Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa
File:                     fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa (raw, json)
Hash identifier:          hhssRxV96p7kxmh0a8VQ4U8GNanJ+ra+TpxH4+rTIjY=
Subject key identifier:   14:2D:C3:94:BE:82:E5:D1:39:38:63:D6:F2:E6:98:20:BF:EB:9A:E5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C503804FBF5EEBF5A5EE7DB29D491D38503D859
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa
Signing time:             Tue 21 Oct 2025 00:20:04 +0000
ROA not before:           Tue 21 Oct 2025 00:20:04 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f60:5000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:50:38:04:fb:f5:ee:bf:5a:5e:e7:db:29:d4:91:d3:85:03:d8:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:20:04 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=74befa48bd318f33d7bbe250b519fce757d23004585531b602fa26a814375fb2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:7f:01:e6:11:b0:dc:40:c9:55:41:45:81:1f:
                    7f:a3:b8:e5:d5:c6:bf:0a:5b:5a:32:8a:5b:35:7d:
                    ba:3a:f1:c7:4c:18:73:73:a4:e2:f2:d7:48:35:8d:
                    44:ba:66:20:03:33:13:f6:a6:fa:30:c8:30:90:68:
                    f8:72:2f:0d:a4:fb:19:35:d6:00:68:7d:9f:0d:35:
                    51:48:41:33:f4:d2:e5:9c:b8:7d:52:ac:e1:7c:03:
                    bf:93:e6:e3:73:26:ae:02:5b:f8:1b:59:1f:26:86:
                    af:51:94:0d:51:44:d6:1a:fb:ad:71:20:b8:83:af:
                    4c:b3:91:06:eb:be:b0:c6:e6:c5:3f:98:29:81:12:
                    2f:9e:91:09:1d:33:02:c2:4c:c7:c5:42:0d:b2:57:
                    98:4e:28:0f:ad:f8:cd:11:5f:3b:d8:d8:7f:0c:3d:
                    96:96:5a:28:18:60:d1:9b:4e:1c:ed:40:32:aa:6d:
                    1f:2c:4c:6c:84:6d:71:e4:71:e3:e4:52:e1:78:63:
                    5d:22:e1:07:0c:29:21:31:ed:bc:d5:9e:1c:35:02:
                    13:03:31:11:16:04:f9:39:83:c7:28:b0:b8:4d:bf:
                    41:64:c9:0b:a1:69:44:31:62:5b:22:96:cb:63:97:
                    15:23:83:37:82:ae:e0:d3:56:fd:80:02:6f:3c:bd:
                    65:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:2D:C3:94:BE:82:E5:D1:39:38:63:D6:F2:E6:98:20:BF:EB:9A:E5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         16:54:5a:7f:be:24:a0:52:25:f2:9a:76:e3:23:99:33:ae:6b:
         4a:0e:98:d6:c9:6f:fe:c6:40:97:27:23:73:01:85:9e:6b:bc:
         d1:95:71:ec:62:e5:32:75:c2:27:3d:19:53:2b:20:bd:f5:fd:
         e3:c3:2f:3e:c2:0b:30:a3:b0:8d:89:d5:b2:f5:86:45:f3:1e:
         21:ab:fc:22:aa:76:c4:8c:8f:60:6c:5c:39:68:01:78:6f:66:
         3a:36:fc:a5:19:cf:1b:6f:87:1f:14:93:8f:89:8b:fe:19:f2:
         1a:51:5d:e4:71:f7:df:4b:cd:d5:8b:74:2b:e3:d4:06:b8:c8:
         a8:b9:93:ba:49:32:07:80:f9:f8:c1:e5:a1:03:4e:98:a7:03:
         67:53:12:0c:84:39:76:ba:1c:5b:50:77:6e:16:f2:c7:3d:f8:
         98:79:de:a9:ff:18:86:df:26:36:92:2a:0a:8e:03:07:8f:6b:
         e9:e9:8b:ca:7d:b5:68:03:73:6e:e7:ae:4a:be:05:23:0d:29:
         91:db:f2:f7:fa:44:af:52:b3:43:38:a9:26:e8:8b:ff:9f:46:
         4d:76:db:be:72:73:ac:ab:99:a8:1d:81:29:67:8b:4f:45:5f:
         75:eb:2a:a5:b1:8f:11:4d:b1:72:e1:04:c3:fe:ec:d1:27:ec:
         f5:d0:de:35
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTFA4BPv17r9aXufbKdSR04UD2FkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAyMDA0WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NGJlZmE0OGJkMzE4ZjMzZDdiYmUyNTBiNTE5ZmNlNzU3
ZDIzMDA0NTg1NTMxYjYwMmZhMjZhODE0Mzc1ZmIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxfwHmEbDcQMlVQUWBH3+juOXVxr8KW1oyils1fbo68cdM
GHNzpOLy10g1jUS6ZiADMxP2pvowyDCQaPhyLw2k+xk11gBofZ8NNVFIQTP00uWc
uH1SrOF8A7+T5uNzJq4CW/gbWR8mhq9RlA1RRNYa+61xILiDr0yzkQbrvrDG5sU/
mCmBEi+ekQkdMwLCTMfFQg2yV5hOKA+t+M0RXzvY2H8MPZaWWigYYNGbThztQDKq
bR8sTGyEbXHkcePkUuF4Y10i4QcMKSEx7bzVnhw1AhMDMREWBPk5g8cosLhNv0Fk
yQuhaUQxYlsilstjlxUjgzeCruDTVv2AAm88vWU/AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUFC3DlL6C5dE5OGPW8uaYIL/rmuUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiNTc2ZWE3LTcyZDktNGVhZS1hZWU1LWU2MWU2OTgxZGUxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gUDANBgkqhkiG9w0BAQsFAAOCAQEAFlRaf74koFIl8pp24yOZM65r
Sg6Y1slv/sZAlycjcwGFnmu80ZVx7GLlMnXCJz0ZUysgvfX948MvPsILMKOwjYnV
svWGRfMeIav8Iqp2xIyPYGxcOWgBeG9mOjb8pRnPG2+HHxSTj4mL/hnyGlFd5HH3
30vN1Yt0K+PUBrjIqLmTukkyB4D5+MHloQNOmKcDZ1MSDIQ5drocW1B3bhbyxz34
mHneqf8Yht8mNpIqCo4DB49r6emLyn21aANzbueuSr4FIw0pkdvy9/pEr1KzQzip
JuiL/59GTXbbvnJzrKuZqB2BKWeLT0VfdesqpbGPEU2xcuEEw/7s0Sfs9dDeNQ==
-----END CERTIFICATE-----