Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feef2431-67fe-49cd-bf34-5014adc5df6f.roa
File:                     feef2431-67fe-49cd-bf34-5014adc5df6f.roa (raw, json)
Hash identifier:          je/yYRtaLJOrEC6OeQWXeCZ6UrsTHhvXO2i1P/jpAJI=
Subject key identifier:   6B:16:77:E9:90:25:3C:A9:59:39:D6:4D:6F:FF:80:C6:AD:DD:17:53
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B8CEC1932767DEFB551EB2935DC889096EB0D09
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feef2431-67fe-49cd-bf34-5014adc5df6f.roa
Signing time:             Tue 28 Oct 2025 00:41:24 +0000
ROA not before:           Tue 28 Oct 2025 00:41:24 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:1000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:8c:ec:19:32:76:7d:ef:b5:51:eb:29:35:dc:88:90:96:eb:0d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:41:24 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=7e77d2e6f93cef5f41980652fb37291dd9a0cf5657c32642808eff68365f4b4c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a4:c3:e1:43:7c:0a:76:ea:c4:f5:68:8e:fe:
                    04:16:a4:ae:ad:36:8b:0d:5d:f5:fb:ee:11:42:3c:
                    26:18:9b:26:2b:92:7f:30:c8:62:c8:64:a5:9b:d0:
                    d5:3b:79:83:dc:4e:1a:2f:0e:09:e6:96:15:7b:fb:
                    53:3b:48:d2:57:de:6b:ae:a4:82:a2:c0:59:a6:98:
                    3d:41:05:cd:2c:b1:72:ee:7a:9c:fc:0c:88:ed:8e:
                    08:47:94:0b:0e:45:65:ff:74:5f:a0:69:c5:52:bd:
                    b0:57:d9:1c:14:0b:ce:f7:02:0f:53:e3:cc:a1:16:
                    85:4b:c5:78:84:e0:a9:6b:b3:bc:3d:da:ab:bc:17:
                    49:a2:40:5d:cd:41:04:0f:6f:86:26:89:e5:99:5e:
                    c7:b2:b3:79:19:60:8d:87:64:61:2a:e2:f2:e5:40:
                    7a:a3:41:3e:67:1f:57:ab:56:d6:96:a9:f9:01:1d:
                    51:6e:d2:73:4d:d5:5d:d4:57:08:ef:16:f4:20:fa:
                    47:86:17:66:f2:22:c8:33:f8:33:87:cc:df:cc:5d:
                    9e:0d:09:eb:85:a1:07:91:d6:3d:49:d9:ca:cd:d7:
                    b4:97:5f:8e:d0:32:ef:e2:21:8f:ee:11:d9:fb:f3:
                    ae:bf:3e:7f:eb:77:79:99:71:9d:96:5e:91:46:57:
                    56:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:16:77:E9:90:25:3C:A9:59:39:D6:4D:6F:FF:80:C6:AD:DD:17:53
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feef2431-67fe-49cd-bf34-5014adc5df6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b3:4a:be:f1:e9:ae:37:b3:c0:65:e6:54:61:90:9b:15:48:f2:
         b2:a3:bd:95:cf:e5:ce:59:25:53:7e:83:f3:fa:81:57:cb:d7:
         0d:f9:96:c0:e7:54:a9:76:0c:d4:33:81:60:33:4e:cd:69:a9:
         98:41:dd:73:83:dd:0b:c8:58:89:54:bd:d2:5b:0a:d7:7f:60:
         e0:b0:34:1c:b7:61:40:f9:c4:a7:e5:65:30:33:60:4d:46:a1:
         38:d3:59:d0:4e:27:02:df:bf:e5:6f:62:34:a5:5a:4c:ce:6b:
         51:6b:85:85:97:17:ef:aa:9e:af:e1:cc:d6:91:94:ea:8e:21:
         17:c0:4f:7e:52:9c:c2:20:58:06:d8:ce:5c:0f:26:be:b5:d2:
         a6:0c:25:1d:ac:28:f9:6a:87:07:9b:6d:05:8c:0d:bf:7d:be:
         39:c9:41:85:1e:04:1b:92:82:5e:01:22:c7:37:73:07:c8:15:
         80:89:6f:b5:92:d1:e5:ec:cb:6e:b3:83:00:7f:bf:28:71:1d:
         94:5e:9e:73:de:4e:dc:3f:12:ca:37:81:ad:fe:4e:33:bd:0c:
         7e:9d:63:62:07:e8:b3:ca:1c:fc:51:bb:d4:db:86:53:58:5c:
         23:0c:a6:90:70:27:eb:fe:08:38:5d:8c:1f:d8:d6:0d:a8:20:
         ba:24:b9:cb
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUe4zsGTJ2fe+1UespNdyIkJbrDQkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA0MTI0WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZTc3ZDJlNmY5M2NlZjVmNDE5ODA2NTJmYjM3MjkxZGQ5
YTBjZjU2NTdjMzI2NDI4MDhlZmY2ODM2NWY0YjRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWpMPhQ3wKdurE9WiO/gQWpK6tNosNXfX77hFCPCYYmyYr
kn8wyGLIZKWb0NU7eYPcThovDgnmlhV7+1M7SNJX3muupIKiwFmmmD1BBc0ssXLu
epz8DIjtjghHlAsORWX/dF+gacVSvbBX2RwUC873Ag9T48yhFoVLxXiE4Klrs7w9
2qu8F0miQF3NQQQPb4YmieWZXseys3kZYI2HZGEq4vLlQHqjQT5nH1erVtaWqfkB
HVFu0nNN1V3UVwjvFvQg+keGF2byIsgz+DOHzN/MXZ4NCeuFoQeR1j1J2crN17SX
X47QMu/iIY/uEdn7866/Pn/rd3mZcZ2WXpFGV1YbAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUaxZ36ZAlPKlZOdZNb/+Axq3dF1MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZlZWYyNDMxLTY3ZmUtNDljZC1iZjM0LTUwMTRhZGM1ZGY2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/xEDANBgkqhkiG9w0BAQsFAAOCAQEAs0q+8emuN7PAZeZUYZCbFUjy
sqO9lc/lzlklU36D8/qBV8vXDfmWwOdUqXYM1DOBYDNOzWmpmEHdc4PdC8hYiVS9
0lsK139g4LA0HLdhQPnEp+VlMDNgTUahONNZ0E4nAt+/5W9iNKVaTM5rUWuFhZcX
76qer+HM1pGU6o4hF8BPflKcwiBYBtjOXA8mvrXSpgwlHawo+WqHB5ttBYwNv32+
OclBhR4EG5KCXgEixzdzB8gVgIlvtZLR5ezLbrODAH+/KHEdlF6ec95O3D8SyjeB
rf5OM70Mfp1jYgfos8oc/FG71NuGU1hcIwymkHAn6/4IOF2MH9jWDagguiS5yw==
-----END CERTIFICATE-----