Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/595cf9d8-cab3-4f63-83fa-aba430c3eaf5.roa
File:                     595cf9d8-cab3-4f63-83fa-aba430c3eaf5.roa (raw, json)
Hash identifier:          uQPOftqimxL1ThD41siMwyvf2BCpV/oHRZOibZRVOpE=
Subject key identifier:   29:F7:90:B3:82:71:4F:47:B2:7F:88:33:A2:41:5A:E8:67:05:6B:48
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6C773DBD405FD7A4197C222EFAFF527295E1751E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/595cf9d8-cab3-4f63-83fa-aba430c3eaf5.roa
Signing time:             Sat 01 Nov 2025 00:20:53 +0000
ROA not before:           Sat 01 Nov 2025 00:20:53 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fb9:e000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:77:3d:bd:40:5f:d7:a4:19:7c:22:2e:fa:ff:52:72:95:e1:75:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:20:53 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=507ab926cf4e64e745927f86d3ed3d599f9e1ad1596e721109a3b59b50e28337, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:7d:7c:81:26:0e:35:8b:54:37:df:33:b8:90:
                    42:9d:7f:ed:5f:c1:bd:a0:8d:be:6d:ca:0e:1e:e6:
                    de:7d:5d:cd:43:07:f8:69:6f:8f:4c:10:13:85:a6:
                    2e:b0:17:2a:45:27:dc:11:9c:95:14:08:57:73:e8:
                    85:5b:4e:e4:1d:0e:89:bd:fa:47:b0:61:62:15:4b:
                    e3:6c:e2:7b:f7:55:5d:dd:63:cd:34:06:c2:bc:0d:
                    f1:7e:9f:16:bc:b5:39:4d:d4:47:ba:97:be:21:d3:
                    86:79:5d:8a:92:f4:a2:a9:94:84:a0:04:2b:d5:55:
                    f8:10:73:51:9f:c3:77:4a:84:78:b1:0a:2a:96:d3:
                    ad:4b:75:e5:0f:85:c7:ea:f1:73:ef:5a:a6:36:7c:
                    01:93:87:0d:37:93:d7:dc:20:3e:d2:98:03:b0:74:
                    da:7d:d7:6d:8c:94:e2:28:91:74:14:cd:df:c1:2e:
                    06:52:7d:3f:9a:1f:72:0b:84:c5:0c:21:f7:72:70:
                    56:d0:22:0f:a0:7d:fc:c8:96:48:2f:89:a4:f5:0e:
                    67:77:e6:1b:49:4b:97:3f:7d:62:80:e9:39:bd:09:
                    e2:40:38:10:99:21:6c:48:d9:df:1b:54:15:8d:3a:
                    26:88:85:d6:95:2a:25:0b:64:8a:49:44:f4:c8:f9:
                    e9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F7:90:B3:82:71:4F:47:B2:7F:88:33:A2:41:5A:E8:67:05:6B:48
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/595cf9d8-cab3-4f63-83fa-aba430c3eaf5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb9:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         38:e5:7d:01:eb:40:5c:8a:9e:72:c0:48:24:9b:d5:b5:8c:fb:
         2d:8a:f6:79:f8:53:d3:f0:fa:e8:f5:ef:35:00:9d:0c:35:9b:
         c7:65:6e:0e:65:d1:18:5d:dc:b6:3c:82:02:66:6f:19:69:06:
         6c:1f:88:46:53:ba:c5:87:a6:fe:76:4f:e6:2f:73:4f:05:4b:
         e2:4b:ff:f4:bf:33:c2:7c:29:4d:55:54:2d:c2:05:0b:ed:01:
         8e:ca:61:69:85:96:ce:57:1a:5d:a1:6b:90:b2:1f:cb:2d:07:
         f8:95:35:40:da:62:c4:e0:45:ca:c0:37:15:f6:d0:85:d4:ab:
         b9:38:b9:4b:2b:2a:f1:6b:d9:83:85:b7:0d:04:bb:06:14:aa:
         22:9e:5a:67:23:5f:c9:4f:62:6c:bc:0f:9a:9a:04:40:17:fa:
         f6:3e:24:a7:ed:1e:ba:7a:e1:10:e1:62:ff:1d:84:8b:a1:0a:
         bf:23:01:3b:ea:bd:2a:87:35:44:70:1b:09:03:41:da:5e:45:
         c6:74:0a:39:27:09:59:f3:98:d4:0e:ed:97:e4:ee:f4:4a:65:
         1c:8d:c7:12:c2:63:e4:70:f3:5c:ad:d7:cc:40:31:a1:e6:57:
         85:51:d6:4b:b7:25:4b:c0:90:9f:2b:d8:7f:99:51:e0:99:f2:
         3c:c3:b5:e2
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUbHc9vUBf16QZfCIu+v9ScpXhdR4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAyMDUzWhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDdhYjkyNmNmNGU2NGU3NDU5MjdmODZkM2VkM2Q1OTlm
OWUxYWQxNTk2ZTcyMTEwOWEzYjU5YjUwZTI4MzM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkfXyBJg41i1Q33zO4kEKdf+1fwb2gjb5tyg4e5t59Xc1D
B/hpb49MEBOFpi6wFypFJ9wRnJUUCFdz6IVbTuQdDom9+kewYWIVS+Ns4nv3VV3d
Y800BsK8DfF+nxa8tTlN1Ee6l74h04Z5XYqS9KKplISgBCvVVfgQc1Gfw3dKhHix
CiqW061LdeUPhcfq8XPvWqY2fAGThw03k9fcID7SmAOwdNp9122MlOIokXQUzd/B
LgZSfT+aH3ILhMUMIfdycFbQIg+gffzIlkgviaT1Dmd35htJS5c/fWKA6Tm9CeJA
OBCZIWxI2d8bVBWNOiaIhdaVKiULZIpJRPTI+elrAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUKfeQs4JxT0eyf4gzokFa6GcFa0gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5NWNmOWQ4LWNhYjMtNGY2My04M2ZhLWFiYTQzMGMzZWFmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+54DANBgkqhkiG9w0BAQsFAAOCAQEAOOV9AetAXIqecsBIJJvVtYz7
LYr2efhT0/D66PXvNQCdDDWbx2VuDmXRGF3ctjyCAmZvGWkGbB+IRlO6xYem/nZP
5i9zTwVL4kv/9L8zwnwpTVVULcIFC+0BjsphaYWWzlcaXaFrkLIfyy0H+JU1QNpi
xOBFysA3FfbQhdSruTi5Sysq8WvZg4W3DQS7BhSqIp5aZyNfyU9ibLwPmpoEQBf6
9j4kp+0eunrhEOFi/x2Ei6EKvyMBO+q9Koc1RHAbCQNB2l5FxnQKOScJWfOY1A7t
l+Tu9EplHI3HEsJj5HDzXK3XzEAxoeZXhVHWS7clS8CQnyvYf5lR4JnyPMO14g==
-----END CERTIFICATE-----