Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1550332d-5bb8-49e9-8b4d-5938de6455c1.roa
File:                     1550332d-5bb8-49e9-8b4d-5938de6455c1.roa (raw, json)
Hash identifier:          YniWRkBqU4hcM/6NH6cvxTGvViciNgw0kiAjZFX6x64=
Subject key identifier:   05:B2:C9:B6:3C:69:23:4B:1C:27:D0:B2:0A:B2:24:31:7F:55:68:59
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F24DAF4B5D621F0B88DF5B9256CBAB980E6A7CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1550332d-5bb8-49e9-8b4d-5938de6455c1.roa
Signing time:             Wed 12 Nov 2025 01:20:56 +0000
ROA not before:           Wed 12 Nov 2025 01:20:56 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f28:8000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:24:da:f4:b5:d6:21:f0:b8:8d:f5:b9:25:6c:ba:b9:80:e6:a7:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:20:56 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=2a02b8a2be58ff9d21ec479799cba11346b2b065154d63f85093a422a4628bcf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7a:06:21:83:ac:0f:ad:da:f8:a9:26:8d:f7:
                    67:16:a8:7f:3f:ab:e8:15:ad:44:d0:75:a9:38:5a:
                    e1:ea:3e:73:97:61:5f:d4:94:a9:13:78:2e:23:78:
                    05:9d:d8:70:d9:ab:f9:c8:21:6a:ba:d9:83:9f:91:
                    97:45:72:c2:b2:ae:75:00:f8:78:2c:eb:dd:39:c2:
                    2e:0e:07:fd:0f:21:b0:95:4d:0a:6b:d5:b1:e8:dc:
                    99:fa:4e:df:83:01:01:97:b4:f0:ec:41:5d:49:30:
                    d2:0b:26:c2:3c:89:00:3d:1c:6c:8d:6f:23:52:12:
                    b4:f4:8f:87:83:2e:61:13:30:2b:64:3c:a6:c9:7e:
                    f6:f6:a7:5c:3e:b5:ca:a4:d4:4b:c4:2d:43:2e:db:
                    81:c5:70:04:a1:5b:ba:f4:7c:70:27:63:3b:80:f5:
                    51:7d:e0:52:3e:31:dd:98:00:3b:55:bc:56:0f:0e:
                    14:31:70:27:ec:e6:98:6a:f1:77:82:0d:19:66:88:
                    80:95:a0:04:b3:9b:31:dc:3d:e4:b2:24:46:42:04:
                    39:e3:95:1f:0e:bf:f8:e1:1f:09:a2:af:78:25:48:
                    e3:39:f0:94:e0:f1:23:9e:cb:0d:24:15:10:b0:04:
                    b2:e5:2f:90:ba:5d:f6:13:a4:e4:4d:59:0d:5a:86:
                    31:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B2:C9:B6:3C:69:23:4B:1C:27:D0:B2:0A:B2:24:31:7F:55:68:59
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1550332d-5bb8-49e9-8b4d-5938de6455c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f28:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         58:f7:54:d9:76:07:71:23:e7:2d:82:46:b4:55:12:7d:8b:85:
         82:3d:2b:e0:d6:6d:60:43:49:45:1f:78:86:6f:d5:5b:df:45:
         2a:9c:0f:eb:0d:e4:92:6b:b5:76:ea:cd:ef:32:a9:92:2b:48:
         a1:f1:d1:eb:e4:2c:3c:e5:9d:66:ef:f0:f7:64:e5:6e:18:d3:
         cc:1c:cb:1f:eb:d4:92:9f:68:45:87:7c:b5:f3:b7:08:10:60:
         19:47:a6:c6:fb:40:6a:80:2e:ea:4c:88:ac:38:f7:2d:71:c9:
         6c:d6:d1:5d:f2:4e:ce:80:ca:02:83:8e:07:e9:5b:12:46:92:
         1d:3d:b5:77:77:bd:5e:66:d4:ad:a1:dd:5f:1b:76:ab:fb:7c:
         67:85:96:fa:75:35:87:77:2c:30:ce:67:be:2a:60:46:f8:52:
         65:f2:49:c0:24:52:86:12:5a:a6:12:15:cb:4c:5b:f6:a8:24:
         fc:b8:65:ac:c3:02:19:f4:84:92:83:ca:64:03:94:74:21:38:
         c9:fa:fa:6e:f3:1b:2f:06:05:1c:81:80:58:85:d9:46:f9:70:
         72:7e:b5:a4:1d:e4:2d:be:0b:4b:2d:3e:4b:2c:33:9d:05:16:
         3c:17:41:1b:66:ad:ed:14:24:78:7e:65:89:65:d5:8f:d2:4f:
         6a:87:5b:bc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUDyTa9LXWIfC4jfW5JWy6uYDmp8owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDEyMDU2WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTAyYjhhMmJlNThmZjlkMjFlYzQ3OTc5OWNiYTExMzQ2
YjJiMDY1MTU0ZDYzZjg1MDkzYTQyMmE0NjI4YmNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+egYhg6wPrdr4qSaN92cWqH8/q+gVrUTQdak4WuHqPnOX
YV/UlKkTeC4jeAWd2HDZq/nIIWq62YOfkZdFcsKyrnUA+Hgs6905wi4OB/0PIbCV
TQpr1bHo3Jn6Tt+DAQGXtPDsQV1JMNILJsI8iQA9HGyNbyNSErT0j4eDLmETMCtk
PKbJfvb2p1w+tcqk1EvELUMu24HFcAShW7r0fHAnYzuA9VF94FI+Md2YADtVvFYP
DhQxcCfs5phq8XeCDRlmiICVoASzmzHcPeSyJEZCBDnjlR8Ov/jhHwmir3glSOM5
8JTg8SOeyw0kFRCwBLLlL5C6XfYTpORNWQ1ahjGbAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUBbLJtjxpI0scJ9CyCrIkMX9VaFkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1NTAzMzJkLTViYjgtNDllOS04YjRkLTU5MzhkZTY0NTVjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8ogDANBgkqhkiG9w0BAQsFAAOCAQEAWPdU2XYHcSPnLYJGtFUSfYuF
gj0r4NZtYENJRR94hm/VW99FKpwP6w3kkmu1durN7zKpkitIofHR6+QsPOWdZu/w
92TlbhjTzBzLH+vUkp9oRYd8tfO3CBBgGUemxvtAaoAu6kyIrDj3LXHJbNbRXfJO
zoDKAoOOB+lbEkaSHT21d3e9XmbUraHdXxt2q/t8Z4WW+nU1h3csMM5nvipgRvhS
ZfJJwCRShhJaphIVy0xb9qgk/LhlrMMCGfSEkoPKZAOUdCE4yfr6bvMbLwYFHIGA
WIXZRvlwcn61pB3kLb4LSy0+SywznQUWPBdBG2at7RQkeH5liWXVj9JPaodbvA==
-----END CERTIFICATE-----