Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62f09371-735d-42fb-9b57-288b7c3a6758.roa
File:                     62f09371-735d-42fb-9b57-288b7c3a6758.roa (raw, json)
Hash identifier:          uRwNONt1chCzO+viShim+xzopVV4vH7v7D/VPTtn6Mw=
Subject key identifier:   42:77:35:DE:BD:80:8F:79:04:88:9B:DA:23:0E:0D:8B:59:CC:E0:C7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       595006ADFB24B40D4B79B0C26478E4068BF2F287
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62f09371-735d-42fb-9b57-288b7c3a6758.roa
Signing time:             Sun 02 Nov 2025 00:10:08 +0000
ROA not before:           Sun 02 Nov 2025 00:10:08 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:3400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:50:06:ad:fb:24:b4:0d:4b:79:b0:c2:64:78:e4:06:8b:f2:f2:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:10:08 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=e389e353c91cc26e9ddc9e946e7184f92b24d63dd5215c7e4ca1295313943ee8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e6:1a:0b:20:0c:44:c5:68:ce:aa:92:45:ad:
                    50:9f:8a:c1:d8:22:be:fa:fd:ce:79:d6:19:53:4a:
                    96:a8:90:8e:b2:fd:03:57:21:f4:be:4c:fc:15:17:
                    4a:2a:c7:41:d3:3d:d8:14:3c:d8:67:3d:eb:bf:fb:
                    93:94:f6:1e:0a:cf:14:12:42:d9:bc:4f:c3:92:d3:
                    11:af:5d:e4:f7:e3:2e:f1:2d:31:1e:be:cd:8c:1c:
                    b1:3c:2d:fc:f7:41:6e:91:f1:fa:34:a1:8f:64:24:
                    b0:31:07:f8:f6:00:f6:a7:ff:9e:6b:91:9b:9e:68:
                    e5:57:90:99:4a:00:ec:91:97:bf:38:f8:6e:0b:06:
                    b9:69:dc:da:76:5d:6f:f8:db:96:3a:15:10:85:52:
                    c3:d6:a3:c7:c3:ec:39:38:31:e8:ca:d6:2f:79:5c:
                    65:01:e7:5c:1d:20:87:4d:bd:97:a3:3f:9a:ba:b2:
                    3e:70:ea:15:2e:82:1b:6a:d5:c4:0b:18:da:2e:b1:
                    53:a9:f3:5d:f2:b3:21:2c:df:58:fe:26:93:38:e8:
                    4d:14:5a:24:b7:19:94:05:c2:de:09:b4:21:f4:d0:
                    52:ac:be:cb:d6:a4:1a:2b:1f:97:f9:c0:21:c0:b4:
                    c0:8e:b2:ab:a6:24:2e:40:bf:94:b4:88:2e:fe:42:
                    ea:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:77:35:DE:BD:80:8F:79:04:88:9B:DA:23:0E:0D:8B:59:CC:E0:C7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62f09371-735d-42fb-9b57-288b7c3a6758.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         a0:0b:d4:79:0d:90:2c:f6:b2:e8:26:6d:bd:42:f9:75:43:1b:
         4f:16:1a:a3:8e:2c:00:02:ed:81:00:58:ef:f6:81:ba:99:28:
         f2:09:ad:ff:c7:ad:42:ea:03:20:81:62:7f:d5:51:ad:69:ac:
         96:0a:c4:38:0b:b9:13:71:d1:c9:f3:50:cd:d1:e2:ab:0c:b0:
         b0:b3:45:bc:b5:6b:6c:8c:d2:96:ba:de:02:78:6c:23:38:a7:
         c8:14:c5:11:5f:34:7c:28:34:a2:ba:58:e9:2e:3b:de:9c:6a:
         c2:66:87:1e:d2:2c:5f:f4:ca:91:ec:8a:2b:b2:39:6c:cc:00:
         2e:66:f3:41:b9:9c:ad:0f:f7:94:e9:87:bd:a4:0c:bc:7b:6d:
         a7:9c:24:4a:8a:82:02:44:df:53:24:a8:65:8d:83:00:ce:d4:
         0e:ce:d4:c0:f0:b1:ad:31:18:06:3c:1e:d0:2c:c6:5c:fe:83:
         dd:ff:7d:08:59:8e:28:33:82:bd:ad:8d:38:d5:58:a0:0c:43:
         1d:fb:00:c4:3e:67:7c:24:ad:31:4f:dc:49:eb:5b:f7:b5:ae:
         d0:be:0c:fd:b7:47:fe:ec:f2:1d:65:94:01:e2:7f:06:7f:29:
         68:af:81:ff:4c:f7:e2:90:14:81:32:f2:5a:d9:5d:c7:79:d3:
         1b:4b:58:5b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUWVAGrfsktA1LebDCZHjkBovy8ocwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAxMDA4WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzg5ZTM1M2M5MWNjMjZlOWRkYzllOTQ2ZTcxODRmOTJi
MjRkNjNkZDUyMTVjN2U0Y2ExMjk1MzEzOTQzZWU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCo5hoLIAxExWjOqpJFrVCfisHYIr76/c551hlTSpaokI6y
/QNXIfS+TPwVF0oqx0HTPdgUPNhnPeu/+5OU9h4KzxQSQtm8T8OS0xGvXeT34y7x
LTEevs2MHLE8Lfz3QW6R8fo0oY9kJLAxB/j2APan/55rkZueaOVXkJlKAOyRl784
+G4LBrlp3Np2XW/425Y6FRCFUsPWo8fD7Dk4MejK1i95XGUB51wdIIdNvZejP5q6
sj5w6hUughtq1cQLGNousVOp813ysyEs31j+JpM46E0UWiS3GZQFwt4JtCH00FKs
vsvWpBorH5f5wCHAtMCOsqumJC5Av5S0iC7+QurDAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUQnc13r2Aj3kEiJvaIw4Ni1nM4McwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyZjA5MzcxLTczNWQtNDJmYi05YjU3LTI4OGI3YzNhNjc1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gNDANBgkqhkiG9w0BAQsFAAOCAQEAoAvUeQ2QLPay6CZtvUL5dUMb
TxYao44sAALtgQBY7/aBupko8gmt/8etQuoDIIFif9VRrWmslgrEOAu5E3HRyfNQ
zdHiqwywsLNFvLVrbIzSlrreAnhsIzinyBTFEV80fCg0orpY6S473pxqwmaHHtIs
X/TKkeyKK7I5bMwALmbzQbmcrQ/3lOmHvaQMvHttp5wkSoqCAkTfUySoZY2DAM7U
Ds7UwPCxrTEYBjwe0CzGXP6D3f99CFmOKDOCva2NONVYoAxDHfsAxD5nfCStMU/c
Setb97Wu0L4M/bdH/uzyHWWUAeJ/Bn8paK+B/0z34pAUgTLyWtldx3nTG0tYWw==
-----END CERTIFICATE-----