Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49cb767a-aa41-47fb-9d8f-2b7b02b47981.roa
File:                     49cb767a-aa41-47fb-9d8f-2b7b02b47981.roa (raw, json)
Hash identifier:          HKHvbUI66CAMiYSIMIQq1h4RQeutJZ9kQNvxTeQVvCA=
Subject key identifier:   FA:CC:B2:D3:24:7B:5E:FD:22:C0:9A:76:FA:18:8A:AD:06:A1:BF:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5840E0316485FB59160240AD5B70323EB1BC4CB6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49cb767a-aa41-47fb-9d8f-2b7b02b47981.roa
Signing time:             Wed 12 Nov 2025 02:00:33 +0000
ROA not before:           Wed 12 Nov 2025 02:00:33 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff5:8000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:40:e0:31:64:85:fb:59:16:02:40:ad:5b:70:32:3e:b1:bc:4c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:00:33 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=0de57c0385ec771c43ffcddcdbd2d98d1f7e9de8967f80d8e0d82d858a765e9a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:92:97:9f:c7:a8:93:56:45:f1:df:99:8e:98:
                    e2:63:6e:d8:b4:44:8f:19:2a:57:e1:b0:4c:6e:c5:
                    30:9d:fb:e5:9f:95:de:15:63:40:8e:09:c2:5b:a4:
                    c6:77:97:80:2d:14:2f:aa:25:2d:50:e2:65:76:20:
                    63:de:0f:f6:d1:bb:d9:42:66:5d:f6:1d:92:79:39:
                    2c:87:29:8f:a1:2a:b8:91:84:d2:05:1a:bf:53:8a:
                    4a:a8:b7:ca:d6:fd:fe:11:ae:d7:13:10:ea:90:33:
                    81:cd:e2:34:18:7a:79:78:62:5a:06:29:c3:3c:06:
                    26:d9:b5:90:66:ff:09:32:3d:81:93:49:c5:5e:31:
                    d8:d6:16:cf:16:9c:17:e1:3e:91:b0:7e:bd:98:d5:
                    94:f0:3f:a4:e1:b6:19:8e:f2:8d:c2:87:af:b2:7a:
                    cf:3b:50:44:39:16:ba:5a:4d:37:fe:61:8e:b9:bf:
                    94:7b:3a:19:c4:c7:f2:65:de:9d:90:62:5d:bc:6b:
                    54:d7:4f:12:92:74:cc:ae:e5:ad:d8:22:4c:e1:27:
                    45:d6:3c:8b:f2:87:66:90:0b:51:01:0c:fb:12:f6:
                    28:70:3c:0c:71:5b:6d:3b:4f:56:5e:4d:1f:c0:ad:
                    8c:0f:16:f9:dc:e1:a7:7b:63:91:61:a0:77:28:d0:
                    19:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:CC:B2:D3:24:7B:5E:FD:22:C0:9A:76:FA:18:8A:AD:06:A1:BF:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49cb767a-aa41-47fb-9d8f-2b7b02b47981.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         cf:4d:8c:ff:01:d9:c5:fd:66:72:94:dd:10:ce:13:33:6b:f4:
         61:b4:7e:e6:7a:b7:66:bd:63:9f:a6:c3:70:65:01:a8:10:32:
         f0:12:9f:a3:08:7f:c8:9d:10:bd:e7:8a:70:0e:74:4d:0a:3f:
         9d:bd:04:0c:1b:a4:cd:fb:b7:5b:8a:00:3a:cc:2d:3d:dc:f0:
         3a:50:59:4f:c4:48:af:3e:af:39:29:a8:46:e1:24:4e:78:a0:
         0b:13:c6:41:55:ec:d0:df:ba:15:ff:42:0d:f5:9e:dc:87:32:
         63:e5:d5:4f:f4:b6:07:7c:5e:2f:da:4f:5a:b6:9d:a5:52:2f:
         23:4b:92:ca:04:11:53:b0:6a:b8:eb:69:e5:a6:ce:5b:00:ec:
         31:92:36:11:08:38:58:98:84:4a:da:c0:33:bf:a5:80:d5:f4:
         ce:12:24:9b:af:bd:eb:ea:01:15:6b:b8:2d:bc:bc:5a:63:56:
         7a:c3:a5:87:56:ec:d0:ab:6a:c4:71:68:b8:11:9e:6d:29:c4:
         b1:9b:eb:37:61:fc:45:e0:01:09:96:52:93:d9:28:69:5e:de:
         83:1a:a9:47:8b:5e:46:64:a0:88:55:01:3a:93:df:22:9f:b8:
         9b:ad:c2:c0:e9:7c:49:1e:4a:27:db:57:b3:90:36:5c:74:65:
         23:e3:9c:f0
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUWEDgMWSF+1kWAkCtW3AyPrG8TLYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIwMDMzWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGU1N2MwMzg1ZWM3NzFjNDNmZmNkZGNkYmQyZDk4ZDFm
N2U5ZGU4OTY3ZjgwZDhlMGQ4MmQ4NThhNzY1ZTlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSkpefx6iTVkXx35mOmOJjbti0RI8ZKlfhsExuxTCd++Wf
ld4VY0COCcJbpMZ3l4AtFC+qJS1Q4mV2IGPeD/bRu9lCZl32HZJ5OSyHKY+hKriR
hNIFGr9Tikqot8rW/f4RrtcTEOqQM4HN4jQYenl4YloGKcM8BibZtZBm/wkyPYGT
ScVeMdjWFs8WnBfhPpGwfr2Y1ZTwP6ThthmO8o3Ch6+yes87UEQ5FrpaTTf+YY65
v5R7OhnEx/Jl3p2QYl28a1TXTxKSdMyu5a3YIkzhJ0XWPIvyh2aQC1EBDPsS9ihw
PAxxW207T1ZeTR/ArYwPFvnc4ad7Y5FhoHco0BmbAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU+syy0yR7Xv0iwJp2+hiKrQahv8swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5Y2I3NjdhLWFhNDEtNDdmYi05ZDhmLTJiN2IwMmI0Nzk4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/1gDANBgkqhkiG9w0BAQsFAAOCAQEAz02M/wHZxf1mcpTdEM4TM2v0
YbR+5nq3Zr1jn6bDcGUBqBAy8BKfowh/yJ0QveeKcA50TQo/nb0EDBukzfu3W4oA
OswtPdzwOlBZT8RIrz6vOSmoRuEkTnigCxPGQVXs0N+6Ff9CDfWe3IcyY+XVT/S2
B3xeL9pPWradpVIvI0uSygQRU7BquOtp5abOWwDsMZI2EQg4WJiEStrAM7+lgNX0
zhIkm6+96+oBFWu4Lby8WmNWesOlh1bs0KtqxHFouBGebSnEsZvrN2H8ReABCZZS
k9koaV7egxqpR4teRmSgiFUBOpPfIp+4m63CwOl8SR5KJ9tXs5A2XHRlI+Oc8A==
-----END CERTIFICATE-----