Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/623e0c25-ebcc-443d-aa05-3aa115d44e24.roa
File:                     623e0c25-ebcc-443d-aa05-3aa115d44e24.roa (raw, json)
Hash identifier:          C0wDUS2ECPSh+W55o9x9wzxaVYCRzncHvW8p4KbEmg4=
Subject key identifier:   BC:81:4D:6D:BE:35:09:30:69:6C:54:38:DB:F2:26:8E:29:AB:11:DA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4E4ED40C529425D047A855C7BAF71D68A57FAACF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/623e0c25-ebcc-443d-aa05-3aa115d44e24.roa
Signing time:             Tue 11 Nov 2025 00:10:20 +0000
ROA not before:           Tue 11 Nov 2025 00:10:20 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:8050::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:4e:d4:0c:52:94:25:d0:47:a8:55:c7:ba:f7:1d:68:a5:7f:aa:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:10:20 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=41bc868202e73a56939dd4c1e29d8f24944e0b10e1bafe0cbb3a40df9b774606, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b2:38:06:7c:f8:9a:d8:26:d1:7a:7d:fa:c7:
                    47:0b:11:e6:44:b4:3e:dd:5e:07:4c:71:55:5a:a3:
                    d6:e0:d7:53:25:f2:51:ac:c5:a5:3d:43:33:29:0c:
                    da:c8:80:b7:3d:ac:3f:8b:c1:38:35:a1:53:54:90:
                    56:6d:a3:35:6c:95:0d:5a:30:db:c1:63:d6:f3:8a:
                    cc:ff:e4:78:6c:ce:29:d4:0d:df:60:4b:fe:38:dd:
                    6c:db:22:9c:40:dc:d3:c2:96:10:ba:e1:02:d5:4e:
                    8f:ad:79:46:d9:e8:bf:20:16:ff:2d:18:10:b5:8c:
                    12:df:33:ad:b3:04:b9:f9:05:f4:1d:55:27:96:b5:
                    81:db:79:f9:ea:4c:63:7a:95:78:ff:b3:05:e3:cb:
                    5b:2c:1f:43:86:c5:1b:f7:f5:b8:f6:14:da:79:77:
                    24:c2:a3:7c:4d:d8:56:ff:c8:b4:fb:3c:86:3e:a4:
                    89:d1:23:18:79:60:dc:8d:db:4d:b6:81:0b:87:84:
                    67:bc:c6:1f:4d:c2:52:19:e4:fa:fd:3c:a6:1b:bf:
                    cd:e7:a1:29:f1:de:c1:ae:ef:ef:ec:2c:9b:0b:54:
                    6d:9b:98:44:4b:eb:9a:dd:5d:64:1b:35:c8:04:2b:
                    c3:f4:40:a2:68:e8:cd:ae:0b:96:cc:21:2e:6c:15:
                    b7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:81:4D:6D:BE:35:09:30:69:6C:54:38:DB:F2:26:8E:29:AB:11:DA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/623e0c25-ebcc-443d-aa05-3aa115d44e24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:8050::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:a5:5e:ec:65:b4:51:79:70:88:b2:ef:a9:85:da:78:42:b4:
         20:51:55:90:36:dd:b7:20:20:f7:c9:1e:6a:ad:17:e7:80:4a:
         d3:2c:dc:56:af:4c:50:48:54:cf:ea:52:a8:c2:e8:a6:e5:93:
         c5:57:09:77:63:eb:03:01:30:36:0b:9d:4a:46:21:07:7c:f4:
         99:45:8a:ae:47:0c:4c:a0:24:9e:f7:2f:b6:7d:e8:f4:cd:95:
         f0:19:27:c9:4b:a2:51:ed:21:00:2a:c2:48:c8:80:79:06:0f:
         a4:ef:e1:39:ea:32:71:64:55:90:a9:8c:03:0f:b0:d4:c7:21:
         8c:60:0d:3f:38:09:c4:49:86:6f:c0:13:ef:d8:76:c0:72:0d:
         dd:89:d2:b2:c2:8e:cc:94:ea:2e:92:16:2f:c3:bd:be:eb:01:
         99:3d:97:b2:04:95:bb:78:58:f8:d1:1c:89:18:32:d1:bd:0c:
         07:15:ac:05:63:84:65:b0:1e:4c:f9:aa:36:af:28:8c:bd:da:
         9c:28:12:1a:1f:e5:77:83:de:72:66:28:fd:89:de:05:75:2b:
         2a:09:d7:80:31:f5:87:b1:81:1d:f7:58:2a:0f:30:a5:2d:3a:
         10:c5:1a:1b:2d:a4:75:38:03:de:68:54:42:a7:31:28:36:69:
         54:f2:ce:90
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTk7UDFKUJdBHqFXHuvcdaKV/qs8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDAxMDIwWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MWJjODY4MjAyZTczYTU2OTM5ZGQ0YzFlMjlkOGYyNDk0
NGUwYjEwZTFiYWZlMGNiYjNhNDBkZjliNzc0NjA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfsjgGfPia2CbRen36x0cLEeZEtD7dXgdMcVVao9bg11Ml
8lGsxaU9QzMpDNrIgLc9rD+LwTg1oVNUkFZtozVslQ1aMNvBY9bzisz/5HhszinU
Dd9gS/443WzbIpxA3NPClhC64QLVTo+teUbZ6L8gFv8tGBC1jBLfM62zBLn5BfQd
VSeWtYHbefnqTGN6lXj/swXjy1ssH0OGxRv39bj2FNp5dyTCo3xN2Fb/yLT7PIY+
pInRIxh5YNyN2022gQuHhGe8xh9NwlIZ5Pr9PKYbv83noSnx3sGu7+/sLJsLVG2b
mERL65rdXWQbNcgEK8P0QKJo6M2uC5bMIS5sFbcXAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUvIFNbb41CTBpbFQ42/ImjimrEdowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyM2UwYzI1LWViY2MtNDQzZC1hYTA1LTNhYTExNWQ0NGUyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//gFAwDQYJKoZIhvcNAQELBQADggEBAD6lXuxltFF5cIiy76mF2nhC
tCBRVZA23bcgIPfJHmqtF+eAStMs3FavTFBIVM/qUqjC6Kblk8VXCXdj6wMBMDYL
nUpGIQd89JlFiq5HDEygJJ73L7Z96PTNlfAZJ8lLolHtIQAqwkjIgHkGD6Tv4Tnq
MnFkVZCpjAMPsNTHIYxgDT84CcRJhm/AE+/YdsByDd2J0rLCjsyU6i6SFi/Dvb7r
AZk9l7IElbt4WPjRHIkYMtG9DAcVrAVjhGWwHkz5qjavKIy92pwoEhof5XeD3nJm
KP2J3gV1KyoJ14Ax9YexgR33WCoPMKUtOhDFGhstpHU4A95oVEKnMSg2aVTyzpA=
-----END CERTIFICATE-----