-461a-ad6a-8c137b9d8aba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:8188::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:ce:d5:8c:c5:61:49:a2:53:20:0e:0d:26:73:90:40:62:ba:
         3f:d7:9b:a5:c7:db:bf:55:23:75:91:d1:ea:50:dc:9c:19:fe:
         de:a7:6a:f2:f6:54:92:6c:f2:21:39:e8:f8:bc:90:93:70:14:
         c3:41:b7:1c:f9:f7:90:e1:b7:94:74:00:44:a1:fd:d0:0a:4d:
         ed:5c:db:84:73:1b:0c:7b:88:90:56:df:59:69:7e:c0:46:f7:
         a1:3f:4b:68:18:9e:77:38:6f:e3:65:79:79:94:c6:c6:76:b8:
         1c:a4:0b:85:8e:ac:4f:59:17:ea:a4:c5:2d:4e:77:22:78:fa:
         c0:1b:99:4a:18:19:be:74:b4:bf:be:a7:99:8a:ac:66:64:ae:
         d8:e2:78:c2:f3:de:65:c7:71:cd:6f:d5:3f:51:e9:f8:c0:e3:
         0f:91:06:0b:72:41:56:a7:5d:4b:bd:6a:ea:af:0f:14:72:22:
         fa:6f:b0:71:47:47:7b:d8:cc:4b:23:02:7a:fd:9d:79:a2:dc:
         12:54:05:94:41:21:8f:f6:1a:76:38:94:08:6a:66:f8:ef:24:
         1a:eb:a3:f4:29:27:0d:08:98:b1:58:06:e5:03:13:9b:63:d8:
         e2:54:50:b1:42:91:9d:da:a3:67:8d:92:5f:9e:29:51:7f:19:
         72:38:29:d2
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUanUmK6e6Z38Z77YwxAEHW2nqP30wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAxMTE3WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMDJlMzlkMTU2ZWMzZjg3MGFlZTllYTk3NjA5MGMxZjRj
N2UzMTA3ZTc5NTQxOGM1YjEyODUyNjM2M2NlYmFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5Wl85z3zBZvEzbvKDi75x01GiZBD5yJ27gKbbKuSDA2J6
jENtAN4hhVVNgpCbXDJKXJa0XV1Mq7/pVrsgZovye7Ed+ablAnQrpWjFWYj/IHqO
OHJvPP61VnSKRyTuc5HhhnAS6tsZvECFWOzbgNW9CIfRQYi3UwjdvCSmB8xJhRfq
NmpXfIX9f25q79wGOr0VcF6yqYfJiW5FLeJZTaL+ZFvnnyTIFgJGI6j4RAVVcr5R
/rWr3AiwMqkKz1KfHa7SCpjNO9W4KrfDo5wKWD5Scy6vAYF8tBwXQneKgqpSKTTC
ElQNqFyyXUHpIhrjEVprFNd/irGK7QWOkJpPahNnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUDcEnuhBhC+/PdPP0b8N0NxDiJCQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyNDBkYzY0LTY1ZjAtNDYxYS1hZDZhLThjMTM3YjlkOGFiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gYgwDQYJKoZIhvcNAQELBQADggEBAELO1YzFYUmiUyAODSZzkEBi
uj/Xm6XH279VI3WR0epQ3JwZ/t6navL2VJJs8iE56Pi8kJNwFMNBtxz595Dht5R0
AESh/dAKTe1c24RzGwx7iJBW31lpfsBG96E/S2gYnnc4b+NleXmUxsZ2uBykC4WO
rE9ZF+qkxS1OdyJ4+sAbmUoYGb50tL++p5mKrGZkrtjieMLz3mXHcc1v1T9R6fjA
4w+RBgtyQVanXUu9auqvDxRyIvpvsHFHR3vYzEsjAnr9nXmi3BJUBZRBIY/2GnY4
lAhqZvjvJBrro/QpJw0ImLFYBuUDE5tj2OJUULFCkZ3ao2eNkl+eKVF/GXI4KdI=
-----END CERTIFICATE-----