Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/154c39ec-28ce-41bb-ad0d-c48503198277.roa
File:                     154c39ec-28ce-41bb-ad0d-c48503198277.roa (raw, json)
Hash identifier:          COsTYFJYIZujIOg3gutReQC7F9sw8dp2hPkmoCv7zck=
Subject key identifier:   A2:F7:D3:A6:ED:C2:21:B9:DC:53:C3:E8:CB:80:5D:24:9C:17:AB:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3AF6833506F86B372F77FF99DA8229F8261BBE48
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/154c39ec-28ce-41bb-ad0d-c48503198277.roa
Signing time:             Wed 12 Nov 2025 02:40:05 +0000
ROA not before:           Wed 12 Nov 2025 02:40:05 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:7400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:f6:83:35:06:f8:6b:37:2f:77:ff:99:da:82:29:f8:26:1b:be:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:40:05 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=ce608db5dbead075966b48f3f227b46bec2920bbb2bf9b4f0a81ada4e5e4fb24, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c9:89:86:1b:ba:83:ef:f3:1a:2a:41:a9:d8:
                    78:a8:6f:81:49:2f:30:76:40:6f:97:31:1b:81:17:
                    76:74:49:8e:5b:77:a6:7d:ea:f9:8c:25:ef:68:e9:
                    c5:60:3f:1e:74:d7:41:99:18:aa:95:eb:99:fe:f2:
                    fb:e9:32:25:c6:df:58:cd:fc:20:bf:7f:f7:31:72:
                    95:59:83:85:4f:e1:f2:0b:4c:b2:1a:55:51:9e:10:
                    50:2b:f7:81:46:05:a2:29:78:5f:f2:b3:04:2d:cd:
                    0b:57:09:1c:37:9d:fc:05:14:dd:08:5c:9a:1d:58:
                    95:27:3e:4c:13:7c:f9:62:85:c8:ff:7a:64:5a:25:
                    f1:5c:52:39:1e:b2:17:bd:7e:f7:fd:c9:d2:6c:1a:
                    85:5d:22:a5:19:9e:01:9f:c5:b1:05:b5:8e:29:0e:
                    13:4d:a8:f3:02:21:bb:1a:25:3e:59:91:42:8b:1c:
                    c4:54:8e:01:68:25:73:25:83:ce:f4:83:3d:d6:49:
                    3b:f9:0b:9a:be:91:72:5d:3b:d4:ac:74:80:72:44:
                    f3:5b:c6:cf:6e:d4:fb:cd:5e:e2:f3:aa:5d:45:1f:
                    68:5d:29:8c:cc:6a:38:58:c4:75:e9:f4:dd:34:84:
                    4b:06:e5:33:b5:63:02:16:0f:0c:73:31:af:ba:56:
                    ef:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F7:D3:A6:ED:C2:21:B9:DC:53:C3:E8:CB:80:5D:24:9C:17:AB:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/154c39ec-28ce-41bb-ad0d-c48503198277.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         31:2c:83:6d:1f:79:05:3b:a1:32:52:86:40:04:67:2b:99:ac:
         65:3c:8c:eb:f0:b3:6d:18:34:3a:bc:e2:ae:4e:ea:34:5a:95:
         4f:93:3d:d9:24:f9:64:8a:3c:e8:d8:f9:3d:7a:f7:46:5f:9c:
         8c:e9:94:51:b0:bf:3c:c1:2c:8c:04:f3:40:20:4f:9d:11:e4:
         e4:be:8b:0f:cc:f2:29:0d:52:c3:0e:a3:89:62:64:92:66:94:
         fa:25:3c:25:a7:56:c7:e9:44:f0:1d:1e:4c:ee:69:00:4c:3f:
         70:66:f8:92:5a:4d:0d:09:9d:34:bb:5c:12:95:31:88:90:1a:
         13:5f:1f:7b:2f:2f:bc:ac:01:a8:af:80:6c:c4:3c:ca:71:7e:
         db:97:c0:38:ee:49:41:e5:67:ba:1a:dc:a1:05:5f:9d:2f:96:
         17:ee:f5:e8:9d:5e:58:9a:ee:22:ec:9b:2d:b4:c2:b1:42:1f:
         1c:79:d1:02:a3:3e:b1:f5:aa:0e:89:42:a6:96:07:b8:55:28:
         fc:d9:ac:97:9c:37:35:ea:a3:39:7f:be:b2:88:22:63:7b:ad:
         3a:9a:44:8c:27:15:df:75:4c:4d:f1:12:37:52:8f:d5:02:b9:
         80:a5:c2:99:a3:9a:b0:a9:a3:dc:e9:7c:e9:95:81:83:7f:bd:
         98:21:bb:dc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUOvaDNQb4azcvd/+Z2oIp+CYbvkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDI0MDA1WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTYwOGRiNWRiZWFkMDc1OTY2YjQ4ZjNmMjI3YjQ2YmVj
MjkyMGJiYjJiZjliNGYwYTgxYWRhNGU1ZTRmYjI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClyYmGG7qD7/MaKkGp2Hiob4FJLzB2QG+XMRuBF3Z0SY5b
d6Z96vmMJe9o6cVgPx5010GZGKqV65n+8vvpMiXG31jN/CC/f/cxcpVZg4VP4fIL
TLIaVVGeEFAr94FGBaIpeF/yswQtzQtXCRw3nfwFFN0IXJodWJUnPkwTfPlihcj/
emRaJfFcUjkeshe9fvf9ydJsGoVdIqUZngGfxbEFtY4pDhNNqPMCIbsaJT5ZkUKL
HMRUjgFoJXMlg870gz3WSTv5C5q+kXJdO9SsdIByRPNbxs9u1PvNXuLzql1FH2hd
KYzMajhYxHXp9N00hEsG5TO1YwIWDwxzMa+6Vu9NAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUovfTpu3CIbncU8Poy4BdJJwXq18wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1NGMzOWVjLTI4Y2UtNDFiYi1hZDBkLWM0ODUwMzE5ODI3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wdDANBgkqhkiG9w0BAQsFAAOCAQEAMSyDbR95BTuhMlKGQARnK5ms
ZTyM6/CzbRg0Orzirk7qNFqVT5M92ST5ZIo86Nj5PXr3Rl+cjOmUUbC/PMEsjATz
QCBPnRHk5L6LD8zyKQ1Sww6jiWJkkmaU+iU8JadWx+lE8B0eTO5pAEw/cGb4klpN
DQmdNLtcEpUxiJAaE18fey8vvKwBqK+AbMQ8ynF+25fAOO5JQeVnuhrcoQVfnS+W
F+716J1eWJruIuybLbTCsUIfHHnRAqM+sfWqDolCppYHuFUo/Nmsl5w3NeqjOX++
sogiY3utOppEjCcV33VMTfESN1KP1QK5gKXCmaOasKmj3Ol86ZWBg3+9mCG73A==
-----END CERTIFICATE-----