Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11f7b2bd-b866-4941-8b5b-ff2f70861881.roa
File:                     11f7b2bd-b866-4941-8b5b-ff2f70861881.roa (raw, json)
Hash identifier:          ozIpN4HcCxpCk54Sy/2CNK33EGgpmbxQEHDTkTNbN8Y=
Subject key identifier:   49:C8:C2:D3:C2:E0:32:47:38:10:FE:99:6E:29:7F:64:FC:3B:6B:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E5B81EEDDC5CDFA0F60E5311EC6897A73DE5730
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11f7b2bd-b866-4941-8b5b-ff2f70861881.roa
Signing time:             Tue 07 Oct 2025 00:43:22 +0000
ROA not before:           Tue 07 Oct 2025 00:43:22 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f00:8000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:5b:81:ee:dd:c5:cd:fa:0f:60:e5:31:1e:c6:89:7a:73:de:57:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:43:22 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=0f4019d8ce13d8ed60035f870acbc59156503154c0b53e2e44a8741745c45ff9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:45:ec:80:d7:65:b6:6c:5e:f4:ad:bd:62:32:
                    d4:af:d0:47:85:49:cc:1e:51:9a:2f:66:8a:8e:bf:
                    28:30:7f:64:49:2a:67:a0:f7:4e:eb:62:7d:9a:0b:
                    97:6b:15:39:d0:ef:aa:8d:73:81:86:ce:0a:cb:bf:
                    74:9e:9b:a4:19:13:68:7a:47:7f:5d:e4:90:43:0b:
                    47:0f:ca:1c:21:19:df:5d:75:63:3a:11:5c:60:9e:
                    ef:25:dc:8e:67:64:2b:0b:f3:bd:f8:64:fb:db:d1:
                    aa:d3:a3:69:04:00:0f:83:49:2f:f7:11:70:a7:a8:
                    f5:80:b5:c1:43:e9:6b:08:ec:54:92:ae:89:22:37:
                    5b:d7:ae:96:56:29:74:31:6d:39:2c:23:9d:88:a8:
                    f0:c6:06:e7:32:e3:17:86:16:77:cf:71:fb:0c:6e:
                    cc:e9:68:66:9c:2d:5e:c4:6b:e3:c9:8d:76:67:2d:
                    12:76:2b:dc:84:92:17:90:eb:60:20:f6:52:b3:7e:
                    df:b0:ea:b5:13:8a:d8:34:28:d1:57:4e:6a:32:45:
                    6d:53:65:a2:7e:68:21:6f:0f:23:d9:12:de:6a:06:
                    4b:67:fe:4a:1e:25:9d:13:15:a6:68:82:25:fa:6e:
                    18:c3:f2:af:02:d0:bd:3e:7c:c0:24:17:1e:39:8e:
                    8b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:C8:C2:D3:C2:E0:32:47:38:10:FE:99:6E:29:7F:64:FC:3B:6B:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11f7b2bd-b866-4941-8b5b-ff2f70861881.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         65:76:71:ef:29:4b:3d:d9:1a:35:92:3c:4e:d7:a1:3f:06:26:
         10:b1:9e:02:7d:61:e5:44:98:27:6b:9f:47:42:bb:0b:d4:c2:
         ee:19:a7:90:e0:e6:35:1e:19:3a:2e:e0:db:12:43:5c:9a:7a:
         38:3a:b2:01:59:41:9d:87:6e:6d:8d:77:7a:d1:9d:aa:1d:58:
         4c:f8:a2:a6:3c:6a:08:10:47:d9:77:df:50:51:56:21:e2:a8:
         28:3e:20:5e:e4:4b:94:aa:3a:9d:7c:e0:37:f2:cd:e9:08:53:
         a1:91:a9:58:d0:ab:60:ec:a8:33:6b:3e:c2:fd:b1:31:b1:39:
         3c:ed:9c:af:e4:ae:02:91:43:55:a7:8e:dc:75:fd:68:9e:31:
         fb:0f:0f:64:f3:b5:df:7e:af:be:4e:50:f6:fc:55:21:a2:f2:
         59:ff:5e:05:39:f1:00:47:6e:ba:09:03:d9:00:50:62:35:ae:
         40:b4:29:2b:8f:71:5f:b8:3b:bd:64:99:68:04:9d:15:fc:3c:
         cc:79:09:46:5d:ae:62:66:95:0b:c4:8a:b6:f2:7c:ab:4c:8a:
         9a:07:10:35:93:a8:2f:a5:f5:cf:f4:5d:84:62:fe:ee:54:55:
         1c:ae:88:b4:fb:dd:cb:05:e3:d0:3a:21:44:71:12:9c:71:16:
         ea:4a:7a:a3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPluB7t3FzfoPYOUxHsaJenPeVzAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MzIyWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZjQwMTlkOGNlMTNkOGVkNjAwMzVmODcwYWNiYzU5MTU2
NTAzMTU0YzBiNTNlMmU0NGE4NzQxNzQ1YzQ1ZmY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuReyA12W2bF70rb1iMtSv0EeFScweUZovZoqOvygwf2RJ
Kmeg907rYn2aC5drFTnQ76qNc4GGzgrLv3Sem6QZE2h6R39d5JBDC0cPyhwhGd9d
dWM6EVxgnu8l3I5nZCsL8734ZPvb0arTo2kEAA+DSS/3EXCnqPWAtcFD6WsI7FSS
rokiN1vXrpZWKXQxbTksI52IqPDGBucy4xeGFnfPcfsMbszpaGacLV7Ea+PJjXZn
LRJ2K9yEkheQ62Ag9lKzft+w6rUTitg0KNFXTmoyRW1TZaJ+aCFvDyPZEt5qBktn
/koeJZ0TFaZogiX6bhjD8q8C0L0+fMAkFx45jotRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUScjC08LgMkc4EP6Zbil/ZPw7a8EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExZjdiMmJkLWI4NjYtNDk0MS04YjViLWZmMmY3MDg2MTg4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB8AgDANBgkqhkiG9w0BAQsFAAOCAQEAZXZx7ylLPdkaNZI8TtehPwYm
ELGeAn1h5USYJ2ufR0K7C9TC7hmnkODmNR4ZOi7g2xJDXJp6ODqyAVlBnYdubY13
etGdqh1YTPiipjxqCBBH2XffUFFWIeKoKD4gXuRLlKo6nXzgN/LN6QhToZGpWNCr
YOyoM2s+wv2xMbE5PO2cr+SuApFDVaeO3HX9aJ4x+w8PZPO1336vvk5Q9vxVIaLy
Wf9eBTnxAEduugkD2QBQYjWuQLQpK49xX7g7vWSZaASdFfw8zHkJRl2uYmaVC8SK
tvJ8q0yKmgcQNZOoL6X1z/RdhGL+7lRVHK6ItPvdywXj0DohRHESnHEW6kp6ow==
-----END CERTIFICATE-----