Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38c20ad1-4940-457a-a8c7-c8e8609575d6.roa
File:                     38c20ad1-4940-457a-a8c7-c8e8609575d6.roa (raw, json)
Hash identifier:          BZ3HWEy5fnl/sTUmDIoEFfuZdYzNDWgNxIBxSb5l3P4=
Subject key identifier:   C7:2F:E0:FC:0D:6C:11:48:3D:66:37:04:92:97:93:AF:81:39:3A:02
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       278EBF9D001B402C1E50D35843652E7D1ACC5738
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38c20ad1-4940-457a-a8c7-c8e8609575d6.roa
Signing time:             Tue 11 Nov 2025 01:32:15 +0000
ROA not before:           Tue 11 Nov 2025 01:32:15 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:8060::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:8e:bf:9d:00:1b:40:2c:1e:50:d3:58:43:65:2e:7d:1a:cc:57:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:32:15 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=1f14522903f276f733d01974689bf53950cff631f1a9898278db977713f3a311, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:86:16:5d:9c:0d:ce:57:f3:7d:ef:a1:be:5a:
                    5e:9f:24:30:9f:72:57:f2:80:8a:d6:47:fb:b2:7f:
                    16:e7:1a:01:83:70:e9:9b:67:78:75:c9:34:e0:d7:
                    64:31:1a:b2:dc:11:fa:a4:e3:1e:b5:a1:7d:1e:fc:
                    84:cb:c6:ee:7f:2f:48:76:7c:d8:cb:30:75:99:35:
                    5c:1d:73:6c:d4:2f:b8:9d:71:a5:25:70:7b:85:b6:
                    ee:8b:00:98:6e:95:77:70:10:40:14:a3:25:4d:f5:
                    b6:e5:f7:58:26:91:4f:ca:cf:b1:85:6d:be:a6:69:
                    1b:86:be:e3:ed:fa:c0:9f:a2:85:8f:ca:0b:23:54:
                    89:0a:36:f5:84:e5:4b:fb:4a:e7:80:10:24:35:97:
                    fd:51:42:57:bb:a0:c2:d6:f7:e4:f0:39:d0:a7:ec:
                    9a:43:52:f4:59:39:74:c3:cd:e4:19:dd:23:ba:eb:
                    e6:f7:e9:d3:ac:ca:00:e7:c2:3a:2c:00:85:8c:05:
                    83:d9:dc:50:11:4e:f4:1e:ac:84:b1:5b:11:44:57:
                    49:13:bf:08:c6:a9:c4:66:39:60:f4:e8:dd:96:30:
                    3c:f1:6b:14:70:c5:a4:14:3a:78:7f:cd:a3:df:d7:
                    d6:66:ee:3b:5d:d5:6d:df:f0:f4:f9:30:d6:7b:a5:
                    e0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2F:E0:FC:0D:6C:11:48:3D:66:37:04:92:97:93:AF:81:39:3A:02
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38c20ad1-4940-457a-a8c7-c8e8609575d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:8060::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:68:16:cc:46:6e:fb:03:3c:42:d3:94:81:a6:f1:b4:08:71:
         d2:b8:44:bd:dd:36:2b:7d:5f:2f:89:7a:9c:32:ce:04:9f:5b:
         34:f2:dd:19:80:c3:87:6b:91:8e:cb:df:f1:62:6d:9b:79:bd:
         b3:66:70:93:24:8d:05:48:7e:a6:dd:72:d5:7c:ff:95:fc:f3:
         ee:78:15:ce:d3:3a:df:e9:6d:b7:92:58:6f:fa:fb:5d:ca:20:
         eb:72:02:71:01:3a:39:7d:ce:0f:3a:1d:c5:9e:29:11:cb:80:
         c2:e0:d2:29:15:a5:e9:bd:58:5c:22:3f:d5:e3:00:81:1f:66:
         c2:8b:33:ef:78:53:e3:da:93:6a:a8:38:6e:f1:45:a9:10:f9:
         d7:c4:41:84:39:87:1d:8e:0f:03:67:0f:cd:9f:51:ce:12:72:
         ed:20:09:e6:e0:be:eb:2d:cb:34:fb:d8:28:f8:e6:5e:5e:fe:
         c6:b4:5b:33:0e:a9:17:94:af:d1:b6:e8:99:e0:7d:6f:95:01:
         fd:3d:a3:a9:8e:1b:c1:5d:36:c5:b6:d8:b6:a1:e1:63:49:21:
         6b:1b:43:50:be:0a:ce:12:7b:0d:78:a2:e2:e4:81:9f:8f:09:
         2c:c4:89:b4:3a:24:70:68:10:ee:47:ba:e3:6a:a6:df:89:02:
         58:6d:88:4c
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJ46/nQAbQCweUNNYQ2UufRrMVzgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEzMjE1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjE0NTIyOTAzZjI3NmY3MzNkMDE5NzQ2ODliZjUzOTUw
Y2ZmNjMxZjFhOTg5ODI3OGRiOTc3NzEzZjNhMzExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRhhZdnA3OV/N976G+Wl6fJDCfclfygIrWR/uyfxbnGgGD
cOmbZ3h1yTTg12QxGrLcEfqk4x61oX0e/ITLxu5/L0h2fNjLMHWZNVwdc2zUL7id
caUlcHuFtu6LAJhulXdwEEAUoyVN9bbl91gmkU/Kz7GFbb6maRuGvuPt+sCfooWP
ygsjVIkKNvWE5Uv7SueAECQ1l/1RQle7oMLW9+TwOdCn7JpDUvRZOXTDzeQZ3SO6
6+b36dOsygDnwjosAIWMBYPZ3FARTvQerISxWxFEV0kTvwjGqcRmOWD06N2WMDzx
axRwxaQUOnh/zaPf19Zm7jtd1W3f8PT5MNZ7peBZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUxy/g/A1sEUg9ZjcEkpeTr4E5OgIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4YzIwYWQxLTQ5NDAtNDU3YS1hOGM3LWM4ZTg2MDk1NzVkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84gGAwDQYJKoZIhvcNAQELBQADggEBAE5oFsxGbvsDPELTlIGm8bQI
cdK4RL3dNit9Xy+JepwyzgSfWzTy3RmAw4drkY7L3/FibZt5vbNmcJMkjQVIfqbd
ctV8/5X88+54Fc7TOt/pbbeSWG/6+13KIOtyAnEBOjl9zg86HcWeKRHLgMLg0ikV
pem9WFwiP9XjAIEfZsKLM+94U+Pak2qoOG7xRakQ+dfEQYQ5hx2ODwNnD82fUc4S
cu0gCebgvustyzT72Cj45l5e/sa0WzMOqReUr9G26JngfW+VAf09o6mOG8FdNsW2
2Lah4WNJIWsbQ1C+Cs4Sew14ouLkgZ+PCSzEibQ6JHBoEO5HuuNqpt+JAlhtiEw=
-----END CERTIFICATE-----