Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62842a99-8d9d-42aa-97f7-b9f2281d3077.roa
File:                     62842a99-8d9d-42aa-97f7-b9f2281d3077.roa (raw, json)
Hash identifier:          YvFDDtdxeC6+N7OHpsZk6YbR+FGj3ViyZfJxYOssiFg=
Subject key identifier:   3A:05:5D:60:E4:B3:B0:23:5A:B4:F6:F1:F6:54:06:07:17:57:F9:2A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0C4D1565783C8D2E71C03213BF21B86F9F710042
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62842a99-8d9d-42aa-97f7-b9f2281d3077.roa
Signing time:             Wed 12 Nov 2025 02:00:35 +0000
ROA not before:           Wed 12 Nov 2025 02:00:35 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f2f:4000::/36 maxlen: 36
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:4d:15:65:78:3c:8d:2e:71:c0:32:13:bf:21:b8:6f:9f:71:00:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:00:35 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=b4af8d1fab93871dc2f738a110d5e188da6c9438f58bc35228739df6d2e0b8d0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:28:68:3d:63:37:0b:36:6a:81:eb:9b:6a:e1:
                    9c:a3:5d:38:a7:77:33:63:90:c7:8a:a4:9a:31:65:
                    d0:dd:e1:6b:27:c3:89:18:86:43:cf:82:8a:b5:1f:
                    69:ac:61:68:d4:79:dc:df:09:f8:79:f6:5f:0a:d2:
                    a8:96:c2:f2:e8:17:c4:a8:68:a7:c0:88:e6:c7:35:
                    9b:80:a2:14:2e:97:72:1c:df:12:04:e8:be:f4:01:
                    d9:ca:f4:2c:67:8f:59:50:2e:d7:cc:7d:68:19:4e:
                    2d:5f:7e:18:15:c7:38:a8:99:67:ed:8d:15:c8:ac:
                    52:3e:54:68:c6:6e:12:4b:8e:70:b4:48:5d:57:23:
                    10:09:9e:a4:04:3f:43:75:82:be:fc:f4:0a:f4:34:
                    8a:d7:c0:36:20:69:c3:c1:2e:9b:aa:96:e2:ee:20:
                    99:04:e6:0a:8c:41:77:8b:75:69:71:9c:37:b7:8f:
                    cd:a5:65:6f:ac:8c:c9:c6:d9:37:20:49:84:52:02:
                    0b:b9:17:76:1f:9c:ea:bd:e7:8a:27:67:f0:b6:59:
                    ff:2f:e6:84:e3:80:da:3a:02:28:ac:64:cd:89:f1:
                    8d:27:16:8b:de:81:38:5a:87:01:79:b7:49:01:80:
                    3b:77:e0:a7:b0:50:53:14:5e:5d:78:fd:2f:59:0c:
                    26:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:05:5D:60:E4:B3:B0:23:5A:B4:F6:F1:F6:54:06:07:17:57:F9:2A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62842a99-8d9d-42aa-97f7-b9f2281d3077.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f2f:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         31:7a:90:b2:fb:78:0c:95:16:29:5c:2f:a9:26:f6:0a:85:4a:
         11:8c:08:6e:9d:e4:5b:fa:e8:d1:fb:25:9e:e6:5d:60:96:4d:
         54:31:8c:8b:67:76:93:98:7a:ff:c5:83:d2:62:17:3c:9c:52:
         f4:25:0f:cb:25:d4:cf:1b:91:e3:14:10:be:38:5d:d1:ae:74:
         7c:4c:40:43:72:06:10:fd:0b:b6:38:5a:56:b0:f5:9f:b1:6e:
         f2:2c:15:ef:d4:c8:7b:45:64:f4:4f:a7:b1:7e:f1:d6:a7:6f:
         31:22:00:88:e4:e5:f1:b8:8f:27:da:ef:a6:24:65:63:62:b0:
         ee:5b:32:b6:ab:5c:53:d0:1d:7a:9a:f4:17:69:ba:30:fb:ae:
         52:73:3a:5d:8b:2c:ef:d6:e4:63:6d:e7:58:e9:c3:2d:f3:f1:
         3c:d5:dd:88:8a:c8:c3:32:97:9a:6f:bc:56:95:83:4e:7d:43:
         ce:07:97:ae:9f:d0:40:1d:d4:7a:b5:35:ec:0f:5a:bb:5e:38:
         cc:81:25:7a:ca:9e:85:cb:8a:f1:0d:f6:5e:7d:06:bf:a7:0f:
         11:9d:c1:e1:1d:9a:18:25:14:df:8f:44:93:73:4b:27:5d:e4:
         b0:d4:db:1c:fc:81:7b:19:0f:88:34:0c:b7:2a:6d:b5:e5:3f:
         d1:1d:a8:49
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUDE0VZXg8jS5xwDITvyG4b59xAEIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIwMDM1WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNGFmOGQxZmFiOTM4NzFkYzJmNzM4YTExMGQ1ZTE4OGRh
NmM5NDM4ZjU4YmMzNTIyODczOWRmNmQyZTBiOGQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzKGg9YzcLNmqB65tq4ZyjXTindzNjkMeKpJoxZdDd4Wsn
w4kYhkPPgoq1H2msYWjUedzfCfh59l8K0qiWwvLoF8SoaKfAiObHNZuAohQul3Ic
3xIE6L70AdnK9Cxnj1lQLtfMfWgZTi1ffhgVxziomWftjRXIrFI+VGjGbhJLjnC0
SF1XIxAJnqQEP0N1gr789Ar0NIrXwDYgacPBLpuqluLuIJkE5gqMQXeLdWlxnDe3
j82lZW+sjMnG2TcgSYRSAgu5F3YfnOq954onZ/C2Wf8v5oTjgNo6AiisZM2J8Y0n
FovegThahwF5t0kBgDt34KewUFMUXl14/S9ZDCbPAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUOgVdYOSzsCNatPbx9lQGBxdX+SowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyODQyYTk5LThkOWQtNDJhYS05N2Y3LWI5ZjIyODFkMzA3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8vQDANBgkqhkiG9w0BAQsFAAOCAQEAMXqQsvt4DJUWKVwvqSb2CoVK
EYwIbp3kW/ro0fslnuZdYJZNVDGMi2d2k5h6/8WD0mIXPJxS9CUPyyXUzxuR4xQQ
vjhd0a50fExAQ3IGEP0LtjhaVrD1n7Fu8iwV79TIe0Vk9E+nsX7x1qdvMSIAiOTl
8biPJ9rvpiRlY2Kw7lsytqtcU9Adepr0F2m6MPuuUnM6XYss79bkY23nWOnDLfPx
PNXdiIrIwzKXmm+8VpWDTn1DzgeXrp/QQB3UerU17A9au144zIElesqehcuK8Q32
Xn0Gv6cPEZ3B4R2aGCUU349Ek3NLJ13ksNTbHPyBexkPiDQMtyptteU/0R2oSQ==
-----END CERTIFICATE-----