Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a12ecf2-0a22-45c0-a0b1-06f01158cf0e.roa
File:                     0a12ecf2-0a22-45c0-a0b1-06f01158cf0e.roa (raw, json)
Hash identifier:          CVdx4gS94vEiyrpZEgJfADxI1kPoAPOkFuj0idB26ZQ=
Subject key identifier:   41:86:77:3A:03:45:88:74:63:74:C4:30:67:42:C0:56:53:B7:CA:2A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       700A9A7782C23DC8C298E8B5201423D94AF9A1FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a12ecf2-0a22-45c0-a0b1-06f01158cf0e.roa
Signing time:             Fri 07 Nov 2025 00:50:10 +0000
ROA not before:           Fri 07 Nov 2025 00:50:10 +0000
ROA not after:            Fri 12 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f01::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:0a:9a:77:82:c2:3d:c8:c2:98:e8:b5:20:14:23:d9:4a:f9:a1:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  7 00:50:10 2025 GMT
            Not After : Dec 12 23:59:59 2025 GMT
        Subject: serialNumber=cda4bb99ca228e53be78dd52b6602368d564aa7af3b73adf6c2066921fca447e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2b:7d:2e:54:af:47:c0:c6:ca:95:3a:82:5a:
                    da:a9:71:fd:bc:8c:5a:b6:f6:45:1c:19:98:de:41:
                    dd:70:0a:c7:40:f6:51:36:fe:b4:e1:3b:90:be:9d:
                    cb:00:f6:96:b1:b8:ea:fb:7a:40:78:7e:f7:47:7b:
                    9f:7d:21:38:19:a6:0f:58:a5:76:7e:d5:e9:21:e4:
                    c2:75:b1:6f:c8:69:b9:e6:8a:81:d6:27:46:d3:3d:
                    10:8d:35:db:8f:58:b3:fd:bc:3b:b0:07:76:99:1c:
                    a2:15:db:75:c0:0a:10:c5:98:43:9f:11:9b:52:0c:
                    5f:f7:c5:4f:c9:cd:77:e7:4b:34:88:50:18:78:c1:
                    e0:39:bf:0f:5c:53:d8:d3:6e:03:76:73:05:a4:55:
                    22:0d:ea:b0:01:31:29:56:92:48:46:d3:f3:cb:05:
                    c7:56:68:07:27:2f:59:ae:c5:3e:40:75:f3:0d:03:
                    45:62:8d:5f:1b:52:3c:13:95:07:53:7b:1e:83:dc:
                    16:83:9a:23:47:4c:cd:f2:7a:ac:63:b4:2c:75:c9:
                    30:e1:3a:50:4f:13:33:f1:2f:02:e1:7a:e7:74:c3:
                    1e:aa:48:00:70:2c:2c:72:1e:f9:9f:c7:cd:44:58:
                    b9:34:7f:6e:ec:37:9b:0b:88:49:bf:b4:3e:ad:7a:
                    66:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:86:77:3A:03:45:88:74:63:74:C4:30:67:42:C0:56:53:B7:CA:2A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a12ecf2-0a22-45c0-a0b1-06f01158cf0e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f01::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:f2:37:49:8a:2f:a8:06:ce:90:cc:39:b1:a6:a9:dd:f6:50:
         31:61:32:cf:2c:21:3a:93:f5:ed:eb:86:0a:62:6b:7e:d1:1d:
         3c:e2:9b:8d:27:5f:69:6b:d1:1c:47:14:c3:62:30:bc:2e:37:
         9f:40:94:ee:db:5d:7c:7d:67:e9:bf:8f:3a:c3:cf:1d:ab:93:
         12:30:54:0d:80:32:8a:23:59:78:07:75:07:bc:81:ea:3d:ff:
         1d:44:a8:33:ba:33:0d:16:58:25:fd:dd:6e:63:de:ab:99:cd:
         a9:f9:c0:be:3f:29:1e:19:a3:37:01:18:bc:42:b4:d7:96:fb:
         c7:3a:83:32:d2:f1:cf:aa:54:2b:1e:f0:78:e7:b8:21:68:0d:
         4b:00:8e:df:42:aa:7c:bd:1e:0e:6a:0b:d9:86:de:5e:0e:e4:
         9a:37:d6:d0:7f:15:45:aa:76:ab:05:9c:8d:13:70:d6:f2:5a:
         83:fa:70:3e:67:2a:b5:9b:8f:55:33:95:70:38:72:3b:63:11:
         5e:23:a3:42:64:60:0d:b1:c9:d6:83:cc:8b:a9:e7:1f:5c:21:
         7f:4d:9e:fb:3e:65:f8:db:43:36:29:f5:5e:ab:7b:09:1a:1a:
         4f:eb:15:81:2f:03:ff:35:76:24:1b:a7:f8:e1:ae:e9:c2:e8:
         e2:bc:ab:c2
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUcAqad4LCPcjCmOi1IBQj2Ur5ofwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA3MDA1MDEwWhcNMjUxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZGE0YmI5OWNhMjI4ZTUzYmU3OGRkNTJiNjYwMjM2OGQ1
NjRhYTdhZjNiNzNhZGY2YzIwNjY5MjFmY2E0NDdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOK30uVK9HwMbKlTqCWtqpcf28jFq29kUcGZjeQd1wCsdA
9lE2/rThO5C+ncsA9paxuOr7ekB4fvdHe599ITgZpg9YpXZ+1ekh5MJ1sW/Iabnm
ioHWJ0bTPRCNNduPWLP9vDuwB3aZHKIV23XAChDFmEOfEZtSDF/3xU/JzXfnSzSI
UBh4weA5vw9cU9jTbgN2cwWkVSIN6rABMSlWkkhG0/PLBcdWaAcnL1muxT5AdfMN
A0VijV8bUjwTlQdTex6D3BaDmiNHTM3yeqxjtCx1yTDhOlBPEzPxLwLheud0wx6q
SABwLCxyHvmfx81EWLk0f27sN5sLiEm/tD6temYDAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUQYZ3OgNFiHRjdMQwZ0LAVlO3yiowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhMTJlY2YyLTBhMjItNDVjMC1hMGIxLTA2ZjAxMTU4Y2YwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB8BMA0GCSqGSIb3DQEBCwUAA4IBAQC88jdJii+oBs6QzDmxpqnd9lAx
YTLPLCE6k/Xt64YKYmt+0R084puNJ19pa9EcRxTDYjC8LjefQJTu2118fWfpv486
w88dq5MSMFQNgDKKI1l4B3UHvIHqPf8dRKgzujMNFlgl/d1uY96rmc2p+cC+Pyke
GaM3ARi8QrTXlvvHOoMy0vHPqlQrHvB457ghaA1LAI7fQqp8vR4OagvZht5eDuSa
N9bQfxVFqnarBZyNE3DW8lqD+nA+Zyq1m49VM5VwOHI7YxFeI6NCZGANscnWg8yL
qecfXCF/TZ77PmX420M2KfVeq3sJGhpP6xWBLwP/NXYkG6f44a7pwujivKvC
-----END CERTIFICATE-----