Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a139d9b-2edc-4d9b-83ad-730bb081e4cc.roa
File:                     4a139d9b-2edc-4d9b-83ad-730bb081e4cc.roa (raw, json)
Hash identifier:          LK8HJlZOOcKLD8i2CX40xd07Bv6uAm83eU8rilTcDuY=
Subject key identifier:   8F:7F:C4:77:8F:EE:4A:A9:8E:A7:32:49:3E:60:44:06:78:1B:32:B9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       166CDCBFCD0FA160AE53653FEA4821190E9C01C3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a139d9b-2edc-4d9b-83ad-730bb081e4cc.roa
Signing time:             Tue 11 Nov 2025 00:50:15 +0000
ROA not before:           Tue 11 Nov 2025 00:50:15 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:8066::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:6c:dc:bf:cd:0f:a1:60:ae:53:65:3f:ea:48:21:19:0e:9c:01:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:50:15 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=21e5dd5b8b2de357ce730747f5dc759168eae8525c8af4591abcf99f62187313, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:04:cf:9a:0b:21:88:74:c1:45:c6:cf:49:6f:
                    dc:be:5e:5d:d5:77:86:e7:24:03:a8:de:d5:21:b5:
                    79:b1:e9:c7:23:54:50:7c:bb:22:b3:83:56:00:74:
                    b7:01:2f:de:a1:4d:c0:0c:8c:f3:6d:6b:cf:f6:22:
                    49:cf:43:3e:ef:bb:32:07:97:d3:a5:d7:b8:9d:74:
                    e4:11:4e:01:1e:aa:cf:fa:f1:a8:a4:21:1d:60:43:
                    88:91:4b:6c:34:8c:e6:eb:b9:35:fe:2a:f9:b9:df:
                    e3:48:be:9d:e6:17:76:5c:b1:e5:0e:84:29:9f:32:
                    c8:86:37:70:5c:a2:c0:f1:3b:49:c9:b7:fa:f6:b7:
                    8d:2a:08:25:75:57:b4:c7:95:05:e6:44:d7:60:3a:
                    e1:f5:9a:09:eb:02:4f:ce:0e:ce:d5:78:7c:96:2c:
                    25:80:6c:f9:a7:6b:75:ff:f6:a9:4f:b1:d1:22:b6:
                    ab:1d:d7:c9:17:5f:77:57:73:b2:94:5d:40:8e:be:
                    27:71:47:70:36:56:64:82:9b:ba:04:9b:3e:4a:b8:
                    b2:d5:f1:31:85:e0:73:e9:64:ce:ab:72:80:1e:7e:
                    17:ef:88:8d:4b:88:d2:6f:1d:4c:f0:04:25:56:b6:
                    c7:2c:9f:c8:17:4a:3d:bb:c2:f9:3c:4e:02:57:ba:
                    46:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7F:C4:77:8F:EE:4A:A9:8E:A7:32:49:3E:60:44:06:78:1B:32:B9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a139d9b-2edc-4d9b-83ad-730bb081e4cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:8066::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:cd:7b:18:d6:9b:51:c4:47:cb:77:2b:a2:f1:c0:df:1e:67:
         31:a5:71:a5:3a:3a:66:9d:79:e0:ab:be:ad:de:80:93:35:4a:
         61:5b:48:8d:40:18:00:ce:60:30:d4:dc:c6:d7:fe:ff:33:52:
         4c:b2:ec:51:5c:9d:db:85:a8:29:f9:54:7d:ef:e1:f5:4e:a9:
         1b:5c:b9:6c:b1:58:25:61:a0:87:fc:de:0e:e2:a8:83:a0:c6:
         ac:5c:d8:45:98:5e:fa:c1:32:e3:ea:87:d0:84:74:f5:0e:63:
         f9:3b:d2:41:c6:a4:2d:d5:fc:cf:71:a3:ac:c7:4b:94:f5:64:
         f9:67:a5:72:ba:3f:b7:64:d6:ba:6b:f1:b7:7f:cc:73:d3:bd:
         61:e6:1a:28:2e:99:b9:0a:50:58:00:2e:2a:24:ab:71:82:0f:
         d3:51:b4:e3:60:e8:23:b6:ed:84:95:18:41:36:d8:47:29:b0:
         e0:57:0d:d7:67:6c:f3:3c:74:a7:ec:0c:ba:52:f1:a9:99:72:
         d9:d0:e1:f0:5d:d4:da:d7:d9:41:ac:5a:9d:bd:a2:1b:b2:bd:
         b2:6b:b3:82:20:f5:e3:23:53:bc:c0:02:b8:80:71:97:7a:be:
         f4:a2:4e:19:70:4a:6a:4a:03:80:69:87:6d:13:87:6a:d3:46:
         3a:a2:d6:0e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUFmzcv80PoWCuU2U/6kghGQ6cAcMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDA1MDE1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMWU1ZGQ1YjhiMmRlMzU3Y2U3MzA3NDdmNWRjNzU5MTY4
ZWFlODUyNWM4YWY0NTkxYWJjZjk5ZjYyMTg3MzEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoBM+aCyGIdMFFxs9Jb9y+Xl3Vd4bnJAOo3tUhtXmx6ccj
VFB8uyKzg1YAdLcBL96hTcAMjPNta8/2IknPQz7vuzIHl9Ol17iddOQRTgEeqs/6
8aikIR1gQ4iRS2w0jObruTX+Kvm53+NIvp3mF3ZcseUOhCmfMsiGN3BcosDxO0nJ
t/r2t40qCCV1V7THlQXmRNdgOuH1mgnrAk/ODs7VeHyWLCWAbPmna3X/9qlPsdEi
tqsd18kXX3dXc7KUXUCOvidxR3A2VmSCm7oEmz5KuLLV8TGF4HPpZM6rcoAefhfv
iI1LiNJvHUzwBCVWtscsn8gXSj27wvk8TgJXukYNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUj3/Ed4/uSqmOpzJJPmBEBngbMrkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhMTM5ZDliLTJlZGMtNGQ5Yi04M2FkLTczMGJiMDgxZTRjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gGYwDQYJKoZIhvcNAQELBQADggEBAMLNexjWm1HER8t3K6LxwN8e
ZzGlcaU6OmadeeCrvq3egJM1SmFbSI1AGADOYDDU3MbX/v8zUkyy7FFcnduFqCn5
VH3v4fVOqRtcuWyxWCVhoIf83g7iqIOgxqxc2EWYXvrBMuPqh9CEdPUOY/k70kHG
pC3V/M9xo6zHS5T1ZPlnpXK6P7dk1rpr8bd/zHPTvWHmGigumbkKUFgALiokq3GC
D9NRtONg6CO27YSVGEE22EcpsOBXDddnbPM8dKfsDLpS8amZctnQ4fBd1NrX2UGs
Wp29ohuyvbJrs4Ig9eMjU7zAAriAcZd6vvSiThlwSmpKA4Bph20Th2rTRjqi1g4=
-----END CERTIFICATE-----