Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71937dc4-d3db-41fb-a6f6-d6794fbe1c65.roa
File:                     71937dc4-d3db-41fb-a6f6-d6794fbe1c65.roa (raw, json)
Hash identifier:          Exl/n5h7zHRlbjbacOFrCbUeA3ZRKIVC1t0ojDsaAEo=
Subject key identifier:   DE:58:60:72:16:58:E4:7E:8C:06:7B:03:AB:2F:F0:C0:2E:F0:D1:74
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24692A3E352E5D9147B7070BC95D34994CC70248
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71937dc4-d3db-41fb-a6f6-d6794fbe1c65.roa
Signing time:             Tue 21 Oct 2025 00:10:09 +0000
ROA not before:           Tue 21 Oct 2025 00:10:09 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1a:c000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:69:2a:3e:35:2e:5d:91:47:b7:07:0b:c9:5d:34:99:4c:c7:02:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:10:09 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=7162b1d7444ea4b72ec8fbe27ced7ed0b90a81e2d96c977daf245f172fc67a25, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:95:93:1c:7d:c5:fc:8b:82:08:ea:06:a4:a7:
                    b9:04:50:aa:64:85:3a:e9:52:94:0b:97:07:9c:2a:
                    e4:3e:e0:52:19:62:c0:09:5f:e4:e6:a7:99:bf:81:
                    f3:94:e0:6a:0a:57:19:54:bc:e2:11:24:61:70:68:
                    ad:5f:3e:5d:81:20:51:9a:75:a4:ec:b1:f9:8b:9c:
                    e5:fe:13:fa:3b:17:a6:b7:47:02:77:1d:27:00:a7:
                    ba:e9:3b:01:73:33:38:e0:f3:20:e3:49:24:62:63:
                    79:1d:76:08:7a:3c:de:74:59:8d:bb:a6:e9:8e:0f:
                    0a:f7:08:99:48:cb:11:f9:58:e5:f3:a7:31:28:1f:
                    c5:d8:15:17:b2:4e:56:9d:ac:91:14:2c:9d:94:75:
                    8d:d2:85:e6:0f:d5:f0:d6:83:10:19:b0:d3:bd:f3:
                    99:f3:6d:ed:b9:be:27:dc:b6:fd:36:47:e8:2b:9d:
                    64:bd:af:82:5a:b8:18:9d:81:9a:22:74:a6:25:4f:
                    c3:66:0e:a4:1e:34:1c:67:d1:66:93:fe:9d:83:49:
                    76:c1:c7:26:5c:bd:dc:f3:3c:ab:77:8e:1e:c5:d1:
                    00:8e:38:71:8a:08:05:65:81:b3:17:72:3e:27:ee:
                    30:53:1a:75:3b:0f:72:93:80:f8:35:ac:8e:75:f4:
                    79:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:58:60:72:16:58:E4:7E:8C:06:7B:03:AB:2F:F0:C0:2E:F0:D1:74
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71937dc4-d3db-41fb-a6f6-d6794fbe1c65.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1a:c000::/36

    Signature Algorithm: sha256WithRSAEncryption
         20:75:e2:39:66:b2:af:75:87:b2:d1:ab:fe:11:8e:c5:28:22:
         e0:7d:cf:46:8d:87:50:99:a8:ca:30:ef:78:67:a2:b5:28:f2:
         b5:7b:8d:0d:5d:d2:d2:02:f6:0d:3d:66:de:0b:32:87:a4:e8:
         e0:e4:c3:06:b1:4d:e4:6a:30:4e:bc:db:a8:ec:41:0a:08:7d:
         7a:9c:a7:a1:bb:6e:55:9a:a1:8b:15:1a:5a:81:86:d0:62:33:
         f3:fc:5d:1f:da:3a:88:dd:56:48:52:d9:91:cf:3d:8e:bb:5c:
         9c:79:4a:a2:f5:05:87:a8:62:47:e7:f8:5e:4d:63:9e:1b:53:
         85:fa:2c:26:50:34:c0:75:0f:12:20:56:f5:b4:2d:29:38:04:
         52:fb:f1:75:67:4d:cc:43:8f:f0:73:94:68:b9:cb:51:e1:f6:
         ac:55:0f:fd:a6:4a:75:b3:74:fd:e8:a1:5b:d7:95:41:d1:7e:
         f2:d0:57:c6:be:fb:2c:3b:b4:61:ac:7e:35:fa:f9:40:ee:82:
         5e:c4:02:4f:b5:bf:05:d2:1a:37:85:a3:b1:6b:1c:4c:e2:02:
         ae:1e:78:90:1f:fa:d8:85:27:a3:08:e6:61:60:81:e8:ec:9e:
         77:c6:11:4b:a4:e6:65:a5:7b:cb:4d:8d:e9:98:d7:50:49:c2:
         23:37:b5:c8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJGkqPjUuXZFHtwcLyV00mUzHAkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAxMDA5WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTYyYjFkNzQ0NGVhNGI3MmVjOGZiZTI3Y2VkN2VkMGI5
MGE4MWUyZDk2Yzk3N2RhZjI0NWYxNzJmYzY3YTI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCelZMcfcX8i4II6gakp7kEUKpkhTrpUpQLlwecKuQ+4FIZ
YsAJX+Tmp5m/gfOU4GoKVxlUvOIRJGFwaK1fPl2BIFGadaTssfmLnOX+E/o7F6a3
RwJ3HScAp7rpOwFzMzjg8yDjSSRiY3kddgh6PN50WY27pumODwr3CJlIyxH5WOXz
pzEoH8XYFReyTladrJEULJ2UdY3SheYP1fDWgxAZsNO985nzbe25vifctv02R+gr
nWS9r4JauBidgZoidKYlT8NmDqQeNBxn0WaT/p2DSXbBxyZcvdzzPKt3jh7F0QCO
OHGKCAVlgbMXcj4n7jBTGnU7D3KTgPg1rI519HlhAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU3lhgchZY5H6MBnsDqy/wwC7w0XQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxOTM3ZGM0LWQzZGItNDFmYi1hNmY2LWQ2Nzk0ZmJlMWM2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8awDANBgkqhkiG9w0BAQsFAAOCAQEAIHXiOWayr3WHstGr/hGOxSgi
4H3PRo2HUJmoyjDveGeitSjytXuNDV3S0gL2DT1m3gsyh6To4OTDBrFN5GowTrzb
qOxBCgh9epynobtuVZqhixUaWoGG0GIz8/xdH9o6iN1WSFLZkc89jrtcnHlKovUF
h6hiR+f4Xk1jnhtThfosJlA0wHUPEiBW9bQtKTgEUvvxdWdNzEOP8HOUaLnLUeH2
rFUP/aZKdbN0/eihW9eVQdF+8tBXxr77LDu0Yax+Nfr5QO6CXsQCT7W/BdIaN4Wj
sWscTOICrh54kB/62IUnowjmYWCB6Oyed8YRS6TmZaV7y02N6ZjXUEnCIze1yA==
-----END CERTIFICATE-----