Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/126efe78-9e9d-4572-92d2-fedc0e5c80fa.roa
File:                     126efe78-9e9d-4572-92d2-fedc0e5c80fa.roa (raw, json)
Hash identifier:          DagXpiKIs4sGlGrWmtqnQ8xxjaEgljvamRQEXMYn1Jg=
Subject key identifier:   57:41:68:9C:39:E7:E7:1E:F1:D4:F7:D7:79:B9:B3:5F:A4:02:DF:C7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14C40881060FC3EDD87FD8B8965AB290F8104139
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/126efe78-9e9d-4572-92d2-fedc0e5c80fa.roa
Signing time:             Tue 11 Nov 2025 01:40:25 +0000
ROA not before:           Tue 11 Nov 2025 01:40:25 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:8060::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:c4:08:81:06:0f:c3:ed:d8:7f:d8:b8:96:5a:b2:90:f8:10:41:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:40:25 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=fa50b6b18fb5dd0517b1cd485a0880c56e6d8d5a9e08fee1d285fbe4807b68bb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:17:13:30:e3:f4:a1:70:a4:79:10:fb:75:7d:
                    4e:6c:5b:c8:7d:2e:14:54:c7:8e:26:34:84:70:c2:
                    30:40:58:36:f7:1a:91:08:c2:0f:c4:3f:50:6c:b4:
                    53:52:26:a5:2a:f7:4e:f1:a2:d4:69:f9:ca:68:05:
                    0f:81:04:5c:9e:67:8b:a1:39:99:c6:fb:02:0c:23:
                    5f:fe:b3:91:91:75:bf:44:ca:c1:11:b9:6f:3f:ef:
                    c0:b4:2f:cf:71:4e:5b:13:94:46:13:22:17:7c:75:
                    87:be:70:27:b9:f8:be:d0:41:8d:99:55:ff:97:38:
                    f2:3f:d1:8e:fb:ac:20:63:13:c6:01:98:bf:56:39:
                    60:c7:ea:bd:8e:2e:80:d4:fc:bd:8d:0a:d2:45:cd:
                    aa:3b:3f:a7:72:44:6a:6f:64:ef:b9:71:c2:95:b0:
                    87:1c:16:55:74:e5:23:e5:ea:ad:1b:e7:58:ce:c9:
                    4a:8f:7d:a4:48:3a:86:0a:7d:85:39:d0:57:10:7a:
                    75:18:d1:94:2a:f1:c8:f9:45:43:90:5a:de:4b:29:
                    5d:a8:84:6b:9f:da:1a:51:d2:39:30:d0:16:d1:eb:
                    95:ce:c6:11:47:c6:70:30:c0:a5:35:fe:f4:2b:6d:
                    8c:91:4d:3f:06:79:10:86:53:64:28:9f:a4:ab:65:
                    d8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:41:68:9C:39:E7:E7:1E:F1:D4:F7:D7:79:B9:B3:5F:A4:02:DF:C7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/126efe78-9e9d-4572-92d2-fedc0e5c80fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:8060::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:2b:52:b1:0b:3f:f0:b1:07:82:e9:db:cb:2e:49:13:af:cb:
         26:8b:29:08:3e:c6:f3:06:39:d9:3f:43:6e:ea:47:ff:7b:e2:
         b7:a5:4a:ff:67:cc:2b:91:0d:39:ae:fa:3c:b0:20:d4:16:4d:
         1c:31:cf:a3:75:a8:c1:d6:20:c6:84:d2:6d:c9:8e:13:06:e9:
         84:19:9b:2b:e2:8a:e6:b7:25:9c:41:5f:95:cd:f2:e2:dc:0c:
         10:98:ec:45:b3:9c:7e:b1:fd:83:9b:37:80:c7:5f:e6:6a:e7:
         65:01:ee:cd:6c:a4:ed:3f:6c:a0:1d:38:a5:4c:b2:f6:da:bd:
         da:20:e6:2e:a3:fc:21:bf:d0:5b:7a:30:f1:ee:b0:98:da:ef:
         6b:df:b7:0d:f6:3b:b1:94:49:87:57:27:a5:b3:ae:1a:d4:f5:
         7e:dc:92:77:41:ee:a7:e6:9a:6c:cb:d4:65:1b:26:7f:20:bb:
         4a:61:a9:87:ab:c4:cd:ff:f5:7b:9f:bf:9f:97:c5:c3:d5:e6:
         f0:50:ea:78:7e:e6:c3:59:d0:26:93:d9:51:c1:62:b7:f7:58:
         1d:b7:59:59:3e:3a:50:a1:63:51:ea:12:60:e3:d3:77:30:6f:
         6f:c9:57:84:09:c4:e9:21:0d:14:9b:51:23:a5:46:ac:7a:e3:
         89:f0:05:01
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUFMQIgQYPw+3Yf9i4llqykPgQQTkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDE0MDI1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTUwYjZiMThmYjVkZDA1MTdiMWNkNDg1YTA4ODBjNTZl
NmQ4ZDVhOWUwOGZlZTFkMjg1ZmJlNDgwN2I2OGJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD4FxMw4/ShcKR5EPt1fU5sW8h9LhRUx44mNIRwwjBAWDb3
GpEIwg/EP1BstFNSJqUq907xotRp+cpoBQ+BBFyeZ4uhOZnG+wIMI1/+s5GRdb9E
ysERuW8/78C0L89xTlsTlEYTIhd8dYe+cCe5+L7QQY2ZVf+XOPI/0Y77rCBjE8YB
mL9WOWDH6r2OLoDU/L2NCtJFzao7P6dyRGpvZO+5ccKVsIccFlV05SPl6q0b51jO
yUqPfaRIOoYKfYU50FcQenUY0ZQq8cj5RUOQWt5LKV2ohGuf2hpR0jkw0BbR65XO
xhFHxnAwwKU1/vQrbYyRTT8GeRCGU2Qon6SrZdijAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUV0FonDnn5x7x1PfXebmzX6QC38cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEyNmVmZTc4LTllOWQtNDU3Mi05MmQyLWZlZGMwZTVjODBmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB9hgGAwDQYJKoZIhvcNAQELBQADggEBALkrUrELP/CxB4Lp28suSROv
yyaLKQg+xvMGOdk/Q27qR/974relSv9nzCuRDTmu+jywINQWTRwxz6N1qMHWIMaE
0m3JjhMG6YQZmyviiua3JZxBX5XN8uLcDBCY7EWznH6x/YObN4DHX+Zq52UB7s1s
pO0/bKAdOKVMsvbavdog5i6j/CG/0Ft6MPHusJja72vftw32O7GUSYdXJ6WzrhrU
9X7ckndB7qfmmmzL1GUbJn8gu0phqYerxM3/9Xufv5+XxcPV5vBQ6nh+5sNZ0CaT
2VHBYrf3WB23WVk+OlChY1HqEmDj03cwb2/JV4QJxOkhDRSbUSOlRqx644nwBQE=
-----END CERTIFICATE-----