Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d33bfeb9-0b50-443e-8a06-3a81baa27766.roa
File:                     d33bfeb9-0b50-443e-8a06-3a81baa27766.roa (raw, json)
Hash identifier:          IQwmqwEnolfALw+LCMARLjEjWPnLMCTbxVaf6obpCWY=
Subject key identifier:   79:6B:EE:EC:0E:CA:06:52:20:F8:8F:85:5F:2C:50:35:A5:9C:E7:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EF92CA23E930E4DA707E28C42FD2DB529EA07B4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d33bfeb9-0b50-443e-8a06-3a81baa27766.roa
Signing time:             Tue 04 Nov 2025 00:10:05 +0000
ROA not before:           Tue 04 Nov 2025 00:10:05 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff4:c000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:f9:2c:a2:3e:93:0e:4d:a7:07:e2:8c:42:fd:2d:b5:29:ea:07:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:10:05 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=149588a9df34cf63583a0eeb5f98563f94fb28c79370aa827d7e18a02675ccf7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9b:ba:09:e0:9e:c2:c1:cf:0c:48:b4:4a:83:
                    34:2d:b3:20:b2:8b:8b:c0:44:08:b5:af:d1:7d:d4:
                    af:88:73:47:dd:ac:46:48:ff:a2:b4:f8:23:56:20:
                    e3:44:6e:98:e1:3e:63:b3:35:87:07:3a:88:98:3f:
                    06:60:dc:12:c3:6c:02:91:d6:15:3b:ed:a7:d5:19:
                    4c:17:f0:6d:b4:7c:15:d8:c5:48:47:3b:58:82:85:
                    ae:39:12:3c:0c:d0:e3:b5:a6:f7:8b:c9:eb:cd:8c:
                    4e:b2:24:ba:5e:9a:86:f4:25:3d:a5:57:d3:16:cc:
                    76:a5:47:d9:93:90:b9:77:83:3b:69:5b:67:34:35:
                    ea:6c:d0:6d:fe:51:4c:d8:11:92:ff:e9:fb:3d:06:
                    d8:8e:37:b1:b2:f5:a0:77:86:41:09:37:0b:0b:94:
                    94:b1:6c:0f:39:8d:82:e0:78:c2:4e:37:b2:92:75:
                    e6:26:b3:17:5a:c2:a9:b8:a5:aa:64:c8:c5:f2:93:
                    bb:a9:a1:de:6d:49:c4:c0:86:28:28:c2:0f:9e:ba:
                    37:84:00:b2:c4:96:75:eb:97:d6:76:a7:e1:30:01:
                    af:61:60:b7:4e:c8:ff:31:34:0b:f2:32:fc:7b:15:
                    1e:e6:43:b0:5f:8c:1f:8f:2a:62:57:be:0e:55:43:
                    61:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:6B:EE:EC:0E:CA:06:52:20:F8:8F:85:5F:2C:50:35:A5:9C:E7:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d33bfeb9-0b50-443e-8a06-3a81baa27766.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         92:da:58:a5:19:93:79:0b:c9:25:25:36:52:e5:a6:a0:be:1a:
         a3:88:8a:21:f9:0d:5c:b9:6e:aa:3f:5c:b1:3d:5e:ca:a8:ae:
         85:2e:8f:9a:2d:5e:89:f4:50:1d:d7:1b:3d:d9:8f:d6:f0:6f:
         75:ed:8a:2a:cc:bd:57:e4:60:52:d0:65:33:ab:cf:9f:3f:ad:
         bf:c7:11:16:4e:df:6f:1b:df:70:ab:27:79:fe:e1:6e:57:a9:
         8e:4b:35:58:d8:b2:c9:c1:8c:69:97:31:2c:45:88:9b:48:a9:
         e1:cf:0b:e4:5e:16:df:f4:0f:9e:64:2f:b3:5f:84:8d:c2:5e:
         59:01:4b:f2:b7:2f:71:27:37:cb:a8:e9:de:80:78:f3:5b:2a:
         df:0e:c5:6f:43:71:52:2e:8f:d9:47:a8:a1:05:88:08:0d:de:
         b9:07:25:66:a2:a1:11:6b:b4:5c:ec:34:a4:57:1d:ba:16:66:
         fd:f1:e4:79:2b:39:f1:9f:9d:1f:b5:1c:21:6e:93:b9:46:65:
         6e:ec:7d:66:60:b4:d6:63:57:04:7a:ea:f0:cf:fb:8b:33:ff:
         41:35:30:5f:7f:78:0d:15:e0:10:1e:2d:c4:36:f4:10:d2:5b:
         38:8d:41:88:eb:96:18:77:c1:86:c1:56:d1:dc:d5:59:b4:e5:
         1a:dd:4a:f8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTvksoj6TDk2nB+KMQv0ttSnqB7QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAxMDA1WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDk1ODhhOWRmMzRjZjYzNTgzYTBlZWI1Zjk4NTYzZjk0
ZmIyOGM3OTM3MGFhODI3ZDdlMThhMDI2NzVjY2Y3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4m7oJ4J7Cwc8MSLRKgzQtsyCyi4vARAi1r9F91K+Ic0fd
rEZI/6K0+CNWIONEbpjhPmOzNYcHOoiYPwZg3BLDbAKR1hU77afVGUwX8G20fBXY
xUhHO1iCha45EjwM0OO1pveLyevNjE6yJLpemob0JT2lV9MWzHalR9mTkLl3gztp
W2c0Neps0G3+UUzYEZL/6fs9BtiON7Gy9aB3hkEJNwsLlJSxbA85jYLgeMJON7KS
deYmsxdawqm4papkyMXyk7upod5tScTAhigowg+eujeEALLElnXrl9Z2p+EwAa9h
YLdOyP8xNAvyMvx7FR7mQ7BfjB+PKmJXvg5VQ2FDAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUeWvu7A7KBlIg+I+FXyxQNaWc5/0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzM2JmZWI5LTBiNTAtNDQzZS04YTA2LTNhODFiYWEyNzc2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/0wDANBgkqhkiG9w0BAQsFAAOCAQEAktpYpRmTeQvJJSU2UuWmoL4a
o4iKIfkNXLluqj9csT1eyqiuhS6Pmi1eifRQHdcbPdmP1vBvde2KKsy9V+RgUtBl
M6vPnz+tv8cRFk7fbxvfcKsnef7hblepjks1WNiyycGMaZcxLEWIm0ip4c8L5F4W
3/QPnmQvs1+EjcJeWQFL8rcvcSc3y6jp3oB481sq3w7Fb0NxUi6P2UeooQWICA3e
uQclZqKhEWu0XOw0pFcduhZm/fHkeSs58Z+dH7UcIW6TuUZlbux9ZmC01mNXBHrq
8M/7izP/QTUwX394DRXgEB4txDb0ENJbOI1BiOuWGHfBhsFW0dzVWbTlGt1K+A==
-----END CERTIFICATE-----