Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dcb9cce0-b5c2-407f-b820-856473d780ac.roa
File:                     dcb9cce0-b5c2-407f-b820-856473d780ac.roa (raw, json)
Hash identifier:          ExZk5amedWJ1pv/4O68tNBKDrWm/d2W3DucYVyP3JqQ=
Subject key identifier:   25:A3:A8:4C:4F:40:7C:E0:32:E5:7E:92:0E:C9:14:CA:F5:B0:B1:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       71EDC3900E72098692605568D24253789CEE2AB0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dcb9cce0-b5c2-407f-b820-856473d780ac.roa
Signing time:             Wed 29 Oct 2025 00:40:06 +0000
ROA not before:           Wed 29 Oct 2025 00:40:06 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:8050::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:ed:c3:90:0e:72:09:86:92:60:55:68:d2:42:53:78:9c:ee:2a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:40:06 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=39058570c545914c5e1f4a2127e1a554344da756bfa6e089bfeb0edfb71fda00, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:11:ec:bc:5b:58:31:7d:6a:c7:41:f9:83:2c:
                    d4:07:03:bb:7b:f2:8a:4a:3e:34:76:99:a5:3f:67:
                    3e:e0:6f:5f:c0:a3:1e:92:43:e6:eb:62:db:16:68:
                    be:8b:b2:92:4f:cf:c7:10:a2:64:16:69:83:45:f2:
                    93:11:c8:6f:ef:0a:ec:5e:fe:6f:71:e7:10:55:92:
                    f9:b6:8f:9d:d9:5d:f6:d5:07:1f:f0:c2:02:a8:cb:
                    b0:dd:f9:90:bb:a2:22:25:45:ed:fd:9f:37:03:44:
                    74:59:55:64:dc:6c:cf:b6:80:11:c7:80:31:22:19:
                    36:79:dc:c6:2b:25:99:18:61:25:af:75:67:8c:ec:
                    11:fc:0a:f7:57:10:04:4e:9c:ee:d9:53:94:d6:ea:
                    ea:60:db:fb:0e:1d:e7:f4:33:a1:29:2e:4c:55:19:
                    3f:20:75:8c:5c:75:dd:98:56:f5:35:f9:ec:17:50:
                    13:88:73:c6:8a:b9:2b:77:af:d2:6e:55:2f:0e:dd:
                    e1:ba:5b:0c:29:d6:c1:87:20:a5:2e:48:6e:b9:8e:
                    4b:8f:fb:d8:62:b9:2f:d4:64:9d:ba:57:23:8c:18:
                    90:31:e9:0e:62:8b:23:6a:12:cd:3f:bd:e2:6b:60:
                    f8:55:19:76:4a:93:fa:8b:4b:7b:21:9c:03:0a:fb:
                    54:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A3:A8:4C:4F:40:7C:E0:32:E5:7E:92:0E:C9:14:CA:F5:B0:B1:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dcb9cce0-b5c2-407f-b820-856473d780ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:8050::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:d9:97:bb:b1:b8:7e:92:c8:bf:76:d1:2e:ab:95:9a:b5:52:
         7c:88:b1:22:73:c7:09:81:fd:9a:fb:7f:91:46:95:a7:50:1e:
         70:ed:80:8e:00:97:84:88:80:81:db:9c:da:b4:51:e5:e7:dc:
         19:51:1c:1a:c0:6c:fc:93:a9:6c:aa:6f:5b:b2:af:2b:77:db:
         a0:63:0b:a5:f1:2d:4f:b9:b6:fe:75:e5:09:5c:db:80:6a:26:
         52:1b:3e:4b:68:08:6f:f7:4b:07:ed:a7:6c:34:bb:4d:b5:72:
         d7:6a:09:4d:cd:7b:b2:9f:ed:de:f8:75:b1:ea:34:33:9a:a1:
         5b:d7:0b:84:73:64:6d:68:7b:7e:33:cc:7d:85:4b:12:05:fc:
         11:38:14:c7:05:19:4f:5c:d2:25:07:8b:f1:a9:01:90:e9:39:
         14:0d:21:bb:59:59:50:e2:e8:10:36:22:cb:11:38:cd:66:fc:
         45:76:b6:8b:f6:d4:45:ef:7f:96:14:00:1d:a6:68:06:e4:2f:
         b2:35:ba:58:a1:03:85:27:71:cb:1f:6c:68:c7:47:01:25:5f:
         9f:d8:59:5b:1e:cc:af:07:6d:8e:7a:41:a7:34:2f:85:10:bf:
         86:bd:e9:33:dc:0b:d4:01:6d:78:c0:80:bb:91:95:76:55:4e:
         dc:19:30:ed
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUce3DkA5yCYaSYFVo0kJTeJzuKrAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDA0MDA2WhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTA1ODU3MGM1NDU5MTRjNWUxZjRhMjEyN2UxYTU1NDM0
NGRhNzU2YmZhNmUwODliZmViMGVkZmI3MWZkYTAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpEey8W1gxfWrHQfmDLNQHA7t78opKPjR2maU/Zz7gb1/A
ox6SQ+brYtsWaL6LspJPz8cQomQWaYNF8pMRyG/vCuxe/m9x5xBVkvm2j53ZXfbV
Bx/wwgKoy7Dd+ZC7oiIlRe39nzcDRHRZVWTcbM+2gBHHgDEiGTZ53MYrJZkYYSWv
dWeM7BH8CvdXEAROnO7ZU5TW6upg2/sOHef0M6EpLkxVGT8gdYxcdd2YVvU1+ewX
UBOIc8aKuSt3r9JuVS8O3eG6Wwwp1sGHIKUuSG65jkuP+9hiuS/UZJ26VyOMGJAx
6Q5iiyNqEs0/veJrYPhVGXZKk/qLS3shnAMK+1QlAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJaOoTE9AfOAy5X6SDskUyvWwsQwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RjYjljY2UwLWI1YzItNDA3Zi1iODIwLTg1NjQ3M2Q3ODBhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/ygFAwDQYJKoZIhvcNAQELBQADggEBABfZl7uxuH6SyL920S6rlZq1
UnyIsSJzxwmB/Zr7f5FGladQHnDtgI4Al4SIgIHbnNq0UeXn3BlRHBrAbPyTqWyq
b1uyryt326BjC6XxLU+5tv515Qlc24BqJlIbPktoCG/3Swftp2w0u021ctdqCU3N
e7Kf7d74dbHqNDOaoVvXC4RzZG1oe34zzH2FSxIF/BE4FMcFGU9c0iUHi/GpAZDp
ORQNIbtZWVDi6BA2IssROM1m/EV2tov21EXvf5YUAB2maAbkL7I1ulihA4Unccsf
bGjHRwElX5/YWVsezK8HbY56Qac0L4UQv4a96TPcC9QBbXjAgLuRlXZVTtwZMO0=
-----END CERTIFICATE-----