Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497c9f23-488b-464c-a6a0-2f9cf9d7daeb.roa
File:                     497c9f23-488b-464c-a6a0-2f9cf9d7daeb.roa (raw, json)
Hash identifier:          POt/XB1a0TR01I9wBLmIrzcZ+aRsKh3P9aIFr7RMjPg=
Subject key identifier:   CF:7E:FA:21:12:D2:CF:4D:47:A9:B7:5B:69:B2:91:E3:67:AF:D5:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28A312DFA8DB983CD85CFD6FF2518F26ED90FF0D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497c9f23-488b-464c-a6a0-2f9cf9d7daeb.roa
Signing time:             Wed 12 Nov 2025 02:30:11 +0000
ROA not before:           Wed 12 Nov 2025 02:30:11 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:c080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:a3:12:df:a8:db:98:3c:d8:5c:fd:6f:f2:51:8f:26:ed:90:ff:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:30:11 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=71cff664fb8d1a35200736b1db2d400ef10ea11c490b13f589b86e3f8882edea, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ed:fd:e7:e2:52:3c:1d:a9:31:ef:79:9b:34:
                    c9:ea:4f:17:1a:b0:b4:66:f7:47:88:a8:f4:2a:d5:
                    43:38:78:7c:2a:dc:c8:72:fc:70:d3:7a:2d:ad:7d:
                    26:43:c4:cd:28:92:a7:b3:04:3a:bc:43:35:f6:78:
                    6b:4f:b3:55:41:f9:19:7e:c2:24:15:91:de:48:4a:
                    8e:fe:a4:0a:d9:8d:a7:3c:1e:92:2a:3d:72:93:c1:
                    d7:5e:5d:e1:46:16:0d:12:47:25:72:2d:ca:c2:96:
                    72:25:a1:c5:a2:55:27:28:a6:a3:6b:23:47:6f:66:
                    36:fb:5c:4a:68:0b:0e:b8:c9:d0:4a:4e:24:e3:1e:
                    d9:d3:27:79:24:e5:2a:14:7c:25:75:72:cf:48:2a:
                    75:65:24:84:75:50:f4:16:ab:a7:91:95:05:28:a3:
                    c6:5e:e2:69:7d:40:44:02:7b:41:00:ee:61:b6:62:
                    e8:8f:47:e7:20:ce:28:cb:29:17:83:94:e9:a5:9c:
                    68:40:46:a4:29:02:62:d0:b3:2b:2e:02:f7:6d:6a:
                    39:eb:88:40:a7:ee:e2:49:74:18:9b:26:f2:f6:d7:
                    12:6c:23:f8:8e:3a:47:0f:b0:d2:7d:f4:0f:a9:9b:
                    db:92:68:69:c1:d6:0e:b2:5a:3f:18:1d:a5:97:d1:
                    af:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7E:FA:21:12:D2:CF:4D:47:A9:B7:5B:69:B2:91:E3:67:AF:D5:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497c9f23-488b-464c-a6a0-2f9cf9d7daeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:c080::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:c5:02:5b:37:20:09:06:2c:2d:5f:ed:37:6b:c5:1e:65:2e:
         8f:2e:8d:91:24:66:72:a9:69:f9:2d:2b:71:9b:e1:27:c7:05:
         ed:23:87:a0:c5:55:3f:31:95:43:ae:d0:8c:24:e7:15:7e:f5:
         ff:57:10:f6:7c:49:1e:ec:62:e0:03:e1:63:5d:eb:cf:e6:3d:
         9b:e8:06:b3:3d:ac:67:42:4e:32:d3:80:77:f1:55:cc:c0:fe:
         69:f0:02:ec:a7:08:39:48:e1:a6:34:df:c4:13:bb:0a:0b:8b:
         b1:5c:16:fa:38:fc:82:53:be:a8:6f:07:3a:a7:7c:ce:e9:e1:
         29:b0:ce:56:59:22:4d:72:48:45:63:b0:e0:47:4d:0f:d2:b7:
         f1:e3:38:9d:f0:b6:0e:bd:bc:ce:12:de:2f:54:18:53:89:c8:
         9b:ed:88:6d:26:8f:26:b5:b9:c7:86:4e:68:79:ac:7a:f4:d8:
         72:90:24:91:b3:dd:1d:cc:b1:09:0b:5e:74:30:8f:90:fa:93:
         a9:ce:ef:f6:e8:29:19:6e:c8:40:4c:4f:69:24:29:d0:08:32:
         cd:79:1f:09:bf:00:2d:4a:26:d0:f6:b0:20:28:70:6a:fe:b6:
         40:84:57:f9:70:7b:2e:75:72:ec:9e:55:72:66:d9:98:9a:1a:
         0a:02:68:db
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKKMS36jbmDzYXP1v8lGPJu2Q/w0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIzMDExWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWNmZjY2NGZiOGQxYTM1MjAwNzM2YjFkYjJkNDAwZWYx
MGVhMTFjNDkwYjEzZjU4OWI4NmUzZjg4ODJlZGVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDj7f3n4lI8Hakx73mbNMnqTxcasLRm90eIqPQq1UM4eHwq
3Mhy/HDTei2tfSZDxM0okqezBDq8QzX2eGtPs1VB+Rl+wiQVkd5ISo7+pArZjac8
HpIqPXKTwddeXeFGFg0SRyVyLcrClnIlocWiVScopqNrI0dvZjb7XEpoCw64ydBK
TiTjHtnTJ3kk5SoUfCV1cs9IKnVlJIR1UPQWq6eRlQUoo8Ze4ml9QEQCe0EA7mG2
YuiPR+cgzijLKReDlOmlnGhARqQpAmLQsysuAvdtajnriECn7uJJdBibJvL21xJs
I/iOOkcPsNJ99A+pm9uSaGnB1g6yWj8YHaWX0a89AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUz376IRLSz01HqbdbabKR42ev1SMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5N2M5ZjIzLTQ4OGItNDY0Yy1hNmEwLTJmOWNmOWQ3ZGFlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/ywIAwDQYJKoZIhvcNAQELBQADggEBAEvFAls3IAkGLC1f7TdrxR5l
Lo8ujZEkZnKpafktK3Gb4SfHBe0jh6DFVT8xlUOu0Iwk5xV+9f9XEPZ8SR7sYuAD
4WNd68/mPZvoBrM9rGdCTjLTgHfxVczA/mnwAuynCDlI4aY038QTuwoLi7FcFvo4
/IJTvqhvBzqnfM7p4SmwzlZZIk1ySEVjsOBHTQ/St/HjOJ3wtg69vM4S3i9UGFOJ
yJvtiG0mjya1uceGTmh5rHr02HKQJJGz3R3MsQkLXnQwj5D6k6nO7/boKRluyEBM
T2kkKdAIMs15Hwm/AC1KJtD2sCAocGr+tkCEV/lwey51cuyeVXJm2ZiaGgoCaNs=
-----END CERTIFICATE-----