Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6185de8-a4ea-4ece-82e3-974af53b3f82.roa
File:                     d6185de8-a4ea-4ece-82e3-974af53b3f82.roa (raw, json)
Hash identifier:          /JkhQ2R5ZJoMPZyUwue9A0tiQLeCTet+92zJ91jr0T4=
Subject key identifier:   C4:24:B4:6C:2A:16:C8:CE:23:3B:9E:E1:76:8A:54:47:2E:7E:EC:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0BBB02A913EC86B564462986A656371E2666C51A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6185de8-a4ea-4ece-82e3-974af53b3f82.roa
Signing time:             Tue 21 Oct 2025 00:41:37 +0000
ROA not before:           Tue 21 Oct 2025 00:41:37 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fef:e000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:bb:02:a9:13:ec:86:b5:64:46:29:86:a6:56:37:1e:26:66:c5:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:41:37 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=a6ae4eb25e2bce30e80e2853476d3d4d25c14d20c7d520816793ff3aca8864a1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:44:36:74:5f:54:56:10:55:a2:4e:de:d4:a3:
                    2c:64:7b:96:21:6c:6c:c1:45:d9:b0:5b:19:37:5a:
                    30:6d:a9:89:57:cd:72:84:49:0a:39:0a:cf:82:d1:
                    2d:76:35:54:28:47:b3:38:14:7b:15:e8:65:8e:01:
                    24:bc:60:4a:cd:5b:a1:c1:81:93:ec:7b:a5:00:67:
                    c3:e2:65:25:3c:b7:0d:b4:1c:45:f8:e9:5a:4a:63:
                    3a:b2:46:d5:17:15:6b:6b:09:7b:3b:49:e9:40:4d:
                    8e:5d:1c:11:f4:20:e7:4b:f9:8a:7b:18:77:a1:c7:
                    0c:6c:2a:70:86:4d:55:70:88:ba:c2:26:71:1f:59:
                    da:40:cc:0c:35:db:82:6b:2b:a7:54:6d:1c:4f:30:
                    e3:62:e3:c6:68:17:57:33:4d:07:3f:9a:78:0b:a1:
                    f9:af:6f:43:eb:d8:d6:16:da:84:56:26:b9:62:d2:
                    09:16:16:f6:24:ce:b1:54:85:45:8c:35:6e:56:65:
                    28:5d:fe:1f:c2:0b:c1:59:5e:9d:ca:a3:c9:e8:55:
                    93:eb:9c:d1:bb:ae:1e:27:15:fb:5e:41:c8:91:ee:
                    3a:03:94:20:e8:c7:85:44:b9:d5:72:2d:3f:c2:a2:
                    57:f7:f9:d8:f7:14:d7:b1:33:c1:20:47:6f:ed:da:
                    14:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:24:B4:6C:2A:16:C8:CE:23:3B:9E:E1:76:8A:54:47:2E:7E:EC:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6185de8-a4ea-4ece-82e3-974af53b3f82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fef:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:e3:2b:e4:44:87:df:5c:53:48:0d:6c:3b:7e:dc:7e:de:9d:
         51:3a:8c:f1:07:9b:3d:f0:41:59:44:f5:2f:c0:c6:ad:e8:cb:
         f8:61:43:d7:14:6e:f4:60:38:9b:48:28:4b:98:ff:ca:ec:15:
         3d:1e:75:d9:c3:e7:f5:c8:54:ca:cf:4d:06:13:0c:e8:6f:5e:
         4b:30:86:2a:61:12:50:a7:d4:04:af:1b:8e:01:14:4f:ad:b3:
         12:a6:09:b8:ee:5f:ea:87:60:29:55:dc:e0:7e:1f:7d:d2:d9:
         f3:9b:eb:cb:aa:80:d8:ce:15:f6:5b:d8:a7:2f:c0:33:20:84:
         69:26:c7:dc:bd:25:f4:75:02:9c:d4:5c:91:72:7f:80:97:42:
         d4:80:e4:67:d7:4c:02:f5:86:9c:32:23:64:f9:8f:9b:3f:fb:
         d9:d1:db:0a:5d:34:d2:a3:58:ea:79:f2:e3:7c:31:09:3f:11:
         46:92:75:a0:d0:06:dd:43:08:e5:92:0c:d8:43:94:af:b3:66:
         d1:e9:81:90:13:1a:e1:d0:0e:06:39:22:f5:f1:fd:c7:55:a1:
         c7:85:38:5d:a7:62:9f:8e:5b:4d:53:46:b2:fe:99:b0:de:fb:
         0a:03:92:35:e7:51:16:47:b1:dd:00:2b:e0:32:64:ea:c1:8c:
         55:78:c9:92
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUC7sCqRPshrVkRimGplY3HiZmxRowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MTM3WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNmFlNGViMjVlMmJjZTMwZTgwZTI4NTM0NzZkM2Q0ZDI1
YzE0ZDIwYzdkNTIwODE2NzkzZmYzYWNhODg2NGExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGRDZ0X1RWEFWiTt7Uoyxke5YhbGzBRdmwWxk3WjBtqYlX
zXKESQo5Cs+C0S12NVQoR7M4FHsV6GWOASS8YErNW6HBgZPse6UAZ8PiZSU8tw20
HEX46VpKYzqyRtUXFWtrCXs7SelATY5dHBH0IOdL+Yp7GHehxwxsKnCGTVVwiLrC
JnEfWdpAzAw124JrK6dUbRxPMONi48ZoF1czTQc/mngLofmvb0Pr2NYW2oRWJrli
0gkWFvYkzrFUhUWMNW5WZShd/h/CC8FZXp3Ko8noVZPrnNG7rh4nFfteQciR7joD
lCDox4VEudVyLT/Colf3+dj3FNexM8EgR2/t2hSBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUxCS0bCoWyM4jO57hdopURy5+7CUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2MTg1ZGU4LWE0ZWEtNGVjZS04MmUzLTk3NGFmNTNiM2Y4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/v4DANBgkqhkiG9w0BAQsFAAOCAQEACeMr5ESH31xTSA1sO37cft6d
UTqM8QebPfBBWUT1L8DGrejL+GFD1xRu9GA4m0goS5j/yuwVPR512cPn9chUys9N
BhMM6G9eSzCGKmESUKfUBK8bjgEUT62zEqYJuO5f6odgKVXc4H4ffdLZ85vry6qA
2M4V9lvYpy/AMyCEaSbH3L0l9HUCnNRckXJ/gJdC1IDkZ9dMAvWGnDIjZPmPmz/7
2dHbCl000qNY6nny43wxCT8RRpJ1oNAG3UMI5ZIM2EOUr7Nm0emBkBMa4dAOBjki
9fH9x1Whx4U4Xadin45bTVNGsv6ZsN77CgOSNedRFkex3QAr4DJk6sGMVXjJkg==
-----END CERTIFICATE-----