Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc03b0b8-dc48-442a-b40c-185ce689ee9e.roa
File:                     dc03b0b8-dc48-442a-b40c-185ce689ee9e.roa (raw, json)
Hash identifier:          PtUoSQZ6FwR+ZYHkVaRPHK3NTDGt7Qjc94qRu0ottAI=
Subject key identifier:   42:44:1F:2A:36:15:3E:2B:6F:6B:57:8A:2A:8B:4D:D2:AF:00:73:09
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       653C03BC80E8129AADEB17EDCB967A34E7385EBA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc03b0b8-dc48-442a-b40c-185ce689ee9e.roa
Signing time:             Fri 17 Oct 2025 21:10:57 +0000
ROA not before:           Fri 17 Oct 2025 21:10:57 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f38:2000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:3c:03:bc:80:e8:12:9a:ad:eb:17:ed:cb:96:7a:34:e7:38:5e:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 21:10:57 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=270a28f84053a8831fe0afd389308762fc132dd0d57e3bb11a8c3fc6058114ce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:dc:e5:40:ce:22:9e:5e:f4:1e:56:70:d3:94:
                    ca:10:41:2d:43:bc:a4:ce:b1:ff:c3:51:da:00:bb:
                    aa:55:d1:40:6e:60:2a:b6:e0:07:7b:55:9e:5d:45:
                    df:cb:5f:54:64:fc:df:28:92:1b:5b:a9:1a:b0:47:
                    5b:56:dd:fa:b2:d0:7b:9c:38:91:b0:13:7c:a6:05:
                    bc:c6:87:b8:d7:58:70:88:a1:07:ca:54:a0:c4:9b:
                    8a:8d:ba:e1:09:89:e6:cd:1b:e2:b0:b5:fd:00:87:
                    11:eb:6a:57:d4:fb:0d:98:40:ab:0b:6c:61:06:cc:
                    d5:73:9c:df:f0:8f:28:e6:b1:5c:f7:bf:42:9b:9f:
                    d5:d7:e6:cd:c7:10:d4:14:9b:27:6c:4b:9f:1b:2a:
                    77:4d:e6:13:3d:b1:0b:00:f8:a6:27:25:11:2b:7d:
                    37:e7:41:89:e1:94:38:c4:22:4c:20:0d:7d:f3:77:
                    fb:2d:a9:ce:4b:a8:04:47:48:02:0a:26:f6:4a:9e:
                    08:8c:40:d5:8b:da:ef:cd:66:1f:a9:09:2e:f5:55:
                    cd:86:f8:84:22:c0:11:44:50:81:8a:b0:32:27:49:
                    fc:89:a0:4f:47:29:a2:3a:75:03:eb:8e:fe:bb:7f:
                    62:b7:44:14:19:73:23:d8:49:80:6a:00:b1:c0:68:
                    a9:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:44:1F:2A:36:15:3E:2B:6F:6B:57:8A:2A:8B:4D:D2:AF:00:73:09
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc03b0b8-dc48-442a-b40c-185ce689ee9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:4f:38:52:0f:cb:66:3a:8c:60:4b:46:44:45:e3:7d:24:f5:
         7a:0a:c2:8a:d1:64:b0:dd:a7:83:b9:0f:03:3b:be:94:14:4c:
         d2:4c:68:77:98:30:be:73:6d:e5:b7:39:23:a0:d3:01:65:d3:
         05:d1:ce:7c:ee:1d:62:5f:55:9b:66:e7:67:93:60:dd:c6:18:
         58:cb:bf:86:3c:0c:ca:1e:d5:f2:c9:6c:09:e1:82:df:bd:39:
         47:1e:09:ad:d7:1e:93:9c:90:da:da:3d:32:f6:0f:05:79:20:
         ea:28:73:2d:f5:3b:64:db:cc:0e:d1:8e:0b:04:6d:f7:7d:d9:
         8f:a5:24:79:4e:b1:19:22:1e:05:a9:6a:06:52:06:34:33:da:
         94:fb:e5:cd:df:80:c3:5a:ab:bc:0d:89:c9:bc:2c:97:d0:b7:
         47:56:1a:df:c1:84:e1:4c:e0:42:41:48:3c:d6:88:fc:13:0a:
         d9:ad:68:64:e5:f6:50:26:4d:54:6b:ec:44:c9:45:39:a3:62:
         cc:91:49:94:5e:83:12:de:37:e7:7d:26:1d:f3:9c:e3:81:0a:
         c1:49:07:24:61:5f:1d:c8:0d:98:95:18:7b:5e:fb:68:e2:64:
         27:69:02:e9:98:64:34:a0:4e:8c:8d:d7:ba:54:4b:df:7a:4e:
         98:82:09:0f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZTwDvIDoEpqt6xfty5Z6NOc4XrowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjExMDU3WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNzBhMjhmODQwNTNhODgzMWZlMGFmZDM4OTMwODc2MmZj
MTMyZGQwZDU3ZTNiYjExYThjM2ZjNjA1ODExNGNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZ3OVAziKeXvQeVnDTlMoQQS1DvKTOsf/DUdoAu6pV0UBu
YCq24Ad7VZ5dRd/LX1Rk/N8okhtbqRqwR1tW3fqy0HucOJGwE3ymBbzGh7jXWHCI
oQfKVKDEm4qNuuEJiebNG+Kwtf0AhxHralfU+w2YQKsLbGEGzNVznN/wjyjmsVz3
v0Kbn9XX5s3HENQUmydsS58bKndN5hM9sQsA+KYnJRErfTfnQYnhlDjEIkwgDX3z
d/stqc5LqARHSAIKJvZKngiMQNWL2u/NZh+pCS71Vc2G+IQiwBFEUIGKsDInSfyJ
oE9HKaI6dQPrjv67f2K3RBQZcyPYSYBqALHAaKm5AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUQkQfKjYVPitva1eKKotN0q8AcwkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RjMDNiMGI4LWRjNDgtNDQyYS1iNDBjLTE4NWNlNjg5ZWU5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB84IDANBgkqhkiG9w0BAQsFAAOCAQEAHk84Ug/LZjqMYEtGREXjfST1
egrCitFksN2ng7kPAzu+lBRM0kxod5gwvnNt5bc5I6DTAWXTBdHOfO4dYl9Vm2bn
Z5Ng3cYYWMu/hjwMyh7V8slsCeGC3705Rx4Jrdcek5yQ2to9MvYPBXkg6ihzLfU7
ZNvMDtGOCwRt933Zj6UkeU6xGSIeBalqBlIGNDPalPvlzd+Aw1qrvA2Jybwsl9C3
R1Ya38GE4UzgQkFIPNaI/BMK2a1oZOX2UCZNVGvsRMlFOaNizJFJlF6DEt43530m
HfOc44EKwUkHJGFfHcgNmJUYe177aOJkJ2kC6ZhkNKBOjI3XulRL33pOmIIJDw==
-----END CERTIFICATE-----