Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ad63be3-0aab-48af-9a30-591c1d342077.roa
File:                     6ad63be3-0aab-48af-9a30-591c1d342077.roa (raw, json)
Hash identifier:          Y9MwtsJHfdqYbftrm/LoOt16GamuUsL1r2UzETW/PMY=
Subject key identifier:   14:3E:14:59:A4:B6:27:BE:CD:3B:8D:78:9C:93:95:E2:AD:85:EC:0D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0EEDC7CC0DCE586D49CDE29DD51CC84241C64F5E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ad63be3-0aab-48af-9a30-591c1d342077.roa
Signing time:             Wed 12 Nov 2025 01:00:43 +0000
ROA not before:           Wed 12 Nov 2025 01:00:43 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:3400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:ed:c7:cc:0d:ce:58:6d:49:cd:e2:9d:d5:1c:c8:42:41:c6:4f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:00:43 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=e59e5826638f8a15fb5ffe3508a56d90fb5a0f1b2835ec8938d5183f97e9f5d3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ad:11:f0:f5:b0:57:7d:25:f0:53:38:8b:4f:
                    44:4a:fd:b1:2d:d6:01:9e:f8:64:a0:3d:15:c7:f5:
                    5a:3d:95:fe:17:e7:4c:aa:cc:2e:0b:fb:d7:0a:81:
                    fc:e8:d8:09:6d:d2:01:28:9f:46:bd:e3:1b:83:ab:
                    c0:60:a2:c6:d5:a5:4d:55:a4:57:8b:bd:e5:0e:7d:
                    e8:51:42:d4:fc:52:eb:b1:7a:73:a9:c8:c6:4e:43:
                    7b:57:81:50:ea:b5:53:96:0d:fe:df:e9:c5:ab:45:
                    e4:0a:ad:ae:d7:4a:35:d9:b7:d2:03:2f:24:4c:1f:
                    51:b9:94:bc:44:44:5a:e7:b9:05:d7:13:62:9c:e0:
                    e0:9a:90:bf:84:a4:7a:ec:58:96:5c:ba:2c:f9:69:
                    62:9e:db:a2:be:ce:a7:5e:5a:7e:7b:35:5c:4e:08:
                    d2:f8:81:ad:fd:18:ff:9a:07:05:30:53:24:9c:55:
                    23:c0:d8:84:a8:a2:26:dd:24:a8:94:90:3c:05:7d:
                    d1:4d:43:25:cf:1e:16:55:53:11:81:6e:f4:45:19:
                    0d:d0:54:b9:64:b0:37:e1:44:c2:7e:0a:af:0f:7d:
                    ac:c6:8e:15:8a:60:da:45:b1:d0:2e:22:04:b9:f4:
                    9a:35:8a:b5:a0:07:87:55:fd:10:61:39:4d:1b:36:
                    fd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:3E:14:59:A4:B6:27:BE:CD:3B:8D:78:9C:93:95:E2:AD:85:EC:0D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ad63be3-0aab-48af-9a30-591c1d342077.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         d3:62:e5:25:cb:f9:7e:d2:85:3d:e7:60:a7:bf:5b:d8:59:84:
         0a:15:11:79:1f:1e:9e:1d:d7:8a:2f:14:f5:d2:29:f9:06:20:
         45:46:43:7d:9d:06:51:8f:18:a1:f1:4d:c4:65:78:f5:50:a6:
         df:1f:88:11:d0:90:b6:21:93:e5:ab:97:55:9a:a5:00:ad:66:
         a7:4e:29:83:27:a5:3a:3f:d7:74:c5:3e:7f:94:38:12:ed:11:
         3d:e5:d3:e4:7f:7f:a0:b9:28:33:dc:43:d4:35:59:79:18:73:
         6a:d3:15:cc:15:e3:7f:03:65:b9:8d:0c:91:84:07:ee:a2:9a:
         51:3f:fe:fb:9d:3e:f1:e5:89:84:67:ef:3f:6d:e9:75:21:9d:
         23:d6:80:87:94:57:b9:dd:f5:be:17:93:3d:09:21:f3:1b:b0:
         25:25:77:44:e1:f6:5e:83:ce:dd:d0:af:0a:7e:5a:63:51:a8:
         85:8b:5a:2a:bb:b2:a5:e0:d0:04:7c:2a:42:0c:f4:dd:fe:ad:
         bf:fc:5d:cb:2a:b6:e3:9e:fc:cf:0a:b9:f1:f5:21:75:da:0e:
         a0:f3:08:90:16:17:29:18:1a:5d:f2:5a:d9:33:81:4b:f4:5a:
         92:f7:66:6b:a5:6f:3a:63:58:ad:07:c5:b7:d2:6d:e1:61:4e:
         fc:e8:49:22
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUDu3HzA3OWG1JzeKd1RzIQkHGT14wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDEwMDQzWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTllNTgyNjYzOGY4YTE1ZmI1ZmZlMzUwOGE1NmQ5MGZi
NWEwZjFiMjgzNWVjODkzOGQ1MTgzZjk3ZTlmNWQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCorRHw9bBXfSXwUziLT0RK/bEt1gGe+GSgPRXH9Vo9lf4X
50yqzC4L+9cKgfzo2Alt0gEon0a94xuDq8BgosbVpU1VpFeLveUOfehRQtT8Uuux
enOpyMZOQ3tXgVDqtVOWDf7f6cWrReQKra7XSjXZt9IDLyRMH1G5lLxERFrnuQXX
E2Kc4OCakL+EpHrsWJZcuiz5aWKe26K+zqdeWn57NVxOCNL4ga39GP+aBwUwUySc
VSPA2ISooibdJKiUkDwFfdFNQyXPHhZVUxGBbvRFGQ3QVLlksDfhRMJ+Cq8PfazG
jhWKYNpFsdAuIgS59Jo1irWgB4dV/RBhOU0bNv2DAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUFD4UWaS2J77NO414nJOV4q2F7A0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhZDYzYmUzLTBhYWItNDhhZi05YTMwLTU5MWMxZDM0MjA3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8yNDANBgkqhkiG9w0BAQsFAAOCAQEA02LlJcv5ftKFPedgp79b2FmE
ChUReR8enh3Xii8U9dIp+QYgRUZDfZ0GUY8YofFNxGV49VCm3x+IEdCQtiGT5auX
VZqlAK1mp04pgyelOj/XdMU+f5Q4Eu0RPeXT5H9/oLkoM9xD1DVZeRhzatMVzBXj
fwNluY0MkYQH7qKaUT/++50+8eWJhGfvP23pdSGdI9aAh5RXud31vheTPQkh8xuw
JSV3ROH2XoPO3dCvCn5aY1GohYtaKruypeDQBHwqQgz03f6tv/xdyyq24578zwq5
8fUhddoOoPMIkBYXKRgaXfJa2TOBS/Rakvdma6VvOmNYrQfFt9Jt4WFO/OhJIg==
-----END CERTIFICATE-----