Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db5e928-de62-49bc-a803-dc9b3ce29b28.roa
File:                     2db5e928-de62-49bc-a803-dc9b3ce29b28.roa (raw, json)
Hash identifier:          gQyPNjnI34C3FSlTgtsjSw4N/74GOctU07MLCQQrdIs=
Subject key identifier:   3F:5E:5F:2B:C2:FB:02:C8:6D:05:AF:8E:BD:3F:8C:88:F0:77:1C:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       391D1509ED3706B987743A1663CA257A38DB3D43
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db5e928-de62-49bc-a803-dc9b3ce29b28.roa
Signing time:             Tue 11 Nov 2025 01:51:00 +0000
ROA not before:           Tue 11 Nov 2025 01:51:00 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:60c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:1d:15:09:ed:37:06:b9:87:74:3a:16:63:ca:25:7a:38:db:3d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:51:00 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=81f78c01dfb2889d226e4191c5ee3390a020da3384086824eb42398a0739def4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:91:e8:3f:b2:8d:06:42:e3:13:f4:d6:b2:51:
                    f7:94:e8:00:2b:e1:9c:6d:22:29:eb:d9:6d:5c:0a:
                    1a:7a:6f:d3:62:c6:bc:b1:0d:e6:62:2d:85:fa:1f:
                    98:62:d1:51:f2:b7:ed:b0:e7:79:bb:e7:39:da:52:
                    87:f7:23:c9:4c:7e:22:44:b1:19:6c:55:5f:1d:df:
                    a3:77:fe:13:64:92:8d:dc:e2:64:4d:0a:1b:bf:54:
                    d5:b1:f8:3e:19:cd:5a:67:6b:ad:18:52:7b:22:17:
                    44:8b:b2:f5:24:51:aa:c5:ee:24:5c:f3:79:96:0f:
                    68:db:e9:05:3d:62:64:11:aa:67:51:ec:15:b5:c6:
                    ce:4d:77:57:3e:b9:25:cc:bf:0a:ab:e2:00:5d:bc:
                    ce:40:0a:84:ac:d1:05:44:6c:4f:64:ff:c3:e4:66:
                    a1:0b:c0:e7:10:be:ab:e9:4f:76:c7:92:1f:63:6b:
                    1c:86:11:80:da:ca:63:9b:b0:ec:25:df:91:62:3e:
                    92:96:ef:2a:b1:d6:66:4d:3c:a4:33:6c:9c:07:c5:
                    d9:b2:1d:4b:9d:87:89:7b:d1:dd:35:35:ac:72:8b:
                    b0:38:54:d3:f4:8a:9f:14:b1:d4:59:11:f1:74:7c:
                    ad:99:8a:b3:54:f5:1b:e4:b5:ad:06:e0:56:84:31:
                    94:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5E:5F:2B:C2:FB:02:C8:6D:05:AF:8E:BD:3F:8C:88:F0:77:1C:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db5e928-de62-49bc-a803-dc9b3ce29b28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:60c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:b3:4f:7f:f9:c7:10:9f:a9:5a:da:13:bd:e4:33:1e:f5:28:
         53:25:97:a0:56:b1:fb:88:08:60:c4:c1:7d:6c:87:33:00:0b:
         19:a3:25:00:5e:c0:18:bb:a2:fb:5f:74:6b:72:76:c8:43:d7:
         e8:18:a6:73:ca:f9:a2:51:cc:2c:5d:9f:fa:b0:2e:a9:de:67:
         6f:10:bf:ec:18:d0:ba:3a:e4:f3:e4:69:e6:35:77:72:d5:08:
         bb:a8:54:a3:35:19:da:35:5a:85:15:f9:a2:cb:f4:ea:2d:26:
         bf:eb:cb:ba:7f:88:7b:28:c8:47:10:9d:80:f0:71:86:0a:f5:
         c5:60:8b:99:47:3e:d2:ed:68:76:76:8c:bd:ad:d4:76:89:22:
         ae:7c:c3:d7:d0:32:95:48:b5:93:cb:09:98:bc:f8:8c:1f:ca:
         44:e9:cc:ff:db:5a:f3:24:00:7a:f2:58:0b:72:38:c2:92:de:
         9d:ec:11:90:9d:99:10:44:0d:e8:f9:ab:65:b2:2a:6f:63:7d:
         ba:b3:67:d3:17:de:66:08:2e:5f:81:68:6a:0e:e5:f7:e2:89:
         61:f0:4c:79:a8:1a:7c:43:a1:22:fe:79:03:74:e6:08:33:79:
         de:5c:cc:c5:81:d4:96:ce:f0:5c:d4:d4:93:bd:d8:5f:4a:5f:
         20:fb:51:be
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUOR0VCe03BrmHdDoWY8olejjbPUMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDE1MTAwWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MWY3OGMwMWRmYjI4ODlkMjI2ZTQxOTFjNWVlMzM5MGEw
MjBkYTMzODQwODY4MjRlYjQyMzk4YTA3MzlkZWY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCkeg/so0GQuMT9NayUfeU6AAr4ZxtIinr2W1cChp6b9Ni
xryxDeZiLYX6H5hi0VHyt+2w53m75znaUof3I8lMfiJEsRlsVV8d36N3/hNkko3c
4mRNChu/VNWx+D4ZzVpna60YUnsiF0SLsvUkUarF7iRc83mWD2jb6QU9YmQRqmdR
7BW1xs5Nd1c+uSXMvwqr4gBdvM5ACoSs0QVEbE9k/8PkZqELwOcQvqvpT3bHkh9j
axyGEYDaymObsOwl35FiPpKW7yqx1mZNPKQzbJwHxdmyHUudh4l70d01Naxyi7A4
VNP0ip8UsdRZEfF0fK2ZirNU9Rvkta0G4FaEMZSbAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUP15fK8L7AshtBa+OvT+MiPB3HAwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkYjVlOTI4LWRlNjItNDliYy1hODAzLWRjOWIzY2UyOWIyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84YMAwDQYJKoZIhvcNAQELBQADggEBAD+zT3/5xxCfqVraE73kMx71
KFMll6BWsfuICGDEwX1shzMACxmjJQBewBi7ovtfdGtydshD1+gYpnPK+aJRzCxd
n/qwLqneZ28Qv+wY0Lo65PPkaeY1d3LVCLuoVKM1Gdo1WoUV+aLL9OotJr/ry7p/
iHsoyEcQnYDwcYYK9cVgi5lHPtLtaHZ2jL2t1HaJIq58w9fQMpVItZPLCZi8+Iwf
ykTpzP/bWvMkAHryWAtyOMKS3p3sEZCdmRBEDej5q2WyKm9jfbqzZ9MX3mYILl+B
aGoO5ffiiWHwTHmoGnxDoSL+eQN05ggzed5czMWB1JbO8FzU1JO92F9KXyD7Ub4=
-----END CERTIFICATE-----