Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65fce468-fb6f-4d70-884d-cd2c1944b9c6.roa
File:                     65fce468-fb6f-4d70-884d-cd2c1944b9c6.roa (raw, json)
Hash identifier:          WHt5F4B2ejIGxw0EGeysJWzBqOQOqZQPIZltI5SEBDQ=
Subject key identifier:   8F:03:62:3A:9E:14:49:5F:45:61:50:E8:B4:11:26:55:D0:84:AD:9D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78A2D94E5FAF22CA143632A530D6BF312652802B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65fce468-fb6f-4d70-884d-cd2c1944b9c6.roa
Signing time:             Tue 11 Nov 2025 01:51:38 +0000
ROA not before:           Tue 11 Nov 2025 01:51:38 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:1020::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:a2:d9:4e:5f:af:22:ca:14:36:32:a5:30:d6:bf:31:26:52:80:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:51:38 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=2746d17b9bc3105ac6fec2493c7312db5949a016952c5618dc81b1658f18ed58, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ba:65:bc:bf:f4:84:a5:2b:56:7c:fb:d5:84:
                    5d:43:eb:95:17:c1:c0:7d:4e:b0:1d:d0:1f:f0:a7:
                    98:77:0b:4f:1c:ae:27:04:04:4e:db:65:34:95:27:
                    82:cc:85:6e:b1:90:3e:f7:aa:c8:56:55:74:31:4c:
                    35:46:dc:59:f8:64:c8:aa:79:8c:eb:6b:d5:6a:5e:
                    be:3e:74:77:31:31:96:3b:df:50:ed:38:8c:4f:6d:
                    75:46:18:22:15:f3:b9:8e:64:db:cb:e3:bc:16:03:
                    63:d0:05:a2:90:1f:a3:d0:f4:6b:02:1c:23:30:48:
                    4f:d7:cc:ba:93:ef:76:57:1c:10:73:69:42:16:8f:
                    25:9d:7e:f4:cc:d3:08:e4:84:3f:f0:ee:54:53:41:
                    35:29:bb:f6:5a:c7:fd:f1:7a:ee:5e:65:f7:12:c6:
                    91:b5:c2:8c:bd:6a:19:6b:c6:6a:e3:63:17:6c:ad:
                    49:0c:05:69:5b:b3:75:29:50:dd:c7:10:a7:2b:c0:
                    f6:23:6a:55:47:3f:15:40:e7:51:a5:7f:8e:ab:bf:
                    8d:2d:4b:39:20:70:cd:31:07:80:c7:6d:d7:16:08:
                    5e:d4:7f:f0:b6:45:f8:d9:40:ae:51:35:ea:ca:99:
                    91:96:8f:32:ea:32:8d:2b:1c:05:e5:65:55:62:f0:
                    02:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:03:62:3A:9E:14:49:5F:45:61:50:E8:B4:11:26:55:D0:84:AD:9D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65fce468-fb6f-4d70-884d-cd2c1944b9c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:1020::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:38:78:88:0e:2a:be:b1:9f:68:fc:85:01:5d:53:ed:b1:4f:
         08:5f:62:85:ce:d1:29:6b:fa:ee:de:c0:4e:e7:29:97:be:ab:
         bf:d0:bb:4a:7f:f0:00:d0:15:38:69:ad:59:d3:1f:6d:ba:03:
         31:5b:ba:51:78:d6:8e:8e:79:ad:99:51:ac:85:9e:0e:d0:b9:
         d6:fb:0b:06:0c:f8:b9:71:ee:b0:54:ac:18:df:4a:be:bb:0f:
         58:26:05:c1:fc:3e:5f:ed:e4:69:b4:3d:50:04:72:46:84:cc:
         91:8b:15:2a:5b:bb:9a:08:cd:a5:37:1a:08:cf:f9:73:02:a9:
         0b:d2:76:d6:ac:c6:c5:07:1b:b2:2f:fd:44:cf:ee:46:b1:93:
         52:11:30:1e:67:06:86:7e:09:a5:f3:79:f2:83:cc:50:90:f0:
         05:42:1e:bf:1d:ed:a1:06:8a:54:79:1d:04:90:a2:e3:45:e8:
         40:80:92:08:c7:a0:e3:a3:bb:46:03:e0:f1:33:c0:73:75:07:
         8e:2e:8a:57:86:8d:47:3d:14:d7:e5:b6:96:ac:82:1a:80:b6:
         78:e7:bf:16:75:0e:29:da:24:9d:bb:21:7e:4c:34:2e:24:01:
         2e:79:54:7c:20:ba:d6:45:10:15:71:05:36:b9:9c:2f:91:1a:
         e9:5b:5d:16
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUeKLZTl+vIsoUNjKlMNa/MSZSgCswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDE1MTM4WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNzQ2ZDE3YjliYzMxMDVhYzZmZWMyNDkzYzczMTJkYjU5
NDlhMDE2OTUyYzU2MThkYzgxYjE2NThmMThlZDU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmumW8v/SEpStWfPvVhF1D65UXwcB9TrAd0B/wp5h3C08c
ricEBE7bZTSVJ4LMhW6xkD73qshWVXQxTDVG3Fn4ZMiqeYzra9VqXr4+dHcxMZY7
31DtOIxPbXVGGCIV87mOZNvL47wWA2PQBaKQH6PQ9GsCHCMwSE/XzLqT73ZXHBBz
aUIWjyWdfvTM0wjkhD/w7lRTQTUpu/Zax/3xeu5eZfcSxpG1woy9ahlrxmrjYxds
rUkMBWlbs3UpUN3HEKcrwPYjalVHPxVA51Glf46rv40tSzkgcM0xB4DHbdcWCF7U
f/C2RfjZQK5RNerKmZGWjzLqMo0rHAXlZVVi8AKtAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUjwNiOp4USV9FYVDotBEmVdCErZ0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1ZmNlNDY4LWZiNmYtNGQ3MC04ODRkLWNkMmMxOTQ0YjljNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AECAwDQYJKoZIhvcNAQELBQADggEBALI4eIgOKr6xn2j8hQFdU+2x
TwhfYoXO0Slr+u7ewE7nKZe+q7/Qu0p/8ADQFThprVnTH226AzFbulF41o6Oea2Z
UayFng7Qudb7CwYM+Llx7rBUrBjfSr67D1gmBcH8Pl/t5Gm0PVAEckaEzJGLFSpb
u5oIzaU3GgjP+XMCqQvSdtasxsUHG7Iv/UTP7kaxk1IRMB5nBoZ+CaXzefKDzFCQ
8AVCHr8d7aEGilR5HQSQouNF6ECAkgjHoOOju0YD4PEzwHN1B44uileGjUc9FNfl
tpasghqAtnjnvxZ1DinaJJ27IX5MNC4kAS55VHwgutZFEBVxBTa5nC+RGulbXRY=
-----END CERTIFICATE-----