Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/57b9b652-a6e0-4d50-b4a8-bf9ea2724802.roa
File:                     57b9b652-a6e0-4d50-b4a8-bf9ea2724802.roa (raw, json)
Hash identifier:          XMeffYoj96d4wX3RyLXsy+31nHrNuNja/YBAHLR+rkg=
Subject key identifier:   8F:E2:33:12:3C:3D:D1:26:3B:00:6F:55:49:AC:A9:EF:22:60:00:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DB879B3C03A4879F2808B837FCA038A7A8CC5D8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/57b9b652-a6e0-4d50-b4a8-bf9ea2724802.roa
Signing time:             Sun 26 Oct 2025 00:10:01 +0000
ROA not before:           Sun 26 Oct 2025 00:10:01 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f68:5000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:b8:79:b3:c0:3a:48:79:f2:80:8b:83:7f:ca:03:8a:7a:8c:c5:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:10:01 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=599bd05f1c94f2485cd1a9d9030c0e3bc9d7ebfe8319d3d8ddb64f6b2409ca3a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:79:84:30:84:43:10:66:66:17:c0:bf:26:d0:
                    9d:c4:97:48:b8:a7:ef:a5:d8:72:68:13:95:99:1d:
                    6f:e1:e0:46:40:d0:36:4d:89:c5:2b:30:44:5e:9e:
                    7d:a8:e4:23:73:eb:4c:7c:a5:ed:53:ae:9e:cd:e8:
                    6a:e9:7c:fb:71:f0:9f:ef:00:24:58:de:67:27:20:
                    0c:7d:3d:75:41:5c:e7:d5:b6:0d:4d:c5:03:4c:d7:
                    58:3a:d1:25:7c:5f:0e:ba:11:15:c5:3c:55:7c:72:
                    fb:5f:14:d9:b0:b7:36:3f:c7:01:68:2a:c3:2b:f0:
                    4d:14:35:4a:50:ac:62:82:0f:f5:a0:e1:17:00:bf:
                    bb:99:00:7c:53:67:12:c5:9d:51:82:2d:ed:b8:5d:
                    8e:be:cd:c1:b1:68:5f:39:35:0a:33:61:30:0c:01:
                    2e:da:60:39:38:cd:16:be:31:24:63:4b:ea:2e:d3:
                    83:0f:29:1b:bd:83:bd:7d:5d:32:f4:0b:9e:03:46:
                    ce:19:c4:6a:cb:f2:e0:f1:80:e5:3e:5f:9d:95:69:
                    31:ea:6d:e3:3c:19:41:22:c7:2a:a9:1b:1e:1e:33:
                    8f:25:09:80:f2:2d:17:cd:07:5a:b2:82:e2:80:c5:
                    45:54:1a:b8:8a:04:01:36:28:fe:1a:1d:d2:a8:f9:
                    93:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E2:33:12:3C:3D:D1:26:3B:00:6F:55:49:AC:A9:EF:22:60:00:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/57b9b652-a6e0-4d50-b4a8-bf9ea2724802.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f68:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         d6:87:b2:1f:7e:2d:f1:5b:16:78:35:b8:42:74:25:bf:89:a6:
         c9:e0:09:35:fe:7c:f3:c3:e1:99:28:7f:26:47:c6:d0:8c:f3:
         27:37:05:d8:2f:57:d8:ee:e9:d1:f4:99:d3:ab:70:f9:57:f3:
         9e:27:b9:9b:36:c8:63:08:40:09:47:ab:dc:3e:28:ee:a5:fb:
         7a:90:54:36:74:c3:9e:be:91:5a:54:29:30:0d:f5:b9:9e:11:
         1a:8f:eb:60:06:20:f8:6a:7c:80:22:5a:39:5a:2c:53:0d:ef:
         db:c0:2b:4e:ea:6d:15:9d:63:96:1f:69:2e:50:6b:dc:a4:4f:
         85:87:3f:97:55:3c:a8:02:66:7a:d2:f9:85:9d:75:aa:05:27:
         5a:70:8b:f3:9a:eb:f2:76:7a:e7:7e:ec:e0:07:4f:92:2c:75:
         d4:a5:10:06:13:ef:25:5d:21:ec:ee:43:83:09:36:59:4a:74:
         a3:49:c5:e0:27:c9:64:1a:06:36:1b:64:19:c9:b1:dc:c3:ca:
         e2:53:85:dc:a6:94:9a:a7:04:bb:f2:48:60:25:7e:1b:ab:31:
         94:30:90:b8:14:a8:6a:c8:32:85:b5:40:77:56:51:62:af:e4:
         02:69:19:8f:41:70:30:24:b1:2b:7a:73:66:f2:00:91:82:9f:
         49:59:da:43
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPbh5s8A6SHnygIuDf8oDinqMxdgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAxMDAxWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1OTliZDA1ZjFjOTRmMjQ4NWNkMWE5ZDkwMzBjMGUzYmM5
ZDdlYmZlODMxOWQzZDhkZGI2NGY2YjI0MDljYTNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCseYQwhEMQZmYXwL8m0J3El0i4p++l2HJoE5WZHW/h4EZA
0DZNicUrMERenn2o5CNz60x8pe1Trp7N6GrpfPtx8J/vACRY3mcnIAx9PXVBXOfV
tg1NxQNM11g60SV8Xw66ERXFPFV8cvtfFNmwtzY/xwFoKsMr8E0UNUpQrGKCD/Wg
4RcAv7uZAHxTZxLFnVGCLe24XY6+zcGxaF85NQozYTAMAS7aYDk4zRa+MSRjS+ou
04MPKRu9g719XTL0C54DRs4ZxGrL8uDxgOU+X52VaTHqbeM8GUEixyqpGx4eM48l
CYDyLRfNB1qyguKAxUVUGriKBAE2KP4aHdKo+ZMpAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUj+IzEjw90SY7AG9VSayp7yJgADwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU3YjliNjUyLWE2ZTAtNGQ1MC1iNGE4LWJmOWVhMjcyNDgwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9oUDANBgkqhkiG9w0BAQsFAAOCAQEA1oeyH34t8VsWeDW4QnQlv4mm
yeAJNf5888PhmSh/JkfG0IzzJzcF2C9X2O7p0fSZ06tw+Vfznie5mzbIYwhACUer
3D4o7qX7epBUNnTDnr6RWlQpMA31uZ4RGo/rYAYg+Gp8gCJaOVosUw3v28ArTupt
FZ1jlh9pLlBr3KRPhYc/l1U8qAJmetL5hZ11qgUnWnCL85rr8nZ6537s4AdPkix1
1KUQBhPvJV0h7O5Dgwk2WUp0o0nF4CfJZBoGNhtkGcmx3MPK4lOF3KaUmqcEu/JI
YCV+G6sxlDCQuBSoasgyhbVAd1ZRYq/kAmkZj0FwMCSxK3pzZvIAkYKfSVnaQw==
-----END CERTIFICATE-----