Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa
File:                     6e9ea69d-4b33-4a85-894c-5620e610e709.roa (raw, json)
Hash identifier:          KXIa/GDagIhshVV13jMhGqkajLZiVBqT4DUNgDygXgA=
Subject key identifier:   86:5B:89:00:2C:8B:88:8F:A8:F7:8C:F7:E9:8D:FC:C1:42:26:52:2D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       773E7A6CA1A96FC6DF8B60B698209F8F42A6266B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa
Signing time:             Wed 22 Oct 2025 00:00:51 +0000
ROA not before:           Wed 22 Oct 2025 00:00:51 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:85e8::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:3e:7a:6c:a1:a9:6f:c6:df:8b:60:b6:98:20:9f:8f:42:a6:26:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:00:51 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=15ffec6a1a0358bbca92d120084224770f176f6036fb96ee30eb32fdce6183e4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f0:aa:91:03:b7:94:07:9f:f2:f0:1c:9e:f1:
                    5e:a2:4d:a4:09:5d:88:86:71:ff:b6:63:fa:af:be:
                    6d:54:a7:94:6f:d6:36:3a:f6:8d:ef:b4:bb:72:06:
                    c0:ba:f0:7f:88:13:5c:af:b8:de:92:16:b3:47:75:
                    75:b7:66:1d:25:4a:be:fa:96:00:d6:50:fe:92:6e:
                    fe:4d:97:ef:28:79:40:75:80:4d:16:ba:69:d4:3b:
                    0a:57:46:4c:bf:3c:e7:d9:e4:ba:69:e7:5d:21:28:
                    1f:07:16:f4:58:3a:88:0d:84:b9:79:c5:57:d7:c9:
                    13:4a:5c:b8:d1:d2:38:d5:47:ab:e6:55:99:78:23:
                    b0:98:3c:73:41:c2:61:17:d1:7d:a6:f0:66:d8:50:
                    4a:a4:e2:dd:9f:e7:36:58:7e:24:74:ad:3e:45:49:
                    0b:12:31:ac:c7:7d:81:b2:fd:3b:d7:d4:20:40:4d:
                    29:19:0f:8c:86:ee:13:8d:7e:64:78:b0:10:f5:61:
                    2a:8c:37:e3:01:d9:a9:50:19:c2:5f:b1:f7:13:46:
                    1d:0d:d3:e7:9d:13:b0:9c:45:db:71:42:01:ac:36:
                    0a:25:a6:ae:a1:3b:97:b5:f3:b7:9a:ed:de:b9:9a:
                    c0:5d:81:36:d6:63:08:02:f6:36:a2:47:ff:61:89:
                    ae:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:5B:89:00:2C:8B:88:8F:A8:F7:8C:F7:E9:8D:FC:C1:42:26:52:2D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e9ea69d-4b33-4a85-894c-5620e610e709.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:85e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         d9:43:a0:41:da:7e:6d:30:c8:ee:c9:ba:3c:0e:7d:a0:74:15:
         53:5f:f0:5c:21:42:de:ab:d1:a6:0e:b6:d9:e7:1c:d5:ae:f4:
         b9:2d:07:82:1c:86:60:ef:b6:d3:e7:8c:29:fa:a6:d0:90:73:
         66:17:eb:ad:c4:00:cc:b8:51:7e:dc:db:e6:77:4e:6b:c5:50:
         9a:a2:48:0f:46:29:c3:86:fa:7b:79:53:c0:9b:a4:52:93:c0:
         fa:78:e6:e6:d5:71:c5:b8:aa:28:fb:ae:d8:c5:bf:84:8e:30:
         7d:ac:a6:c1:3a:04:bf:b6:f0:a4:66:db:c4:54:89:61:7c:62:
         9b:f1:5c:2d:0a:2f:e3:ba:aa:ba:29:c3:54:6e:5c:57:87:7d:
         db:cd:69:8e:02:33:d8:fd:02:98:24:42:9a:81:ec:16:49:2a:
         84:d7:e8:74:6f:44:de:d7:41:8f:36:2d:ba:0d:9c:ee:d6:59:
         14:b2:8f:d8:78:43:b3:45:29:d6:b4:56:9d:bc:2c:c3:f2:bb:
         c1:c6:b1:2d:f9:13:3d:44:2a:aa:1e:17:ff:98:97:24:8c:ae:
         7d:eb:48:34:5a:47:d7:3a:cf:01:98:cc:57:13:fb:c0:26:11:
         dd:a2:73:3d:b2:47:37:6d:88:ee:54:ea:cf:44:c2:45:6f:7f:
         c2:99:2d:a9
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUdz56bKGpb8bfi2C2mCCfj0KmJmswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMDUxWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNWZmZWM2YTFhMDM1OGJiY2E5MmQxMjAwODQyMjQ3NzBm
MTc2ZjYwMzZmYjk2ZWUzMGViMzJmZGNlNjE4M2U0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe8KqRA7eUB5/y8Bye8V6iTaQJXYiGcf+2Y/qvvm1Up5Rv
1jY69o3vtLtyBsC68H+IE1yvuN6SFrNHdXW3Zh0lSr76lgDWUP6Sbv5Nl+8oeUB1
gE0WumnUOwpXRky/POfZ5Lpp510hKB8HFvRYOogNhLl5xVfXyRNKXLjR0jjVR6vm
VZl4I7CYPHNBwmEX0X2m8GbYUEqk4t2f5zZYfiR0rT5FSQsSMazHfYGy/TvX1CBA
TSkZD4yG7hONfmR4sBD1YSqMN+MB2alQGcJfsfcTRh0N0+edE7CcRdtxQgGsNgol
pq6hO5e187ea7d65msBdgTbWYwgC9jaiR/9hia5xAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUhluJACyLiI+o94z36Y38wUImUi0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlOWVhNjlkLTRiMzMtNGE4NS04OTRjLTU2MjBlNjEwZTcwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9hegwDQYJKoZIhvcNAQELBQADggEBANlDoEHafm0wyO7JujwOfaB0
FVNf8FwhQt6r0aYOttnnHNWu9LktB4IchmDvttPnjCn6ptCQc2YX663EAMy4UX7c
2+Z3TmvFUJqiSA9GKcOG+nt5U8CbpFKTwPp45ubVccW4qij7rtjFv4SOMH2spsE6
BL+28KRm28RUiWF8YpvxXC0KL+O6qropw1RuXFeHfdvNaY4CM9j9ApgkQpqB7BZJ
KoTX6HRvRN7XQY82LboNnO7WWRSyj9h4Q7NFKda0Vp28LMPyu8HGsS35Ez1EKqoe
F/+YlySMrn3rSDRaR9c6zwGYzFcT+8AmEd2icz2yRzdtiO5U6s9EwkVvf8KZLak=
-----END CERTIFICATE-----