Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6c3245fc-eb21-4145-89bb-6115dd8f5da5.roa
File:                     6c3245fc-eb21-4145-89bb-6115dd8f5da5.roa (raw, json)
Hash identifier:          N6f1u9EJe2MkV+3kiPEMOX5yP5t1QWjS35PRb7dIlZM=
Subject key identifier:   EA:E3:37:E0:FE:C1:A4:A2:FE:09:42:33:5B:94:D3:CD:17:3F:F3:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       335BC4552302547D3B6250FD4084B7E8EFA4BF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6c3245fc-eb21-4145-89bb-6115dd8f5da5.roa
Signing time:             Wed 12 Nov 2025 01:10:08 +0000
ROA not before:           Wed 12 Nov 2025 01:10:08 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:6000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:5b:c4:55:23:02:54:7d:3b:62:50:fd:40:84:b7:e8:ef:a4:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:10:08 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=e97c0bd4df2441e17738c048a452acfc1693961f41f153bb637fea3d9b26a523, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:9c:b0:6b:3a:d4:1f:f8:92:c4:bd:e8:17:ad:
                    6c:9e:36:70:d6:c2:22:ca:a6:b8:d7:87:47:a5:d6:
                    a5:c1:e6:97:49:9c:7e:3f:04:f6:c8:2a:77:f6:93:
                    8c:df:c8:2e:bb:4d:55:e4:99:cf:b0:84:d4:3e:38:
                    35:2e:fe:08:4f:fc:42:ef:9d:b2:fe:ec:b7:44:14:
                    40:b2:5a:3f:6c:ba:c7:25:b2:61:68:ff:14:32:79:
                    af:71:69:0d:99:00:03:29:37:74:da:e3:96:31:4e:
                    3a:a0:65:f6:51:ab:82:47:28:ed:b0:4a:be:df:68:
                    3b:61:2f:34:ca:a6:5f:a7:a5:06:fc:90:01:ce:df:
                    61:43:e0:e6:1a:af:c6:a6:5b:c6:9a:ee:69:57:7e:
                    5a:19:ff:d9:df:42:17:b7:63:0f:98:9b:b7:92:d9:
                    61:94:24:6b:10:1f:2a:32:45:29:6f:8c:44:a8:10:
                    71:a7:c6:11:9e:f4:2b:4e:41:f6:0b:3b:f5:a8:d6:
                    98:13:46:03:11:c3:40:f4:32:b6:c2:22:9c:13:ac:
                    2c:32:80:38:b9:23:b6:91:63:9a:dc:f7:d9:42:42:
                    21:2f:c0:bd:86:cd:94:cc:f1:f5:96:46:f5:03:75:
                    c6:07:e9:e8:b3:df:d0:e1:0e:5f:ba:98:9c:d8:66:
                    34:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:E3:37:E0:FE:C1:A4:A2:FE:09:42:33:5B:94:D3:CD:17:3F:F3:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6c3245fc-eb21-4145-89bb-6115dd8f5da5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         d5:ee:b1:b4:f7:8a:b2:e0:31:01:73:fc:61:a4:e0:63:47:6c:
         de:85:38:59:c6:be:f6:d5:71:a0:73:9c:2f:c6:dc:de:a7:bd:
         25:4d:6a:58:45:86:67:e4:24:7d:d1:f4:69:6f:40:0a:95:c2:
         52:bb:eb:56:28:90:b2:72:23:18:58:29:13:32:34:84:2d:ef:
         e6:b8:21:2d:67:9f:2e:38:4d:a2:a6:35:51:47:10:e8:05:03:
         0d:e0:c1:84:48:15:1f:ef:9a:94:13:18:76:56:91:94:1f:cd:
         40:4c:40:1e:2a:05:b5:85:f7:ee:40:c7:c1:90:a7:2d:aa:32:
         0a:c9:9b:93:ba:be:0d:88:75:eb:e7:67:ec:62:97:b6:e1:54:
         81:05:8d:24:05:49:a2:44:75:8f:bf:d0:11:2b:c6:75:2a:d5:
         aa:72:10:0c:0e:2e:33:bc:cf:03:72:11:e7:59:21:1c:3c:dd:
         a4:d2:ba:57:b3:f1:1d:83:f7:ae:c6:e9:91:aa:8e:7d:b6:09:
         6d:b7:c1:3d:ad:9b:bd:7b:9c:0a:4a:11:99:37:07:6e:59:1c:
         b8:a2:f7:26:53:ef:0c:f7:0c:0e:cc:b3:17:c5:0d:2b:d4:3c:
         ba:ef:36:23:6f:fa:7e:35:a0:ae:8d:52:e3:fe:99:fe:13:43:
         20:0d:82:22
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgITM1vEVSMCVH07YlD9QIS36O+kvzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTExMTIwMTEwMDhaFw0yNTEyMTcyMzU5NTla
MHoxSTBHBgNVBAUTQGU5N2MwYmQ0ZGYyNDQxZTE3NzM4YzA0OGE0NTJhY2ZjMTY5
Mzk2MWY0MWYxNTNiYjYzN2ZlYTNkOWIyNmE1MjMxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOycsGs61B/4ksS96BetbJ42cNbCIsqmuNeHR6XWpcHml0mc
fj8E9sgqd/aTjN/ILrtNVeSZz7CE1D44NS7+CE/8Qu+dsv7st0QUQLJaP2y6xyWy
YWj/FDJ5r3FpDZkAAyk3dNrjljFOOqBl9lGrgkco7bBKvt9oO2EvNMqmX6elBvyQ
Ac7fYUPg5hqvxqZbxpruaVd+Whn/2d9CF7djD5ibt5LZYZQkaxAfKjJFKW+MRKgQ
cafGEZ70K05B9gs79ajWmBNGAxHDQPQytsIinBOsLDKAOLkjtpFjmtz32UJCIS/A
vYbNlMzx9ZZG9QN1xgfp6LPf0OEOX7qYnNhmNAECAwEAAaOCArMwggKvMB0GA1Ud
DgQWBBTq4zfg/sGkov4JQjNblNPNFz/zKTAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvNmMzMjQ1ZmMtZWIyMS00MTQ1LTg5YmItNjExNWRkOGY1ZGE1LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIw
CAMGACYAH/FgMA0GCSqGSIb3DQEBCwUAA4IBAQDV7rG094qy4DEBc/xhpOBjR2ze
hThZxr721XGgc5wvxtzep70lTWpYRYZn5CR90fRpb0AKlcJSu+tWKJCyciMYWCkT
MjSELe/muCEtZ58uOE2ipjVRRxDoBQMN4MGESBUf75qUExh2VpGUH81ATEAeKgW1
hffuQMfBkKctqjIKyZuTur4NiHXr52fsYpe24VSBBY0kBUmiRHWPv9ARK8Z1KtWq
chAMDi4zvM8DchHnWSEcPN2k0rpXs/Edg/euxumRqo59tgltt8E9rZu9e5wKShGZ
NwduWRy4ovcmU+8M9wwOzLMXxQ0r1Dy67zYjb/p+NaCujVLj/pn+E0MgDYIi
-----END CERTIFICATE-----