Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34dc4c52-43f8-48b7-973b-e597eb697f23.roa
File:                     34dc4c52-43f8-48b7-973b-e597eb697f23.roa (raw, json)
Hash identifier:          k7XyiSsvMsC1JpvZ1Xoo+dhjqoXv+cR7MVaCo0PnjMc=
Subject key identifier:   AA:62:E3:00:5B:32:1E:37:A4:D9:2B:00:45:FA:D9:D7:A6:E5:F2:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D29157BD301B1528BC0B964524E16BA0F65E7EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34dc4c52-43f8-48b7-973b-e597eb697f23.roa
Signing time:             Tue 11 Nov 2025 00:20:47 +0000
ROA not before:           Tue 11 Nov 2025 00:20:47 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:8080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:29:15:7b:d3:01:b1:52:8b:c0:b9:64:52:4e:16:ba:0f:65:e7:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:20:47 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=a6c278b7c9b2a2b7bf52cb24e5820501ec210c8a7dd7cb9fee3ddd679e968d32, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:17:c8:f9:83:2c:89:25:d9:24:b3:47:9a:dc:
                    58:5b:4e:46:e8:76:c9:40:38:d1:5d:84:74:56:40:
                    8f:ff:ce:1b:82:63:01:c4:86:49:05:ce:83:6f:59:
                    97:0e:01:28:ed:c4:f6:23:7b:6b:36:2e:82:52:09:
                    57:da:69:fd:a4:af:61:c1:1a:44:85:c1:70:bf:21:
                    b0:56:ff:49:43:67:06:55:49:3a:91:f6:d9:83:e5:
                    90:85:68:5f:70:7b:ce:d0:a6:88:c0:20:31:b3:0e:
                    1c:d5:3c:68:a0:ac:09:bf:46:51:bd:b7:e2:1e:77:
                    db:d5:90:d9:fb:8c:b3:19:31:cb:a7:eb:1b:d1:0b:
                    8d:ea:79:e6:1f:b4:93:f3:dd:d6:7f:62:6a:39:bd:
                    1f:9c:d7:62:72:8a:7a:08:15:67:0c:f7:41:51:11:
                    50:88:33:64:81:87:88:15:d0:19:10:a3:ef:1e:6e:
                    98:02:69:fb:fa:61:55:a7:75:a9:c6:bb:35:72:c6:
                    03:6a:05:64:d3:18:06:5c:b1:c1:2e:40:e2:b5:8e:
                    96:41:76:87:5b:e6:25:a9:d5:70:14:a7:7e:7d:d0:
                    1d:a6:96:b8:d7:89:16:4c:c3:23:cd:9d:96:cf:0e:
                    34:2d:34:1c:51:3e:15:7e:f4:88:5b:9b:f5:ae:6b:
                    43:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:62:E3:00:5B:32:1E:37:A4:D9:2B:00:45:FA:D9:D7:A6:E5:F2:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34dc4c52-43f8-48b7-973b-e597eb697f23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:8080::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:7e:c5:77:60:12:78:40:55:3b:60:db:c1:76:cb:50:74:c5:
         a7:45:02:c0:6c:01:e8:d9:9a:c6:e4:9a:bb:2f:41:74:1a:63:
         95:65:6e:81:fb:87:4c:44:b2:b7:a2:b1:96:7e:c7:83:77:93:
         06:70:26:f9:20:4e:6b:3f:c6:c1:d1:2f:d1:77:eb:9d:11:5c:
         4a:97:d8:12:60:13:9e:9f:57:a7:1f:f0:a9:88:65:63:44:e4:
         25:0b:36:e9:6e:c1:dd:94:f6:f9:8e:1d:87:64:3f:bb:d7:bb:
         51:52:a4:1c:4a:35:d7:e4:88:af:d4:67:c2:2a:c1:12:39:48:
         bc:fb:65:05:80:68:a8:98:fb:a0:f7:c2:5f:a7:b7:d4:15:b4:
         07:16:e7:a4:1d:56:6c:67:4f:6e:a0:22:85:50:57:cd:05:62:
         9c:f0:80:37:60:64:0e:38:0c:a2:a7:b9:e4:bc:ec:67:0b:fe:
         7a:f8:00:6c:93:c0:01:42:95:a2:ff:26:2d:b4:d1:0a:e2:f6:
         20:da:63:fb:04:97:22:13:3b:93:34:8d:63:30:72:97:e8:80:
         a2:27:d4:a9:4f:27:89:a8:06:5c:f5:2c:d1:59:06:7f:98:4a:
         ea:d8:a0:99:4f:67:3a:a5:b9:44:7c:7a:a9:18:8f:af:8a:6f:
         b3:7a:00:5f
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUHSkVe9MBsVKLwLlkUk4Wug9l5+owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDAyMDQ3WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNmMyNzhiN2M5YjJhMmI3YmY1MmNiMjRlNTgyMDUwMWVj
MjEwYzhhN2RkN2NiOWZlZTNkZGQ2NzllOTY4ZDMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuF8j5gyyJJdkks0ea3FhbTkbodslAONFdhHRWQI//zhuC
YwHEhkkFzoNvWZcOASjtxPYje2s2LoJSCVfaaf2kr2HBGkSFwXC/IbBW/0lDZwZV
STqR9tmD5ZCFaF9we87QpojAIDGzDhzVPGigrAm/RlG9t+Ied9vVkNn7jLMZMcun
6xvRC43qeeYftJPz3dZ/Ymo5vR+c12JyinoIFWcM90FREVCIM2SBh4gV0BkQo+8e
bpgCafv6YVWndanGuzVyxgNqBWTTGAZcscEuQOK1jpZBdodb5iWp1XAUp3590B2m
lrjXiRZMwyPNnZbPDjQtNBxRPhV+9Ihbm/Wua0PzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUqmLjAFsyHjek2SsARfrZ16bl8s0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0ZGM0YzUyLTQzZjgtNDhiNy05NzNiLWU1OTdlYjY5N2YyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84gIAwDQYJKoZIhvcNAQELBQADggEBAFB+xXdgEnhAVTtg28F2y1B0
xadFAsBsAejZmsbkmrsvQXQaY5VlboH7h0xEsreisZZ+x4N3kwZwJvkgTms/xsHR
L9F3650RXEqX2BJgE56fV6cf8KmIZWNE5CULNuluwd2U9vmOHYdkP7vXu1FSpBxK
NdfkiK/UZ8IqwRI5SLz7ZQWAaKiY+6D3wl+nt9QVtAcW56QdVmxnT26gIoVQV80F
YpzwgDdgZA44DKKnueS87GcL/nr4AGyTwAFClaL/Ji200Qri9iDaY/sElyITO5M0
jWMwcpfogKIn1KlPJ4moBlz1LNFZBn+YSurYoJlPZzqluUR8eqkYj6+Kb7N6AF8=
-----END CERTIFICATE-----