Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/583193bf-59e4-450f-b717-73d6b6b59d9e.roa
File:                     583193bf-59e4-450f-b717-73d6b6b59d9e.roa (raw, json)
Hash identifier:          WnTerm1kWBjWHH5T2ZVqaUi9h06virWvMy8aoXC96PI=
Subject key identifier:   9D:B9:33:02:7D:BA:DF:41:66:0C:56:47:F1:96:A5:5B:89:47:3E:1A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       785FDE1774EC4E319293008770AC51E774D4D668
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/583193bf-59e4-450f-b717-73d6b6b59d9e.roa
Signing time:             Wed 12 Nov 2025 02:20:41 +0000
ROA not before:           Wed 12 Nov 2025 02:20:41 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:4000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:5f:de:17:74:ec:4e:31:92:93:00:87:70:ac:51:e7:74:d4:d6:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:20:41 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=dba8d9b95da15c0903208dbc10856cf34edf38a9bd76184baf33fe344e9d0782, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:27:6d:9d:12:92:98:98:b0:83:5f:76:e5:83:
                    9f:00:05:ff:63:6f:f7:37:e3:f6:45:13:ed:de:4d:
                    3f:b9:a8:e4:a4:99:6f:7a:c3:aa:1a:0e:c8:d4:85:
                    ae:3b:56:24:bb:84:a3:41:92:17:e3:90:fe:0d:cf:
                    fc:06:98:9f:db:14:3a:bf:76:94:f9:61:13:f1:fc:
                    ac:01:a5:16:c9:ff:bc:d3:56:d3:5f:a9:e0:bc:84:
                    35:6d:4a:13:d3:d1:d7:76:13:8c:9a:be:8e:61:8d:
                    8f:08:c7:8f:ff:57:81:60:0c:31:d7:2d:64:5c:ce:
                    80:a7:7b:98:30:be:2f:99:a5:f8:7d:7c:0f:17:6f:
                    ed:cb:3d:cc:4c:4c:84:01:eb:d5:a9:83:9c:e7:06:
                    28:73:92:96:ca:71:16:0f:d3:22:60:83:31:97:74:
                    9d:82:27:84:db:f7:41:d1:dc:d3:9e:de:04:a7:dd:
                    86:a7:6d:1c:da:b9:15:57:11:9d:77:48:ff:0e:ab:
                    90:b9:cf:b7:d1:24:4f:d6:e9:6b:ee:7d:bc:48:10:
                    a2:12:70:11:f0:6f:81:14:b2:b5:40:16:4d:db:94:
                    cb:4f:20:8a:04:ff:5d:90:bc:94:7b:14:73:49:df:
                    3d:49:4a:29:9c:76:0f:70:a0:38:c6:c1:a9:39:b6:
                    df:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B9:33:02:7D:BA:DF:41:66:0C:56:47:F1:96:A5:5B:89:47:3E:1A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/583193bf-59e4-450f-b717-73d6b6b59d9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         13:1d:06:17:cd:b5:5a:43:e3:2e:c8:da:d6:06:ba:8e:92:c1:
         b5:35:56:58:ce:86:08:c4:f5:e6:8e:e2:d2:47:a3:b2:aa:3d:
         74:fd:3e:b5:f2:e8:db:a2:0b:04:83:95:13:cc:e1:29:bf:85:
         a9:34:2c:81:a1:e0:46:af:a2:32:f4:31:b0:27:0b:85:cc:59:
         c1:78:f8:ab:60:9a:45:50:45:60:5b:98:e6:4c:0f:1b:da:50:
         fd:f2:9d:56:dc:ba:5e:7d:f5:ec:c5:31:fd:82:1d:64:e8:f6:
         e7:5c:aa:a5:4f:fa:a3:5f:9f:52:1a:5c:b8:09:96:40:21:53:
         8b:36:8d:bf:48:fa:de:f4:56:f8:26:24:9e:05:37:c7:44:93:
         9e:ff:9a:de:be:2f:e3:ff:9a:98:a6:f0:fe:0b:12:4e:7c:49:
         34:20:a8:ce:8d:61:de:19:f1:e9:8a:5f:c0:df:a5:e7:f1:ae:
         50:29:be:27:53:85:59:ba:0d:fd:e6:df:5c:ca:86:59:29:15:
         aa:22:b2:58:76:e4:dc:c2:5e:52:57:ae:c1:61:fd:ac:e8:7f:
         50:8d:8d:72:42:82:64:9b:ac:2b:ee:43:7b:61:e3:82:76:a8:
         e8:09:5f:7a:2e:91:48:cf:97:4b:69:33:a6:54:5c:18:52:73:
         3c:cc:96:de
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUeF/eF3TsTjGSkwCHcKxR53TU1mgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIyMDQxWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYmE4ZDliOTVkYTE1YzA5MDMyMDhkYmMxMDg1NmNmMzRl
ZGYzOGE5YmQ3NjE4NGJhZjMzZmUzNDRlOWQwNzgyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMJ22dEpKYmLCDX3blg58ABf9jb/c34/ZFE+3eTT+5qOSk
mW96w6oaDsjUha47ViS7hKNBkhfjkP4Nz/wGmJ/bFDq/dpT5YRPx/KwBpRbJ/7zT
VtNfqeC8hDVtShPT0dd2E4yavo5hjY8Ix4//V4FgDDHXLWRczoCne5gwvi+Zpfh9
fA8Xb+3LPcxMTIQB69Wpg5znBihzkpbKcRYP0yJggzGXdJ2CJ4Tb90HR3NOe3gSn
3YanbRzauRVXEZ13SP8Oq5C5z7fRJE/W6WvufbxIEKIScBHwb4EUsrVAFk3blMtP
IIoE/12QvJR7FHNJ3z1JSimcdg9woDjGwak5tt/TAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUnbkzAn2630FmDFZH8ZalW4lHPhowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU4MzE5M2JmLTU5ZTQtNDUwZi1iNzE3LTczZDZiNmI1OWQ5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB9wQDANBgkqhkiG9w0BAQsFAAOCAQEAEx0GF821WkPjLsja1ga6jpLB
tTVWWM6GCMT15o7i0kejsqo9dP0+tfLo26ILBIOVE8zhKb+FqTQsgaHgRq+iMvQx
sCcLhcxZwXj4q2CaRVBFYFuY5kwPG9pQ/fKdVty6Xn317MUx/YIdZOj251yqpU/6
o1+fUhpcuAmWQCFTizaNv0j63vRW+CYkngU3x0STnv+a3r4v4/+amKbw/gsSTnxJ
NCCozo1h3hnx6YpfwN+l5/GuUCm+J1OFWboN/ebfXMqGWSkVqiKyWHbk3MJeUleu
wWH9rOh/UI2NckKCZJusK+5De2Hjgnao6Alfei6RSM+XS2kzplRcGFJzPMyW3g==
-----END CERTIFICATE-----