Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02a87590-1b18-4e21-bef6-533a9b6eb087.roa
File:                     02a87590-1b18-4e21-bef6-533a9b6eb087.roa (raw, json)
Hash identifier:          Ashb1FlJy79rc0RfobPjB76cw8rCPMHFoYfxlJB8D4M=
Subject key identifier:   8A:B8:B6:9E:1C:65:D8:F3:95:0C:8D:40:84:50:3D:04:D7:FC:DD:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       483D9D9814020324A1C4E3E900580A6560DEF4A9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02a87590-1b18-4e21-bef6-533a9b6eb087.roa
Signing time:             Fri 31 Oct 2025 00:30:12 +0000
ROA not before:           Fri 31 Oct 2025 00:30:12 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:3d:9d:98:14:02:03:24:a1:c4:e3:e9:00:58:0a:65:60:de:f4:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:30:12 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=d8dafcb097a5aa7ca3f27adb0391863b0fbfa6b7c4ddbff80db417c7a8fba2eb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a1:40:50:18:e2:8d:53:a6:3d:d4:c2:a8:96:
                    7c:9c:08:3a:f0:65:d0:c8:57:0b:4b:3c:71:f8:f4:
                    94:72:7f:fa:95:78:15:52:c2:29:41:9d:f9:03:10:
                    a7:c1:5a:6a:89:a5:0e:f2:aa:b5:fc:3d:e2:62:e2:
                    a0:ac:7c:09:a0:c8:ac:0a:06:44:2d:b3:57:aa:2f:
                    ab:cd:a1:ba:c4:5f:21:45:ba:2e:a4:14:9d:21:4f:
                    c0:f0:f3:40:51:d2:7e:dd:74:a8:4f:af:64:84:29:
                    aa:78:0f:30:df:b6:db:f9:68:45:b0:85:33:21:bb:
                    8a:5e:fa:d4:fc:dc:cf:99:14:16:fc:ee:04:38:45:
                    e0:a5:24:72:bd:47:f2:78:fc:f7:40:41:ea:83:93:
                    03:e5:27:ce:18:29:12:dd:f0:ff:25:c2:81:a5:92:
                    cd:d0:55:05:7c:20:61:2a:71:f5:19:68:0d:87:ad:
                    33:7a:71:41:07:3c:ee:48:12:c4:1c:af:da:45:b9:
                    f8:ec:7b:0f:8f:33:cc:46:dd:35:b7:5b:2d:fd:2b:
                    9a:75:63:55:f5:f0:bc:f8:ff:ba:50:19:e0:ce:0f:
                    d5:0f:1f:02:8b:d1:e5:80:74:9e:a3:07:f3:20:17:
                    77:5f:5d:a2:37:4a:d1:ff:5f:4a:e5:d1:be:10:17:
                    72:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:B8:B6:9E:1C:65:D8:F3:95:0C:8D:40:84:50:3D:04:D7:FC:DD:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02a87590-1b18-4e21-bef6-533a9b6eb087.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:fc:87:51:91:ec:6b:29:00:98:4f:79:f3:03:4a:21:85:59:
         b7:9f:6a:22:be:54:26:c8:04:94:d0:91:36:54:59:96:e1:92:
         2d:6d:3f:96:bd:6b:87:95:8c:64:2f:3f:00:1b:60:ea:64:8e:
         a4:be:a5:22:ff:90:d0:b0:c9:93:d9:60:1e:05:ac:66:b4:6f:
         7c:7f:9a:b4:8a:90:96:02:1f:12:e6:31:80:a5:bc:c0:d1:eb:
         be:40:f6:2b:34:b1:a8:c3:47:b4:cc:f6:57:b1:b3:43:15:75:
         71:2c:dc:03:3c:0a:55:a7:52:3a:f4:1e:43:00:9d:0a:89:ea:
         1d:94:23:77:aa:96:30:8e:98:3e:46:a0:4e:4d:96:d5:df:a4:
         c8:d8:10:8a:bf:ef:98:09:92:6a:d8:86:b8:a1:cf:16:a1:b8:
         63:26:36:e5:16:88:45:e7:29:6f:c3:98:91:ec:27:b9:c9:c2:
         74:9e:82:18:c6:5d:79:a5:a7:35:84:3f:d1:b9:9d:a7:41:4c:
         37:e5:59:30:8b:0d:d1:2a:4a:b1:c2:0d:13:91:22:71:7c:5e:
         67:39:14:99:78:20:0c:78:3a:59:e8:d0:14:a4:a2:02:e5:81:
         17:39:49:d8:6b:09:89:4d:ea:0c:40:1e:33:b3:d4:42:99:e4:
         7f:09:99:78
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUSD2dmBQCAyShxOPpAFgKZWDe9KkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAzMDEyWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOGRhZmNiMDk3YTVhYTdjYTNmMjdhZGIwMzkxODYzYjBm
YmZhNmI3YzRkZGJmZjgwZGI0MTdjN2E4ZmJhMmViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8oUBQGOKNU6Y91MKolnycCDrwZdDIVwtLPHH49JRyf/qV
eBVSwilBnfkDEKfBWmqJpQ7yqrX8PeJi4qCsfAmgyKwKBkQts1eqL6vNobrEXyFF
ui6kFJ0hT8Dw80BR0n7ddKhPr2SEKap4DzDfttv5aEWwhTMhu4pe+tT83M+ZFBb8
7gQ4ReClJHK9R/J4/PdAQeqDkwPlJ84YKRLd8P8lwoGlks3QVQV8IGEqcfUZaA2H
rTN6cUEHPO5IEsQcr9pFufjsew+PM8xG3TW3Wy39K5p1Y1X18Lz4/7pQGeDOD9UP
HwKL0eWAdJ6jB/MgF3dfXaI3StH/X0rl0b4QF3JnAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUiri2nhxl2POVDI1AhFA9BNf83WcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyYTg3NTkwLTFiMTgtNGUyMS1iZWY2LTUzM2E5YjZlYjA4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB/9MA0GCSqGSIb3DQEBCwUAA4IBAQAB/IdRkexrKQCYT3nzA0ohhVm3
n2oivlQmyASU0JE2VFmW4ZItbT+WvWuHlYxkLz8AG2DqZI6kvqUi/5DQsMmT2WAe
BaxmtG98f5q0ipCWAh8S5jGApbzA0eu+QPYrNLGow0e0zPZXsbNDFXVxLNwDPApV
p1I69B5DAJ0KieodlCN3qpYwjpg+RqBOTZbV36TI2BCKv++YCZJq2Ia4oc8Wobhj
JjblFohF5ylvw5iR7Ce5ycJ0noIYxl15pac1hD/RuZ2nQUw35Vkwiw3RKkqxwg0T
kSJxfF5nORSZeCAMeDpZ6NAUpKIC5YEXOUnYawmJTeoMQB4zs9RCmeR/CZl4
-----END CERTIFICATE-----