Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29920184-aec3-4a16-ab95-1de3bb8a0901.roa
File:                     29920184-aec3-4a16-ab95-1de3bb8a0901.roa (raw, json)
Hash identifier:          ASkKNgXcUM8jw0OtTpYR1JxIvlG6b6+XfyhbXyUdoyk=
Subject key identifier:   6E:AB:7F:ED:89:0C:7D:4F:14:58:36:AA:55:1C:D5:A6:35:F0:A0:64
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7082180C69D2795E9B0D45042D359B2150A5F63C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29920184-aec3-4a16-ab95-1de3bb8a0901.roa
Signing time:             Wed 12 Nov 2025 01:30:14 +0000
ROA not before:           Wed 12 Nov 2025 01:30:14 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:8000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:82:18:0c:69:d2:79:5e:9b:0d:45:04:2d:35:9b:21:50:a5:f6:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:30:14 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=2e98a70ce217e06e511c5890bcd05b8d700749feb530b8ba08d54464e2e0d9eb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3d:be:e9:30:88:0d:be:d0:a3:fe:98:0e:ec:
                    a9:18:52:d1:1a:60:b4:28:9d:dd:fe:86:79:7d:40:
                    a5:4e:f8:88:b6:4f:e9:5c:44:e4:47:03:d9:f3:4f:
                    70:70:10:fa:2c:e5:7b:63:16:32:a6:fe:e2:b7:31:
                    68:04:72:c3:3a:87:1e:60:aa:2a:35:34:d3:88:e9:
                    81:0b:3a:aa:fa:c7:d2:35:82:d0:17:02:9e:b8:eb:
                    b8:65:c0:4c:34:71:50:89:2b:f0:c9:48:51:11:af:
                    8c:40:f6:86:98:ee:f1:26:51:4a:85:33:1a:84:bb:
                    5b:bf:90:ff:5b:14:4c:71:c5:55:f9:58:78:32:24:
                    44:2c:dc:95:5c:40:31:36:85:1d:a5:97:90:f9:99:
                    fb:54:60:57:85:6a:e6:2f:1a:52:db:56:a2:a7:93:
                    79:01:66:83:fb:0a:5d:b9:96:2e:68:81:48:fe:36:
                    7a:3f:fe:69:78:78:7e:ff:0b:0b:95:c2:c5:be:21:
                    22:9b:b4:1b:76:62:22:b6:ae:66:93:bc:f0:b5:b0:
                    cd:e9:63:a9:69:22:22:5e:96:61:db:75:7b:05:31:
                    40:91:b8:64:c6:10:c6:66:a0:33:8b:6c:d4:e9:7b:
                    26:af:51:f4:31:f3:5e:25:a6:c8:c4:81:d9:5b:02:
                    c9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:AB:7F:ED:89:0C:7D:4F:14:58:36:AA:55:1C:D5:A6:35:F0:A0:64
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29920184-aec3-4a16-ab95-1de3bb8a0901.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         1f:88:40:ad:4d:70:6e:5d:99:2f:de:75:45:f4:74:35:12:fa:
         1d:48:96:b4:39:55:46:4e:f4:9f:f0:0d:68:5e:e9:23:5e:6f:
         90:f0:c4:da:2f:ec:eb:66:76:12:60:b2:a2:4f:fa:a4:dd:db:
         02:48:d4:f9:49:7c:67:00:4c:b5:36:19:9f:03:0f:98:6d:01:
         84:6b:a1:46:75:ba:ce:22:2e:dd:65:8d:89:f7:fc:f7:7d:3d:
         e5:7d:44:b5:c9:e6:83:87:5c:89:e5:3a:1a:d9:b1:36:6e:2e:
         aa:69:38:94:79:c6:4b:80:8b:b1:f6:1c:1c:09:2a:80:63:1d:
         a9:1d:f0:5a:55:a8:83:14:e9:2a:8f:57:dd:75:06:a9:dd:ab:
         7b:93:b2:dc:3e:d9:38:b5:2a:45:1a:8a:b7:65:e6:fd:84:bb:
         29:02:64:40:01:5d:ed:2a:0c:4f:b3:d6:99:31:92:bc:37:21:
         97:af:1a:a9:57:e2:0e:86:2c:3d:07:c5:7b:44:37:3e:13:a7:
         8c:1e:ab:ee:be:67:e1:e3:87:15:35:a7:10:be:6a:58:63:78:
         17:68:45:1f:e0:6b:d8:cb:a7:db:7c:cb:38:05:c3:38:c3:8b:
         36:72:52:31:bf:97:4e:89:2e:be:b3:13:e1:b3:63:19:f4:72:
         63:90:bc:e7
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUcIIYDGnSeV6bDUUELTWbIVCl9jwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDEzMDE0WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZTk4YTcwY2UyMTdlMDZlNTExYzU4OTBiY2QwNWI4ZDcw
MDc0OWZlYjUzMGI4YmEwOGQ1NDQ2NGUyZTBkOWViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnPb7pMIgNvtCj/pgO7KkYUtEaYLQond3+hnl9QKVO+Ii2
T+lcRORHA9nzT3BwEPos5XtjFjKm/uK3MWgEcsM6hx5gqio1NNOI6YELOqr6x9I1
gtAXAp6467hlwEw0cVCJK/DJSFERr4xA9oaY7vEmUUqFMxqEu1u/kP9bFExxxVX5
WHgyJEQs3JVcQDE2hR2ll5D5mftUYFeFauYvGlLbVqKnk3kBZoP7Cl25li5ogUj+
Nno//ml4eH7/CwuVwsW+ISKbtBt2YiK2rmaTvPC1sM3pY6lpIiJelmHbdXsFMUCR
uGTGEMZmoDOLbNTpeyavUfQx814lpsjEgdlbAsk/AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUbqt/7YkMfU8UWDaqVRzVpjXwoGQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI5OTIwMTg0LWFlYzMtNGExNi1hYjk1LTFkZTNiYjhhMDkwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/xgDANBgkqhkiG9w0BAQsFAAOCAQEAH4hArU1wbl2ZL951RfR0NRL6
HUiWtDlVRk70n/ANaF7pI15vkPDE2i/s62Z2EmCyok/6pN3bAkjU+Ul8ZwBMtTYZ
nwMPmG0BhGuhRnW6ziIu3WWNiff893095X1Etcnmg4dcieU6GtmxNm4uqmk4lHnG
S4CLsfYcHAkqgGMdqR3wWlWogxTpKo9X3XUGqd2re5Oy3D7ZOLUqRRqKt2Xm/YS7
KQJkQAFd7SoMT7PWmTGSvDchl68aqVfiDoYsPQfFe0Q3PhOnjB6r7r5n4eOHFTWn
EL5qWGN4F2hFH+Br2Mun23zLOAXDOMOLNnJSMb+XTokuvrMT4bNjGfRyY5C85w==
-----END CERTIFICATE-----