Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02de776-a04d-4a5d-b952-e46865070f9c.roa
File:                     e02de776-a04d-4a5d-b952-e46865070f9c.roa (raw, json)
Hash identifier:          vjC9wgOM3250q46aqUWwWR06k5aZueUVvkhG2r7jQgo=
Subject key identifier:   AF:76:C5:F7:5D:65:25:E0:D3:3C:A2:9C:CC:D0:32:78:E2:24:0E:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       71829C06B0738E6D5D439FAE24A3A774EAFCAEC9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02de776-a04d-4a5d-b952-e46865070f9c.roa
Signing time:             Wed 29 Oct 2025 00:30:56 +0000
ROA not before:           Wed 29 Oct 2025 00:30:56 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff3:3480::/46 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:82:9c:06:b0:73:8e:6d:5d:43:9f:ae:24:a3:a7:74:ea:fc:ae:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:30:56 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=f1504de59cff099318521ba9f5bac2f5cb9db01bd10f8e307519d9a0625de033, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cf:3a:93:cd:71:a9:fd:92:ac:98:b8:de:25:
                    a1:86:40:a8:89:f0:d1:8b:29:0b:da:3f:98:22:09:
                    d5:44:7f:bf:d6:5f:1d:b7:4d:3c:fe:78:28:62:0b:
                    18:25:af:95:bf:51:ed:78:e0:89:0b:54:56:81:0c:
                    65:03:4d:87:76:91:68:c0:22:d7:7b:39:24:27:8a:
                    ec:7e:c2:61:b0:32:b4:49:7a:f5:30:50:4b:41:d4:
                    24:02:3a:42:02:d9:df:f4:f3:85:20:52:f7:07:a2:
                    16:1f:62:fd:30:4d:07:a8:ca:d2:d3:ac:61:70:db:
                    2f:af:ff:ec:be:a0:22:0c:8f:1b:83:75:91:94:27:
                    cd:4e:84:e6:28:00:03:d1:f4:c6:ca:0c:61:d6:1d:
                    a3:b0:dc:0c:9c:46:37:b6:bd:4f:bf:58:c7:45:07:
                    23:99:b2:17:79:7b:6a:bf:93:49:53:a3:6b:3f:2e:
                    b1:99:7f:6e:12:c4:32:73:85:11:0e:35:2d:b0:17:
                    ba:44:ac:96:88:cb:5d:33:4f:ba:4c:d3:ec:a4:5a:
                    c3:d9:dc:b6:13:cf:80:8e:73:d9:0e:d5:c7:bc:9d:
                    04:90:78:be:4d:a0:92:eb:d1:0f:94:eb:e1:c4:42:
                    d1:04:d1:c2:c2:6f:8e:74:44:b8:4d:63:bc:8d:6f:
                    06:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:76:C5:F7:5D:65:25:E0:D3:3C:A2:9C:CC:D0:32:78:E2:24:0E:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e02de776-a04d-4a5d-b952-e46865070f9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff3:3480::/46

    Signature Algorithm: sha256WithRSAEncryption
         4b:13:54:bd:70:54:60:86:e7:f2:49:60:e4:4f:cf:0d:7e:04:
         c3:0b:a9:a1:18:73:cc:5b:a3:1e:8f:77:58:91:a3:e2:7f:fa:
         b6:57:5d:59:9f:34:dc:41:6e:d4:05:88:3f:c1:41:9d:58:31:
         d6:70:26:fb:e6:41:2d:54:a9:d7:43:e1:b9:fb:67:59:24:98:
         3d:26:00:3b:40:11:a6:74:99:25:62:8d:d5:60:30:79:d3:c7:
         54:5e:29:13:7d:eb:46:36:c1:be:07:4f:46:ef:55:bc:7e:79:
         a2:96:97:73:4d:6f:f6:8d:b4:f9:a9:9b:f0:d2:19:86:83:4c:
         4f:b3:9b:55:52:fd:a9:95:3e:a6:4a:4f:97:cf:24:cc:e7:23:
         e0:ef:69:ae:56:f6:d0:48:a3:7d:73:4b:0e:0e:c7:95:ee:d9:
         02:84:20:5b:0b:be:04:f7:92:92:f3:b5:d5:b4:e4:2e:b4:c9:
         ef:c2:ce:a8:e7:38:dc:ba:d3:5f:bc:b0:28:6e:0b:a1:a3:b8:
         26:81:01:37:ad:e2:ed:e8:fe:72:88:0c:7d:34:a9:db:8c:f0:
         ef:48:21:1b:7a:1b:b0:e8:ed:de:8b:13:1e:98:2e:a7:20:b8:
         6f:f8:2c:d7:12:4f:de:66:1a:5c:42:4b:f6:f5:74:85:65:86:
         55:d3:b2:1f
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUcYKcBrBzjm1dQ5+uJKOndOr8rskwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDAzMDU2WhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTUwNGRlNTljZmYwOTkzMTg1MjFiYTlmNWJhYzJmNWNi
OWRiMDFiZDEwZjhlMzA3NTE5ZDlhMDYyNWRlMDMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDazzqTzXGp/ZKsmLjeJaGGQKiJ8NGLKQvaP5giCdVEf7/W
Xx23TTz+eChiCxglr5W/Ue144IkLVFaBDGUDTYd2kWjAItd7OSQniux+wmGwMrRJ
evUwUEtB1CQCOkIC2d/084UgUvcHohYfYv0wTQeoytLTrGFw2y+v/+y+oCIMjxuD
dZGUJ81OhOYoAAPR9MbKDGHWHaOw3AycRje2vU+/WMdFByOZshd5e2q/k0lTo2s/
LrGZf24SxDJzhREONS2wF7pErJaIy10zT7pM0+ykWsPZ3LYTz4COc9kO1ce8nQSQ
eL5NoJLr0Q+U6+HEQtEE0cLCb450RLhNY7yNbwbFAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUr3bF911lJeDTPKKczNAyeOIkDsEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UwMmRlNzc2LWEwNGQtNGE1ZC1iOTUyLWU0Njg2NTA3MGY5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/zNIAwDQYJKoZIhvcNAQELBQADggEBAEsTVL1wVGCG5/JJYORPzw1+
BMMLqaEYc8xbox6Pd1iRo+J/+rZXXVmfNNxBbtQFiD/BQZ1YMdZwJvvmQS1UqddD
4bn7Z1kkmD0mADtAEaZ0mSVijdVgMHnTx1ReKRN960Y2wb4HT0bvVbx+eaKWl3NN
b/aNtPmpm/DSGYaDTE+zm1VS/amVPqZKT5fPJMznI+Dvaa5W9tBIo31zSw4Ox5Xu
2QKEIFsLvgT3kpLztdW05C60ye/CzqjnONy601+8sChuC6GjuCaBATet4u3o/nKI
DH00qduM8O9IIRt6G7Do7d6LEx6YLqcguG/4LNcST95mGlxCS/b1dIVlhlXTsh8=
-----END CERTIFICATE-----