Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9275dae5-5753-4531-b3f4-71757dd2b784.roa
File:                     9275dae5-5753-4531-b3f4-71757dd2b784.roa (raw, json)
Hash identifier:          SZr3McxLePvbUd6eNAMuV167OjwBsr6Yd21QxiW8tvA=
Subject key identifier:   89:56:D7:14:0B:63:57:E2:54:B0:9B:E7:0C:50:E5:C3:88:53:39:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2D543AEA3FFC632B83E9D75617F0A8A08AD0D4B5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9275dae5-5753-4531-b3f4-71757dd2b784.roa
Signing time:             Fri 31 Oct 2025 00:20:48 +0000
ROA not before:           Fri 31 Oct 2025 00:20:48 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:ec00::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:54:3a:ea:3f:fc:63:2b:83:e9:d7:56:17:f0:a8:a0:8a:d0:d4:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:20:48 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=c3ea9417cae601b7b032090ccb8bba43289aa4a549295e94638089783d89aa95, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b5:7c:d5:be:9b:32:71:12:02:bc:2c:e9:44:
                    4e:91:b4:66:5b:33:11:e1:14:1d:8d:25:92:bc:18:
                    00:34:dc:94:b4:33:5a:41:64:c4:bb:57:08:5f:53:
                    54:ae:d7:c3:44:49:63:66:72:61:69:bd:64:07:27:
                    de:33:ac:5c:fa:9b:03:4b:25:e7:b3:bf:65:db:32:
                    da:20:9d:4f:83:a6:30:65:8d:a5:6b:48:65:0e:2b:
                    8b:80:27:a9:cc:31:4a:87:a7:f9:04:fe:96:33:35:
                    14:7a:ee:a6:ad:24:bb:3a:b6:ea:17:8f:81:0d:f5:
                    85:39:d3:82:c0:07:90:53:b9:8a:97:63:fe:36:86:
                    f1:c3:7d:36:34:0f:48:2f:d8:26:0c:b4:51:9b:43:
                    c3:62:d5:13:88:5b:ec:fd:16:c2:a5:67:58:cb:a3:
                    4c:73:57:70:09:90:bc:bc:07:1c:bd:f4:fe:e3:ac:
                    6f:ac:7f:db:8a:cd:2d:35:04:d5:48:32:3d:f1:7a:
                    5a:2c:21:b4:fb:31:62:80:c3:38:3f:cb:94:76:c6:
                    6d:a0:26:84:3a:70:a8:c1:c4:05:39:85:a9:10:00:
                    af:a5:e7:2d:1b:a9:32:91:28:57:da:d7:aa:75:94:
                    15:5e:c5:30:bd:5f:f2:27:11:0f:e6:9b:13:fd:ff:
                    5b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:56:D7:14:0B:63:57:E2:54:B0:9B:E7:0C:50:E5:C3:88:53:39:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9275dae5-5753-4531-b3f4-71757dd2b784.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:ec00::/40

    Signature Algorithm: sha256WithRSAEncryption
         40:41:d7:c9:6d:69:a7:b6:78:c9:7b:ae:81:cb:cb:d2:2a:25:
         cb:06:d3:ca:04:3f:1d:df:c7:1a:8e:7f:32:88:02:57:e3:24:
         8d:39:39:91:85:fc:32:79:54:7d:a5:48:89:58:3c:3b:27:72:
         a9:e5:34:1e:8b:c4:4a:07:7c:dd:fa:27:4f:43:af:8d:6a:87:
         c9:c0:78:e4:b8:b6:22:f0:fb:6c:f0:cd:d2:e0:88:02:4f:35:
         ec:ed:6e:0e:86:d1:aa:ca:8b:ee:73:02:ca:e8:91:9f:42:78:
         3c:d6:10:87:7c:13:1e:a8:c7:ce:dc:88:bd:28:13:e3:89:1e:
         97:ed:fa:fd:a1:1b:b6:fe:79:d0:de:fe:17:6a:3a:f5:48:30:
         26:fb:f4:db:f7:4f:ae:74:26:58:1b:2d:1a:4a:9d:9f:f1:cb:
         26:51:1d:e9:17:ac:69:38:6f:ed:e1:63:63:98:e7:a2:4b:f8:
         99:27:00:b3:fa:d7:35:45:8d:66:60:47:e3:a7:09:54:7d:a8:
         62:6b:f2:68:10:bf:14:6a:11:2a:80:ac:a3:4b:af:f1:a9:b8:
         19:65:0f:d3:7f:82:8c:8c:57:d5:37:c7:02:39:2f:3c:e8:4b:
         e6:fe:ca:e7:b9:90:a1:29:b4:71:52:b5:c6:10:80:27:43:07:
         49:2c:77:23
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIULVQ66j/8YyuD6ddWF/CooIrQ1LUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAyMDQ4WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjM2VhOTQxN2NhZTYwMWI3YjAzMjA5MGNjYjhiYmE0MzI4
OWFhNGE1NDkyOTVlOTQ2MzgwODk3ODNkODlhYTk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLtXzVvpsycRICvCzpRE6RtGZbMxHhFB2NJZK8GAA03JS0
M1pBZMS7VwhfU1Su18NESWNmcmFpvWQHJ94zrFz6mwNLJeezv2XbMtognU+DpjBl
jaVrSGUOK4uAJ6nMMUqHp/kE/pYzNRR67qatJLs6tuoXj4EN9YU504LAB5BTuYqX
Y/42hvHDfTY0D0gv2CYMtFGbQ8Ni1ROIW+z9FsKlZ1jLo0xzV3AJkLy8Bxy99P7j
rG+sf9uKzS01BNVIMj3xelosIbT7MWKAwzg/y5R2xm2gJoQ6cKjBxAU5hakQAK+l
5y0bqTKRKFfa16p1lBVexTC9X/InEQ/mmxP9/1v7AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUiVbXFAtjV+JUsJvnDFDlw4hTOU8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkyNzVkYWU1LTU3NTMtNDUzMS1iM2Y0LTcxNzU3ZGQyYjc4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/x7DANBgkqhkiG9w0BAQsFAAOCAQEAQEHXyW1pp7Z4yXuugcvL0iol
ywbTygQ/Hd/HGo5/MogCV+MkjTk5kYX8MnlUfaVIiVg8OydyqeU0HovESgd83fon
T0OvjWqHycB45Li2IvD7bPDN0uCIAk817O1uDobRqsqL7nMCyuiRn0J4PNYQh3wT
HqjHztyIvSgT44kel+36/aEbtv550N7+F2o69UgwJvv02/dPrnQmWBstGkqdn/HL
JlEd6ResaThv7eFjY5jnokv4mScAs/rXNUWNZmBH46cJVH2oYmvyaBC/FGoRKoCs
o0uv8am4GWUP03+CjIxX1TfHAjkvPOhL5v7K57mQoSm0cVK1xhCAJ0MHSSx3Iw==
-----END CERTIFICATE-----