Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3709c02-3b03-40ee-a552-a17b19d43a03.roa
File:                     c3709c02-3b03-40ee-a552-a17b19d43a03.roa (raw, json)
Hash identifier:          gk/9LHiGC+EDCsiwQ5R77rtPOJj2adpi8SYZBdSvFGk=
Subject key identifier:   AD:0A:09:1B:2B:CD:58:83:EF:B3:5C:4B:D2:77:12:47:72:58:7F:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DD32335D7ABA8CA49E6EBA7731A9AA8507A5A04
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3709c02-3b03-40ee-a552-a17b19d43a03.roa
Signing time:             Wed 29 Oct 2025 00:50:40 +0000
ROA not before:           Wed 29 Oct 2025 00:50:40 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff3:a4c0::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d3:23:35:d7:ab:a8:ca:49:e6:eb:a7:73:1a:9a:a8:50:7a:5a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:50:40 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=e5062f372e613c3e1e9befcbb79ea97a4edcedc7ce3af7f53d596019d1a5c228, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d8:4a:6e:38:2a:f6:d1:1c:33:07:db:ef:7f:
                    3d:ab:f4:17:df:16:2f:43:5a:cc:e7:9e:bf:b4:c2:
                    a4:8f:cb:3f:4e:a2:9c:d0:74:b4:f4:46:84:34:ed:
                    8e:9f:db:3a:6a:6b:a7:49:2f:09:d7:c6:ae:9e:0d:
                    d6:0b:00:1f:e3:ef:3a:c9:64:d3:7b:ef:ab:b8:81:
                    2e:f4:9c:32:66:bb:07:3a:1b:94:90:9a:08:b3:84:
                    cd:3e:ae:41:41:c7:1b:23:ff:0e:25:bf:0f:d0:e2:
                    62:62:a3:8b:b9:49:1e:06:db:e0:c3:28:2b:35:d7:
                    34:a1:b2:9c:67:0a:cd:0e:cf:c9:9c:89:e6:77:0a:
                    2d:27:bb:82:1d:63:b1:e4:3b:12:db:4b:f5:d2:74:
                    98:57:63:f0:75:12:b9:02:c0:58:4b:90:38:f3:b1:
                    39:40:93:e6:02:95:a8:0c:04:b6:4b:da:bb:ac:6c:
                    f3:9b:59:8c:01:f7:7d:f7:38:a8:05:79:47:2b:0b:
                    e2:15:8d:27:23:19:e8:da:0d:56:65:49:6b:12:59:
                    ed:ff:5f:30:ee:86:36:e2:22:67:0f:eb:df:db:75:
                    4c:7f:13:9c:ed:e8:eb:ac:48:9d:1d:92:95:7e:89:
                    6e:4e:57:16:c5:05:06:0c:7e:54:3e:11:20:da:de:
                    15:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:0A:09:1B:2B:CD:58:83:EF:B3:5C:4B:D2:77:12:47:72:58:7F:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3709c02-3b03-40ee-a552-a17b19d43a03.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff3:a4c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         5d:22:bb:17:13:1c:bb:41:5e:1e:dc:7e:dc:04:a8:4b:72:dc:
         e6:62:58:0c:10:c6:52:db:1f:0f:c4:9b:88:e4:70:bf:bb:46:
         e5:de:26:0e:26:55:89:a0:07:0f:54:b1:f9:a5:8f:ab:8d:58:
         2c:66:2d:4a:2f:b8:c4:be:be:84:7d:c5:74:71:7c:1e:79:94:
         35:37:82:41:61:f3:4f:c6:b6:a0:64:fc:53:66:b6:bd:cf:68:
         bb:82:64:e7:9f:56:8c:9a:4e:ea:19:86:9d:a0:1a:9f:f0:a0:
         d6:1d:cb:71:09:6b:ce:5b:28:80:43:a4:98:d5:6a:a9:f0:54:
         fd:cf:34:a2:8d:88:ee:a5:f9:05:e2:cc:39:a5:7d:da:e2:0d:
         bd:4a:d7:88:97:f4:c7:fb:f9:e8:48:26:a2:83:1f:c5:a8:e1:
         20:dd:c0:a8:9c:be:71:43:85:45:a8:2b:36:c8:17:96:85:8e:
         90:4f:d2:11:42:f4:a6:5c:f1:5a:53:ab:61:3d:a7:bc:08:d9:
         b0:74:51:4d:8b:4b:02:73:96:73:ee:97:5b:86:a6:da:f6:2f:
         02:f6:df:c0:2f:57:5d:f5:66:25:09:78:49:7e:e4:10:96:1e:
         58:cc:bd:d9:9e:8a:49:81:7d:6c:9d:8c:e9:3a:35:3b:2d:1c:
         ce:ca:04:e5
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTdMjNderqMpJ5uuncxqaqFB6WgQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDA1MDQwWhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTA2MmYzNzJlNjEzYzNlMWU5YmVmY2JiNzllYTk3YTRl
ZGNlZGM3Y2UzYWY3ZjUzZDU5NjAxOWQxYTVjMjI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCC2EpuOCr20RwzB9vvfz2r9BffFi9DWsznnr+0wqSPyz9O
opzQdLT0RoQ07Y6f2zpqa6dJLwnXxq6eDdYLAB/j7zrJZNN776u4gS70nDJmuwc6
G5SQmgizhM0+rkFBxxsj/w4lvw/Q4mJio4u5SR4G2+DDKCs11zShspxnCs0Oz8mc
ieZ3Ci0nu4IdY7HkOxLbS/XSdJhXY/B1ErkCwFhLkDjzsTlAk+YClagMBLZL2rus
bPObWYwB9333OKgFeUcrC+IVjScjGejaDVZlSWsSWe3/XzDuhjbiImcP69/bdUx/
E5zt6OusSJ0dkpV+iW5OVxbFBQYMflQ+ESDa3hUbAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUrQoJGyvNWIPvs1xL0ncSR3JYf5UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MzNzA5YzAyLTNiMDMtNDBlZS1hNTUyLWExN2IxOWQ0M2EwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/zpMAwDQYJKoZIhvcNAQELBQADggEBAF0iuxcTHLtBXh7cftwEqEty
3OZiWAwQxlLbHw/Em4jkcL+7RuXeJg4mVYmgBw9Usfmlj6uNWCxmLUovuMS+voR9
xXRxfB55lDU3gkFh80/GtqBk/FNmtr3PaLuCZOefVoyaTuoZhp2gGp/woNYdy3EJ
a85bKIBDpJjVaqnwVP3PNKKNiO6l+QXizDmlfdriDb1K14iX9Mf7+ehIJqKDH8Wo
4SDdwKicvnFDhUWoKzbIF5aFjpBP0hFC9KZc8VpTq2E9p7wI2bB0UU2LSwJzlnPu
l1uGptr2LwL238AvV131ZiUJeEl+5BCWHljMvdmeikmBfWydjOk6NTstHM7KBOU=
-----END CERTIFICATE-----