Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d72dbbe-2b88-48a1-81f5-b55082aa8945.roa
File:                     5d72dbbe-2b88-48a1-81f5-b55082aa8945.roa (raw, json)
Hash identifier:          kq6UVca0XPE6vwCaIQd260kQ66a7zJ8rzLddMiXLBTY=
Subject key identifier:   43:03:77:A8:82:D0:AF:B2:9A:4E:57:C2:CA:35:1B:B7:78:DA:48:51
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C3E901BC2D5B9BF9EDF80606A09D5E7C34D8875
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d72dbbe-2b88-48a1-81f5-b55082aa8945.roa
Signing time:             Sun 16 Nov 2025 00:10:04 +0000
ROA not before:           Sun 16 Nov 2025 00:10:04 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:84af::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:3e:90:1b:c2:d5:b9:bf:9e:df:80:60:6a:09:d5:e7:c3:4d:88:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:10:04 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=801b268d5e45201b95f4eb3ef5f6c428e475bd75285e9ac34a431fdfc3147778, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e3:6d:d2:0e:b7:f8:e2:2d:eb:b1:36:f3:25:
                    51:33:cc:53:89:d8:96:89:1a:a3:57:c7:71:f9:c1:
                    ab:18:a5:e4:ca:3d:2f:da:52:dd:9d:0c:30:df:1a:
                    39:c6:1a:81:48:ee:26:ef:df:62:4e:ae:77:27:73:
                    3c:96:02:cd:f2:87:57:87:41:45:aa:ce:b8:2e:8d:
                    0b:6c:8c:6a:fd:9a:aa:ac:cc:41:c5:21:c4:d0:7b:
                    e3:88:be:b4:94:a6:e7:0b:b6:b2:b9:6e:7a:86:11:
                    ee:b5:9e:5e:b5:d1:97:6d:e7:39:bc:5c:d0:8c:18:
                    f6:35:55:10:15:73:e6:a8:7f:bf:99:d3:2f:84:bd:
                    eb:91:14:31:aa:64:ba:28:8d:98:d3:67:51:7d:01:
                    78:4d:88:ee:2b:92:99:f1:89:5d:29:71:9e:d3:23:
                    f6:f4:4a:87:0a:ab:8a:26:cd:ca:10:04:b9:e8:83:
                    a9:05:32:3e:e8:ef:88:78:cc:44:0b:55:81:20:3a:
                    92:09:45:f6:80:35:19:84:cc:7b:f8:7f:c4:84:eb:
                    43:95:ec:5c:10:01:77:c7:74:cc:a1:06:5d:5a:e2:
                    fa:0a:f4:1c:d0:91:aa:22:2d:84:10:c7:cd:ac:0e:
                    21:8f:1f:11:d5:db:71:e1:61:16:fe:92:72:25:36:
                    29:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:03:77:A8:82:D0:AF:B2:9A:4E:57:C2:CA:35:1B:B7:78:DA:48:51
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d72dbbe-2b88-48a1-81f5-b55082aa8945.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:84af::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:0e:19:fc:39:67:ee:e7:a5:80:ba:15:43:60:2d:1f:66:9c:
         28:5e:5f:28:a3:d5:02:95:ce:93:5e:45:91:7d:c7:31:c2:32:
         f2:fe:26:78:eb:aa:15:93:0d:c7:b1:99:bb:95:e5:a6:f4:d8:
         47:66:e0:dd:44:3a:db:3c:d6:cb:3e:b6:22:0e:da:55:47:90:
         ea:96:e5:7a:ee:2d:74:f8:af:b3:9d:9a:ae:dd:70:70:be:e0:
         e6:27:e5:30:b6:e6:b8:ea:2c:de:cf:78:37:ac:2f:f1:2f:2e:
         00:8f:c5:b3:8a:24:6c:1f:97:aa:e3:4b:fb:e1:2c:93:ae:3e:
         9d:23:2f:1e:d0:c4:97:17:b8:51:61:89:81:7a:92:bd:2b:44:
         26:94:62:d4:08:67:7f:db:ef:1f:11:26:0a:01:d5:b7:b7:da:
         9a:fe:1b:3a:78:02:3e:99:5c:cb:c4:b4:4b:7a:6f:1f:3b:25:
         af:4c:93:74:2b:52:26:a8:62:5e:ae:d0:25:3f:52:ca:76:31:
         77:9f:c4:08:b0:d0:a7:d2:15:66:22:93:f1:a2:d3:e3:0d:2b:
         99:70:3a:d1:37:9d:8b:03:53:ef:04:68:58:29:2c:73:17:f7:
         ca:ed:0b:f2:ad:c7:17:45:65:a0:bb:d7:5b:61:f8:3b:1a:dd:
         a5:0b:6f:7e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUfD6QG8LVub+e34BgagnV58NNiHUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAxMDA0WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDFiMjY4ZDVlNDUyMDFiOTVmNGViM2VmNWY2YzQyOGU0
NzViZDc1Mjg1ZTlhYzM0YTQzMWZkZmMzMTQ3Nzc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCg423SDrf44i3rsTbzJVEzzFOJ2JaJGqNXx3H5wasYpeTK
PS/aUt2dDDDfGjnGGoFI7ibv32JOrncnczyWAs3yh1eHQUWqzrgujQtsjGr9mqqs
zEHFIcTQe+OIvrSUpucLtrK5bnqGEe61nl610Zdt5zm8XNCMGPY1VRAVc+aof7+Z
0y+EveuRFDGqZLoojZjTZ1F9AXhNiO4rkpnxiV0pcZ7TI/b0SocKq4omzcoQBLno
g6kFMj7o74h4zEQLVYEgOpIJRfaANRmEzHv4f8SE60OV7FwQAXfHdMyhBl1a4voK
9BzQkaoiLYQQx82sDiGPHxHV23HhYRb+knIlNikHAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUQwN3qILQr7KaTlfCyjUbt3jaSFEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVkNzJkYmJlLTJiODgtNDhhMS04MWY1LWI1NTA4MmFhODk0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9hK8wDQYJKoZIhvcNAQELBQADggEBALwOGfw5Z+7npYC6FUNgLR9m
nCheXyij1QKVzpNeRZF9xzHCMvL+JnjrqhWTDcexmbuV5ab02Edm4N1EOts81ss+
tiIO2lVHkOqW5XruLXT4r7Odmq7dcHC+4OYn5TC25rjqLN7PeDesL/EvLgCPxbOK
JGwfl6rjS/vhLJOuPp0jLx7QxJcXuFFhiYF6kr0rRCaUYtQIZ3/b7x8RJgoB1be3
2pr+Gzp4Aj6ZXMvEtEt6bx87Ja9Mk3QrUiaoYl6u0CU/Usp2MXefxAiw0KfSFWYi
k/Gi0+MNK5lwOtE3nYsDU+8EaFgpLHMX98rtC/KtxxdFZaC711th+Dsa3aULb34=
-----END CERTIFICATE-----