Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/803f3a95-a624-4af0-8fbd-52c2e78f6985.roa
File:                     803f3a95-a624-4af0-8fbd-52c2e78f6985.roa (raw, json)
Hash identifier:          CIlgoeYPsbPkwmRl5d5jYP9d/pf4dIMBOb27eZqoOCE=
Subject key identifier:   71:D1:88:D8:5A:59:C0:16:A7:B8:BE:1E:3B:39:F9:B9:6B:BA:D4:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DF84B12912229F724A1ED5561744E80AD6E81
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/803f3a95-a624-4af0-8fbd-52c2e78f6985.roa
Signing time:             Wed 12 Nov 2025 00:20:09 +0000
ROA not before:           Wed 12 Nov 2025 00:20:09 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f18:c800::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:f8:4b:12:91:22:29:f7:24:a1:ed:55:61:74:4e:80:ad:6e:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:20:09 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=2d39b116e4e25381c0d0ee7425b315b8aea6d40c3fa3fbcc1d6fa817b2a39c1b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:14:6a:f0:fd:0d:65:37:a5:ff:4c:9c:53:e1:
                    b7:05:7b:49:eb:8a:98:e9:07:f7:84:3d:3d:e6:3e:
                    bf:d3:ba:5e:d9:a5:4f:ee:55:57:a8:32:b9:ec:60:
                    16:71:e1:74:81:ee:56:d1:c7:56:f3:e5:a0:df:21:
                    f3:dd:03:86:63:bc:15:d5:cd:91:32:42:5e:16:c1:
                    1b:8a:f6:0f:13:66:f2:81:88:77:17:b4:6d:f1:ea:
                    dc:d3:6e:5b:43:55:73:5a:59:2e:e4:74:ad:c7:01:
                    5a:e6:98:6e:c5:af:10:62:c3:f3:21:1b:69:16:f3:
                    47:29:78:63:b1:83:d8:3b:e1:36:ad:da:00:6f:e5:
                    71:69:e1:13:0a:55:7b:ff:18:2e:29:d3:fd:9d:67:
                    3a:7f:ad:16:c1:7d:38:b0:e5:8f:4e:c2:2c:6c:cc:
                    90:44:67:25:df:67:55:ca:5a:40:97:43:27:04:a2:
                    4f:58:5c:2e:d2:1c:70:a7:2b:57:c5:fe:78:07:85:
                    73:b7:7a:9e:54:01:d1:c6:ce:8f:72:73:ea:aa:3a:
                    71:16:9b:19:02:30:2f:67:18:e5:f3:96:8b:48:04:
                    09:f2:bb:37:8a:44:a7:56:9b:dc:fd:61:09:1f:eb:
                    e4:7f:f5:d9:48:a7:62:35:b5:f1:41:c6:20:64:bb:
                    c9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D1:88:D8:5A:59:C0:16:A7:B8:BE:1E:3B:39:F9:B9:6B:BA:D4:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/803f3a95-a624-4af0-8fbd-52c2e78f6985.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f18:c800::/37

    Signature Algorithm: sha256WithRSAEncryption
         3e:db:c7:c2:75:d3:23:a1:e2:6a:ed:99:63:e0:d0:d9:e6:a8:
         3a:c1:aa:8e:47:0f:7e:db:75:3e:fb:60:65:59:c9:52:e4:86:
         78:75:6d:87:59:09:ec:aa:70:81:22:07:fa:bf:af:7a:74:db:
         a5:ea:16:6e:a0:05:88:35:95:51:9e:96:52:02:91:5e:ee:80:
         4d:df:30:61:45:54:1d:5d:eb:e8:36:81:66:ec:06:a9:1f:f1:
         59:84:3b:91:50:e6:81:56:78:a2:5c:e0:84:33:c3:6e:be:c6:
         18:d1:b8:e2:79:11:4f:e6:88:b7:7e:8d:62:6c:f8:16:e5:37:
         64:53:f3:ad:0a:b2:ab:95:d6:ee:ad:16:b7:8b:d6:49:6a:5f:
         f3:de:ca:7b:04:bb:aa:77:63:c8:3b:37:06:0f:6c:1f:de:a5:
         90:49:77:1a:6d:8d:50:3b:8d:38:fa:33:8e:0c:c6:3f:e7:6c:
         2a:3f:65:59:61:42:1a:af:8a:4e:d0:93:25:bc:69:26:35:c0:
         f5:6d:c9:c8:78:56:4c:54:cb:c6:18:42:4c:0f:00:d1:8d:dd:
         47:70:21:3a:31:45:21:85:46:17:be:34:23:2a:20:3e:53:4d:
         56:2c:7f:ee:38:77:f8:67:f0:e1:50:ba:35:ae:25:07:5e:87:
         53:79:26:ab
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgITPfhLEpEiKfckoe1VYXROgK1ugTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTExMTIwMDIwMDlaFw0yNTEyMTcyMzU5NTla
MHoxSTBHBgNVBAUTQDJkMzliMTE2ZTRlMjUzODFjMGQwZWU3NDI1YjMxNWI4YWVh
NmQ0MGMzZmEzZmJjYzFkNmZhODE3YjJhMzljMWIxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANkUavD9DWU3pf9MnFPhtwV7SeuKmOkH94Q9PeY+v9O6Xtml
T+5VV6gyuexgFnHhdIHuVtHHVvPloN8h890DhmO8FdXNkTJCXhbBG4r2DxNm8oGI
dxe0bfHq3NNuW0NVc1pZLuR0rccBWuaYbsWvEGLD8yEbaRbzRyl4Y7GD2DvhNq3a
AG/lcWnhEwpVe/8YLinT/Z1nOn+tFsF9OLDlj07CLGzMkERnJd9nVcpaQJdDJwSi
T1hcLtIccKcrV8X+eAeFc7d6nlQB0cbOj3Jz6qo6cRabGQIwL2cY5fOWi0gECfK7
N4pEp1ab3P1hCR/r5H/12UinYjW18UHGIGS7yYkCAwEAAaOCArMwggKvMB0GA1Ud
DgQWBBRx0YjYWlnAFqe4vh47Ofm5a7rUBTAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvODAzZjNhOTUtYTYyNC00YWYwLThmYmQtNTJjMmU3OGY2OTg1LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIw
CAMGAyYAHxjIMA0GCSqGSIb3DQEBCwUAA4IBAQA+28fCddMjoeJq7Zlj4NDZ5qg6
waqORw9+23U++2BlWclS5IZ4dW2HWQnsqnCBIgf6v696dNul6hZuoAWINZVRnpZS
ApFe7oBN3zBhRVQdXevoNoFm7AapH/FZhDuRUOaBVniiXOCEM8NuvsYY0bjieRFP
5oi3fo1ibPgW5TdkU/OtCrKrldburRa3i9ZJal/z3sp7BLuqd2PIOzcGD2wf3qWQ
SXcabY1QO404+jOODMY/52wqP2VZYUIar4pO0JMlvGkmNcD1bcnIeFZMVMvGGEJM
DwDRjd1HcCE6MUUhhUYXvjQjKiA+U01WLH/uOHf4Z/DhULo1riUHXodTeSar
-----END CERTIFICATE-----