Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b0e10c2-b7e4-4715-83f7-a13456221bb2.roa
File:                     2b0e10c2-b7e4-4715-83f7-a13456221bb2.roa (raw, json)
Hash identifier:          u9dNQujRQ4qQq7EsZI7sQjqmQktgBpwZVJ7JX5pItjU=
Subject key identifier:   AE:13:4B:1A:C5:48:FB:55:E7:C3:2E:6F:14:E3:D3:93:74:F7:A6:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EBF515AB74EE8E38D1B88E9AC10025F2CAE43D6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b0e10c2-b7e4-4715-83f7-a13456221bb2.roa
Signing time:             Wed 12 Nov 2025 02:11:00 +0000
ROA not before:           Wed 12 Nov 2025 02:11:00 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:3480::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:bf:51:5a:b7:4e:e8:e3:8d:1b:88:e9:ac:10:02:5f:2c:ae:43:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:11:00 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=501093007172cca18ddbca5ca53be4f511f74e4f7c5e7c25623e3e9f2c17c178, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:22:09:1d:87:8b:6d:84:b0:c4:57:35:39:4f:
                    5b:93:a7:d8:7c:ea:97:6a:25:b2:09:b2:40:c7:83:
                    dd:76:de:fb:d1:ac:bd:3d:34:26:3f:41:b8:7d:fc:
                    0b:ae:89:55:ab:e4:8c:84:96:be:ca:fa:51:db:19:
                    63:ec:f1:81:98:47:3f:62:ad:59:51:e6:03:3f:e6:
                    94:ca:2f:40:1f:20:07:28:37:f6:49:0f:5e:0c:bc:
                    99:dd:12:03:cf:d1:57:5b:ed:57:44:27:81:e7:d4:
                    47:51:fb:a8:05:b0:29:e4:05:a7:c2:b7:e9:36:af:
                    c5:40:31:af:ce:d1:f5:ff:bb:e0:ec:48:ca:a5:62:
                    99:33:fa:51:fb:66:0b:9f:f5:1d:e7:02:36:c3:c1:
                    9c:16:58:55:9e:66:0d:05:38:e3:d9:4e:1b:3e:ef:
                    96:d5:4a:3d:f1:14:62:07:83:d6:98:6e:c2:4f:00:
                    c8:6b:6a:c7:66:ab:b3:1c:cf:ee:01:92:1e:a2:09:
                    01:62:6b:37:1a:21:fa:a4:b5:46:f3:18:ca:4e:4f:
                    98:ef:63:24:7c:03:93:90:5e:fb:67:76:7c:bf:13:
                    50:30:63:09:21:f4:e1:9b:84:c0:c8:f9:7b:13:7f:
                    25:82:f7:50:b0:68:e9:51:07:96:61:b7:34:44:cf:
                    c9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:13:4B:1A:C5:48:FB:55:E7:C3:2E:6F:14:E3:D3:93:74:F7:A6:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b0e10c2-b7e4-4715-83f7-a13456221bb2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:3480::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:fb:1d:16:78:64:32:b5:0f:9f:a0:6e:71:80:74:c3:9e:da:
         b6:21:8d:92:5c:20:fb:e6:3b:3f:16:0a:65:93:3f:15:95:3c:
         3f:a3:4a:9e:5b:b5:48:3f:81:fa:b8:e0:bb:23:fe:55:71:6a:
         86:ab:75:72:eb:bf:d5:62:df:36:a6:c7:4b:17:f6:b4:a5:77:
         74:4a:bf:91:f1:f8:87:5c:04:2a:c9:b5:f4:1b:a7:75:b0:f5:
         31:9b:2e:62:e1:97:38:4e:17:66:ae:f9:e0:63:8a:2c:79:04:
         0d:42:35:ed:04:c8:2f:35:78:b8:28:54:b3:5c:09:01:a0:fc:
         de:25:12:06:17:4a:63:5f:74:d6:c4:42:4a:d2:76:2c:02:79:
         16:02:ad:41:64:a6:db:64:5c:60:62:4b:5b:fb:27:74:32:92:
         9c:fd:8b:b9:2c:7a:c0:1c:2f:32:f1:00:ea:66:06:93:fa:c1:
         98:83:c4:10:ef:bc:4d:e4:67:ee:de:f9:9a:d3:da:9c:1f:99:
         a0:16:1d:2a:25:25:d7:6c:b0:43:27:27:dc:45:54:84:b6:e4:
         11:b2:59:29:93:9f:9b:f7:e2:17:bf:7a:8e:65:5c:e8:4b:2f:
         d1:bb:cd:5e:b2:38:24:57:cd:b4:43:9e:22:00:b9:76:f2:61:
         05:87:ae:11
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUHr9RWrdO6OONG4jprBACXyyuQ9YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIxMTAwWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDEwOTMwMDcxNzJjY2ExOGRkYmNhNWNhNTNiZTRmNTEx
Zjc0ZTRmN2M1ZTdjMjU2MjNlM2U5ZjJjMTdjMTc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzIgkdh4tthLDEVzU5T1uTp9h86pdqJbIJskDHg9123vvR
rL09NCY/Qbh9/AuuiVWr5IyElr7K+lHbGWPs8YGYRz9irVlR5gM/5pTKL0AfIAco
N/ZJD14MvJndEgPP0Vdb7VdEJ4Hn1EdR+6gFsCnkBafCt+k2r8VAMa/O0fX/u+Ds
SMqlYpkz+lH7Zguf9R3nAjbDwZwWWFWeZg0FOOPZThs+75bVSj3xFGIHg9aYbsJP
AMhrasdmq7Mcz+4Bkh6iCQFiazcaIfqktUbzGMpOT5jvYyR8A5OQXvtndny/E1Aw
Ywkh9OGbhMDI+XsTfyWC91CwaOlRB5ZhtzREz8lvAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUrhNLGsVI+1Xnwy5vFOPTk3T3ptkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiMGUxMGMyLWI3ZTQtNDcxNS04M2Y3LWExMzQ1NjIyMWJiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/yNIAwDQYJKoZIhvcNAQELBQADggEBAFD7HRZ4ZDK1D5+gbnGAdMOe
2rYhjZJcIPvmOz8WCmWTPxWVPD+jSp5btUg/gfq44Lsj/lVxaoardXLrv9Vi3zam
x0sX9rSld3RKv5Hx+IdcBCrJtfQbp3Ww9TGbLmLhlzhOF2au+eBjiix5BA1CNe0E
yC81eLgoVLNcCQGg/N4lEgYXSmNfdNbEQkrSdiwCeRYCrUFkpttkXGBiS1v7J3Qy
kpz9i7ksesAcLzLxAOpmBpP6wZiDxBDvvE3kZ+7e+ZrT2pwfmaAWHSolJddssEMn
J9xFVIS25BGyWSmTn5v34he/eo5lXOhLL9G7zV6yOCRXzbRDniIAuXbyYQWHrhE=
-----END CERTIFICATE-----