Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02de776-a04d-4a5d-b952-e46865070f9c.roa
File:                     e02de776-a04d-4a5d-b952-e46865070f9c.roa (raw, json)
Hash identifier:          mWD9zbgdAk/iYTek3dKWele0MfzmoF7AIaSOA/dCXP4=
Subject key identifier:   27:84:24:50:C4:60:5C:85:57:F5:E5:D7:9C:C8:4C:D7:C7:4D:10:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C8076B3F7852DD3CDA7D5F78458244D82542866
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02de776-a04d-4a5d-b952-e46865070f9c.roa
Signing time:             Sat 04 Oct 2025 00:42:37 +0000
ROA not before:           Sat 04 Oct 2025 00:42:37 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff3:3480::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:80:76:b3:f7:85:2d:d3:cd:a7:d5:f7:84:58:24:4d:82:54:28:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  4 00:42:37 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=8a1e4c1c4bc781d5c0de090e16be2f4f79e3055f97fc131997993f03221142e1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fa:b9:ba:73:ae:59:66:b0:20:37:11:c6:ee:
                    c2:9d:36:40:74:bb:af:43:95:4a:b8:30:30:7c:2d:
                    25:77:a3:d8:1b:85:a0:7a:2a:73:61:de:de:2b:7c:
                    e4:d3:d6:6e:ea:c0:9b:69:02:75:b5:ea:22:2e:b5:
                    54:41:36:62:c1:b0:81:86:66:d3:0b:05:4c:74:4f:
                    52:3b:d1:4b:de:9a:8c:90:63:23:10:fa:3b:6c:44:
                    d8:f7:2a:15:40:52:c1:68:2c:0a:08:6a:3b:ec:44:
                    3e:c3:04:fb:af:f2:5e:09:ba:c9:8a:66:51:65:7b:
                    4a:45:9f:8e:66:4e:8d:6e:43:fd:59:13:f8:90:71:
                    dd:e4:d9:c6:c8:8c:1f:b7:e5:d7:a6:51:09:3c:ba:
                    82:91:28:7b:1a:3f:33:f5:eb:56:15:cb:61:1b:dd:
                    3a:2d:d3:79:f4:a9:e6:c6:59:94:6b:fa:c8:3e:f7:
                    a7:ae:e9:4a:e7:63:e4:9d:c5:eb:a5:a8:6e:42:ce:
                    48:ae:c2:ba:30:5d:23:cf:aa:f7:4d:5b:aa:30:36:
                    51:3f:f0:3e:49:68:91:ff:65:3e:ec:d2:6b:4d:c5:
                    2f:cc:0d:9e:87:c8:8a:c1:dc:1b:6c:b4:64:f4:22:
                    10:b2:c8:7c:f2:fa:e7:8d:3f:ef:0e:04:99:14:d6:
                    d3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:84:24:50:C4:60:5C:85:57:F5:E5:D7:9C:C8:4C:D7:C7:4D:10:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02de776-a04d-4a5d-b952-e46865070f9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff3:3480::/46

    Signature Algorithm: sha256WithRSAEncryption
         69:7f:0d:16:65:69:73:84:bf:b0:f8:11:eb:09:5a:fd:d2:54:
         28:b0:25:13:c3:48:d0:61:5e:60:34:94:35:bf:a8:8f:8b:ff:
         0e:29:24:2b:6f:33:21:9b:36:1e:76:42:db:93:58:86:23:de:
         79:8b:31:bd:66:38:36:2e:60:b4:d7:28:16:77:5a:43:7c:b4:
         f5:f6:20:9e:58:22:6d:a3:9d:c5:2e:4c:86:7d:cf:9c:79:c6:
         43:eb:19:c6:ab:1f:6d:bc:70:11:1d:65:f7:c1:f9:17:d5:69:
         f1:2e:8c:52:59:eb:1f:42:d5:e0:b0:d7:26:2c:c0:c6:af:a7:
         5a:0d:e9:2a:8a:1c:c4:36:85:f7:79:21:c9:65:1c:f2:b5:87:
         de:a9:df:44:b7:69:07:9b:a8:29:92:a5:e1:57:ea:75:3c:32:
         54:d2:45:b3:2d:4d:1b:bd:3f:1d:5e:74:4d:eb:97:63:6e:4f:
         5e:43:36:b1:2c:d3:86:4f:13:c2:19:a4:14:81:e2:db:c4:1b:
         3f:6f:66:67:35:c4:5e:87:e6:bd:a8:37:c6:d5:ae:05:06:56:
         d9:6b:79:5b:91:b8:9c:2a:7c:3c:a6:cb:7a:b4:3f:8b:89:20:
         72:46:48:85:6d:c8:84:4c:e1:8e:4b:da:56:e0:cf:6c:bb:6c:
         97:99:86:2b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTIB2s/eFLdPNp9X3hFgkTYJUKGYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA0MDA0MjM3WhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTFlNGMxYzRiYzc4MWQ1YzBkZTA5MGUxNmJlMmY0Zjc5
ZTMwNTVmOTdmYzEzMTk5Nzk5M2YwMzIyMTE0MmUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz+rm6c65ZZrAgNxHG7sKdNkB0u69DlUq4MDB8LSV3o9gb
haB6KnNh3t4rfOTT1m7qwJtpAnW16iIutVRBNmLBsIGGZtMLBUx0T1I70UvemoyQ
YyMQ+jtsRNj3KhVAUsFoLAoIajvsRD7DBPuv8l4JusmKZlFle0pFn45mTo1uQ/1Z
E/iQcd3k2cbIjB+35demUQk8uoKRKHsaPzP161YVy2Eb3Tot03n0qebGWZRr+sg+
96eu6UrnY+SdxeulqG5CzkiuwrowXSPPqvdNW6owNlE/8D5JaJH/ZT7s0mtNxS/M
DZ6HyIrB3BtstGT0IhCyyHzy+ueNP+8OBJkU1tM/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJ4QkUMRgXIVX9eXXnMhM18dNEEowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UwMmRlNzc2LWEwNGQtNGE1ZC1iOTUyLWU0Njg2NTA3MGY5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/zNIAwDQYJKoZIhvcNAQELBQADggEBAGl/DRZlaXOEv7D4EesJWv3S
VCiwJRPDSNBhXmA0lDW/qI+L/w4pJCtvMyGbNh52QtuTWIYj3nmLMb1mODYuYLTX
KBZ3WkN8tPX2IJ5YIm2jncUuTIZ9z5x5xkPrGcarH228cBEdZffB+RfVafEujFJZ
6x9C1eCw1yYswMavp1oN6SqKHMQ2hfd5IcllHPK1h96p30S3aQebqCmSpeFX6nU8
MlTSRbMtTRu9Px1edE3rl2NuT15DNrEs04ZPE8IZpBSB4tvEGz9vZmc1xF6H5r2o
N8bVrgUGVtlreVuRuJwqfDymy3q0P4uJIHJGSIVtyIRM4Y5L2lbgz2y7bJeZhis=
-----END CERTIFICATE-----