Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4130699-dfb5-4db7-81a6-b209888061e9.roa
File:                     a4130699-dfb5-4db7-81a6-b209888061e9.roa (raw, json)
Hash identifier:          plzVkvpcl2780NGeG6ByynfSHbhICZwWPIuKm/SVMxY=
Subject key identifier:   01:22:A4:E8:2D:46:1D:17:E8:27:8F:C3:48:90:A2:BA:18:A8:F8:B9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       355BBDCD607978BF13EC88DC4BC7B844206511FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4130699-dfb5-4db7-81a6-b209888061e9.roa
Signing time:             Sat 01 Nov 2025 00:50:11 +0000
ROA not before:           Sat 01 Nov 2025 00:50:11 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fb9:2000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:5b:bd:cd:60:79:78:bf:13:ec:88:dc:4b:c7:b8:44:20:65:11:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:50:11 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=ae5977b1ac12378f7ba7bea4e5992a9414e9cdbb81a02e5626fd2faf18c67804, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e1:11:a3:13:da:5d:22:70:4e:9f:58:7f:61:
                    e2:ec:d4:c9:04:8c:e8:73:6d:e9:54:a9:10:ae:8b:
                    5e:3f:57:04:c8:95:f0:55:c4:69:4e:ab:64:19:6b:
                    bb:25:ec:a6:7f:a0:d7:af:00:31:c2:29:04:98:8e:
                    14:cd:75:7a:dc:31:d0:25:96:94:dd:3f:5a:f2:ae:
                    78:89:48:26:7e:8f:26:dc:f1:1c:48:93:e5:8e:d1:
                    82:63:c4:1c:a7:26:0b:43:4e:ac:9f:d5:02:0b:1c:
                    7a:84:98:f0:52:c7:fd:3c:d3:84:75:6c:eb:58:73:
                    20:4a:7a:4a:7b:84:58:41:30:66:30:55:77:c2:3c:
                    80:54:10:fd:74:19:6e:14:14:9f:fa:a3:e3:e4:e8:
                    26:74:68:c0:17:08:55:72:66:10:7b:7b:9f:ca:b3:
                    a5:6c:16:ce:a3:05:2b:6e:a2:4a:96:1d:01:2d:32:
                    c6:67:b5:c1:d5:72:9f:3f:90:e7:93:e8:0c:b7:47:
                    b1:03:de:34:1f:45:92:e8:03:21:05:b6:63:21:77:
                    88:fc:cb:1c:cd:93:b8:83:05:50:e4:22:aa:6d:a5:
                    48:46:05:87:94:55:0a:7e:d9:bf:80:14:c9:2a:a8:
                    2c:0b:78:7c:4e:d4:cc:dd:97:4a:2b:2e:e4:46:c7:
                    e2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:22:A4:E8:2D:46:1D:17:E8:27:8F:C3:48:90:A2:BA:18:A8:F8:B9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4130699-dfb5-4db7-81a6-b209888061e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb9:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         cf:be:f6:85:f0:08:f7:c1:c9:89:6f:51:64:79:f5:25:3d:cc:
         65:7a:91:6e:48:a7:eb:f9:56:60:7a:2e:80:b1:7c:65:fc:60:
         5f:0b:cd:35:65:92:ab:68:41:4d:4d:ac:83:e5:04:4b:7c:0d:
         c5:9d:b9:44:b7:6f:33:5c:e0:f2:62:6e:d3:7d:27:fb:32:86:
         97:ce:13:01:f8:25:94:06:0e:78:17:ea:9b:22:e3:79:fe:ab:
         ec:ad:08:f8:98:e6:fc:29:00:6d:55:52:64:a0:26:0d:b2:a8:
         39:5f:77:c7:7e:8b:28:5d:c0:4b:18:69:59:b5:01:d8:e6:15:
         c8:fe:11:e3:ff:11:55:2b:04:28:a0:6e:b8:fd:34:58:c5:ff:
         70:e3:f2:28:9a:37:31:7b:3b:ca:7e:80:41:2c:4a:84:ad:e2:
         cd:bd:c6:1f:3d:19:10:79:c9:03:4a:69:92:e3:8c:12:b3:ed:
         e3:15:66:82:b1:dc:9a:79:44:5d:f6:2f:4f:27:0c:67:cb:09:
         fc:2f:82:db:9f:e4:ea:16:15:fd:44:af:4b:07:64:fb:a9:ad:
         3b:de:c1:0a:7f:31:a7:a9:4e:f1:20:09:95:30:dc:76:e8:cc:
         31:35:0f:90:a9:29:b7:d4:b1:83:9d:e5:f8:33:6b:a8:93:2a:
         88:9b:1f:ca
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUNVu9zWB5eL8T7IjcS8e4RCBlEfwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDA1MDExWhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTU5NzdiMWFjMTIzNzhmN2JhN2JlYTRlNTk5MmE5NDE0
ZTljZGJiODFhMDJlNTYyNmZkMmZhZjE4YzY3ODA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC64RGjE9pdInBOn1h/YeLs1MkEjOhzbelUqRCui14/VwTI
lfBVxGlOq2QZa7sl7KZ/oNevADHCKQSYjhTNdXrcMdAllpTdP1ryrniJSCZ+jybc
8RxIk+WO0YJjxBynJgtDTqyf1QILHHqEmPBSx/0804R1bOtYcyBKekp7hFhBMGYw
VXfCPIBUEP10GW4UFJ/6o+Pk6CZ0aMAXCFVyZhB7e5/Ks6VsFs6jBStuokqWHQEt
MsZntcHVcp8/kOeT6Ay3R7ED3jQfRZLoAyEFtmMhd4j8yxzNk7iDBVDkIqptpUhG
BYeUVQp+2b+AFMkqqCwLeHxO1Mzdl0orLuRGx+KBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUASKk6C1GHRfoJ4/DSJCiuhio+LkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0MTMwNjk5LWRmYjUtNGRiNy04MWE2LWIyMDk4ODgwNjFlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+5IDANBgkqhkiG9w0BAQsFAAOCAQEAz772hfAI98HJiW9RZHn1JT3M
ZXqRbkin6/lWYHougLF8ZfxgXwvNNWWSq2hBTU2sg+UES3wNxZ25RLdvM1zg8mJu
030n+zKGl84TAfgllAYOeBfqmyLjef6r7K0I+Jjm/CkAbVVSZKAmDbKoOV93x36L
KF3ASxhpWbUB2OYVyP4R4/8RVSsEKKBuuP00WMX/cOPyKJo3MXs7yn6AQSxKhK3i
zb3GHz0ZEHnJA0ppkuOMErPt4xVmgrHcmnlEXfYvTycMZ8sJ/C+C25/k6hYV/USv
Swdk+6mtO97BCn8xp6lO8SAJlTDcdujMMTUPkKkpt9Sxg53l+DNrqJMqiJsfyg==
-----END CERTIFICATE-----