Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434e9526-9e97-40e5-9178-9ac0395ab2f2.roa
File:                     434e9526-9e97-40e5-9178-9ac0395ab2f2.roa (raw, json)
Hash identifier:          ObDhq2wa+JzZtJb1Q/+aoARhBhG4oAcSo1LkE/aniy4=
Subject key identifier:   1B:3D:A8:3E:17:F3:CC:9D:69:13:80:D3:37:1C:40:2C:0A:1D:67:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       19F83F99BD05F3EA054A745EB1FF9F68B80EC824
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434e9526-9e97-40e5-9178-9ac0395ab2f2.roa
Signing time:             Tue 04 Nov 2025 00:10:05 +0000
ROA not before:           Tue 04 Nov 2025 00:10:05 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:5000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:f8:3f:99:bd:05:f3:ea:05:4a:74:5e:b1:ff:9f:68:b8:0e:c8:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:10:05 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=62269f954ee8a7c37c1b6285e12b8dad77139b64251f116bc19c70cb539dd4f9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:04:b8:52:04:7d:6a:41:7a:cd:ae:58:cd:f3:
                    92:ce:ce:eb:6c:bf:1c:47:18:75:1b:76:14:a4:0e:
                    f8:f6:06:23:4f:ea:c2:bc:8d:b2:02:4c:9c:71:8c:
                    48:13:dc:ce:39:ba:b8:e6:62:24:96:46:70:2c:32:
                    62:8e:18:fd:48:29:72:15:d3:ab:4e:ab:68:fd:6f:
                    04:e5:3d:83:70:7c:a1:da:9b:8e:cb:8a:e0:14:70:
                    5d:d0:07:a9:16:71:03:a8:bc:38:49:2c:50:04:9b:
                    c3:3c:85:99:eb:04:8d:9e:16:61:3d:1a:5f:b8:e3:
                    44:d6:f9:c6:54:97:39:6b:91:81:1f:e8:b3:89:ae:
                    08:bb:6f:2c:af:e9:8e:e6:01:5e:da:45:18:cd:ad:
                    e0:09:a4:83:22:37:35:ca:f7:4d:d2:92:76:a0:84:
                    98:29:db:56:8c:67:44:72:b7:ee:7b:56:83:55:30:
                    8a:9e:69:e7:9d:58:d3:38:d2:1c:30:7a:4c:12:e7:
                    54:ff:71:34:ef:4d:a3:11:54:6c:be:36:f1:17:68:
                    c3:57:20:1e:c2:0f:1d:c2:dd:de:7a:fa:d8:c4:01:
                    79:f5:aa:5e:0d:5f:54:06:e3:39:fa:4c:9d:59:18:
                    bd:32:56:38:3b:8a:4a:e9:eb:7b:0c:e7:a6:38:e7:
                    29:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:3D:A8:3E:17:F3:CC:9D:69:13:80:D3:37:1C:40:2C:0A:1D:67:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434e9526-9e97-40e5-9178-9ac0395ab2f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9a:de:1e:25:90:04:c0:59:dd:b3:53:a9:47:27:8b:6b:d2:af:
         37:82:6b:6b:c1:9e:a4:82:cd:e7:6f:16:32:04:35:8b:c2:27:
         16:f6:bd:e7:48:27:07:a5:4e:47:22:c1:ba:d4:03:35:af:e4:
         88:2f:83:09:29:25:85:2a:e4:66:06:81:ee:96:1e:2d:ff:85:
         9b:8d:a6:db:7f:79:9a:fd:5d:ac:88:30:0d:ba:c4:cb:9e:07:
         3c:dd:7d:5c:51:8e:b5:3d:44:be:5c:90:a8:30:19:46:22:70:
         a5:a3:32:2b:e3:f2:3f:9e:dd:bf:b6:c6:d3:4a:a7:10:d1:c5:
         bb:c7:da:94:fa:ea:3d:08:1f:6b:d7:56:7f:7c:dc:20:46:33:
         be:6c:16:f0:1b:33:4d:12:ee:2a:92:2f:c8:82:56:d9:a2:d4:
         01:70:a3:8e:52:f3:84:e0:26:86:2f:b7:a0:ab:d3:19:57:0f:
         84:2d:0d:35:3d:1d:34:49:61:4e:e7:72:ed:ac:fa:f0:32:c1:
         4a:a0:30:35:91:67:c0:d5:e2:ba:65:f4:a1:fc:81:1e:5b:b5:
         bc:f0:f2:5f:b8:0b:b7:d9:27:78:65:53:bb:b0:3d:e5:25:38:
         69:87:75:f4:a9:b6:0a:1b:93:8d:fd:f4:cb:7b:df:13:bd:3e:
         e8:f7:d1:22
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGfg/mb0F8+oFSnResf+faLgOyCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAxMDA1WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjI2OWY5NTRlZThhN2MzN2MxYjYyODVlMTJiOGRhZDc3
MTM5YjY0MjUxZjExNmJjMTljNzBjYjUzOWRkNGY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4BLhSBH1qQXrNrljN85LOzutsvxxHGHUbdhSkDvj2BiNP
6sK8jbICTJxxjEgT3M45urjmYiSWRnAsMmKOGP1IKXIV06tOq2j9bwTlPYNwfKHa
m47LiuAUcF3QB6kWcQOovDhJLFAEm8M8hZnrBI2eFmE9Gl+440TW+cZUlzlrkYEf
6LOJrgi7byyv6Y7mAV7aRRjNreAJpIMiNzXK903SknaghJgp21aMZ0Ryt+57VoNV
MIqeaeedWNM40hwwekwS51T/cTTvTaMRVGy+NvEXaMNXIB7CDx3C3d56+tjEAXn1
ql4NX1QG4zn6TJ1ZGL0yVjg7ikrp63sM56Y45ynLAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUGz2oPhfzzJ1pE4DTNxxALAodZ+0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNGU5NTI2LTllOTctNDBlNS05MTc4LTlhYzAzOTVhYjJmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/2UDANBgkqhkiG9w0BAQsFAAOCAQEAmt4eJZAEwFnds1OpRyeLa9Kv
N4Jra8GepILN528WMgQ1i8InFva950gnB6VORyLButQDNa/kiC+DCSklhSrkZgaB
7pYeLf+Fm42m2395mv1drIgwDbrEy54HPN19XFGOtT1EvlyQqDAZRiJwpaMyK+Py
P57dv7bG00qnENHFu8falPrqPQgfa9dWf3zcIEYzvmwW8BszTRLuKpIvyIJW2aLU
AXCjjlLzhOAmhi+3oKvTGVcPhC0NNT0dNElhTudy7az68DLBSqAwNZFnwNXiumX0
ofyBHlu1vPDyX7gLt9kneGVTu7A95SU4aYd19Km2ChuTjf30y3vfE70+6PfRIg==
-----END CERTIFICATE-----