Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/886ae314-24f5-4728-87ba-194d4c08d5af.roa
File:                     886ae314-24f5-4728-87ba-194d4c08d5af.roa (raw, json)
Hash identifier:          nmOReCcyRzTXtI1tQ5VJFem2r1G87CzEPi6qLC5c5F8=
Subject key identifier:   6F:61:B9:8C:1B:11:F1:AC:EE:05:55:67:D2:DC:CE:A0:EE:66:D7:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       131377A64D27DC8686A7A075569433F74ACD334F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/886ae314-24f5-4728-87ba-194d4c08d5af.roa
Signing time:             Tue 11 Nov 2025 02:11:11 +0000
ROA not before:           Tue 11 Nov 2025 02:11:11 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:a480::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:13:77:a6:4d:27:dc:86:86:a7:a0:75:56:94:33:f7:4a:cd:33:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:11:11 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=bcb999915007891b91439037e9698199736a7d3918f19b35fb13935406328b99, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:52:27:55:e0:8b:7a:72:f9:5f:b7:bc:cd:2f:
                    cd:d3:e4:fd:a2:5c:c9:76:7b:13:70:e8:81:0e:1e:
                    2e:12:dc:6d:81:10:ad:e6:d0:80:62:7d:01:5b:17:
                    36:23:2d:02:c7:5e:7d:f9:f3:49:f3:5d:82:39:a0:
                    5c:96:bb:c7:f6:66:dd:eb:f6:a1:6d:75:b9:2c:f9:
                    0d:24:59:9f:fd:43:0f:c9:8a:c0:bc:f5:63:5c:c5:
                    63:7f:7a:71:0e:99:70:f9:10:f7:c6:df:0e:12:f0:
                    5a:9d:fa:24:8a:57:e0:1d:ce:cf:a7:5f:5a:79:a3:
                    8c:af:93:04:5f:69:1e:13:b2:81:d1:7f:a2:6c:ff:
                    f3:c0:ff:e3:85:bf:14:70:fc:74:ab:04:41:d8:cc:
                    28:ac:c1:a8:da:a3:e8:8f:15:29:07:a0:e8:24:5d:
                    8e:1c:59:16:b1:c1:5c:96:85:08:bb:9f:0a:c9:22:
                    47:39:1b:dd:fc:5d:74:60:c6:bb:a3:f8:a9:5b:29:
                    86:b7:da:9c:c1:a9:eb:ce:c5:ed:21:54:0b:8c:3f:
                    1e:64:9d:7c:f1:06:64:a3:16:a1:ea:04:f7:cb:e0:
                    c7:a4:39:8b:b6:c3:a1:55:62:ce:85:15:6a:e1:d3:
                    e0:ab:e8:0e:89:5f:d9:ae:a0:ff:8f:15:08:5c:e8:
                    a6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:61:B9:8C:1B:11:F1:AC:EE:05:55:67:D2:DC:CE:A0:EE:66:D7:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/886ae314-24f5-4728-87ba-194d4c08d5af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:a480::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:07:60:67:80:a5:a6:c9:87:1c:63:d9:da:9c:ee:bf:9b:65:
         2e:35:37:67:26:df:b8:89:55:28:9d:d9:15:b3:15:47:7b:0d:
         63:8c:0f:30:a6:c0:0a:a7:2d:83:b2:bf:ee:3f:01:14:1a:b4:
         4d:a1:b1:9f:36:8f:b5:4d:0c:91:a9:76:dc:8e:ef:3e:a6:d9:
         76:ab:71:98:4d:a4:b5:d9:b3:3f:20:c4:39:5d:ee:f8:04:e7:
         64:b4:64:47:84:e0:28:7d:3a:1f:77:75:7e:ae:f6:23:6f:ac:
         6a:98:e2:c6:38:8f:f5:41:2f:db:2e:a6:45:65:12:18:b2:dc:
         a3:f5:6a:a4:79:45:73:8c:7a:7c:26:9a:91:89:ac:f2:2e:b9:
         76:59:b5:0e:fa:e3:73:06:4d:86:c2:a1:1b:a6:ea:4f:69:1e:
         25:3b:68:2b:62:df:43:f8:3b:2b:ed:c3:ab:3a:42:97:90:2a:
         aa:79:ba:0d:b4:e5:22:99:ac:08:0b:96:a3:f3:4d:c6:a4:17:
         42:63:fa:b8:b4:dd:f0:13:18:2b:90:6a:1b:3f:88:44:c3:ed:
         f4:b7:55:3b:c1:e5:59:f6:15:ae:a5:ce:c4:f3:b6:3a:84:5a:
         4d:0f:5d:05:fd:b8:85:dc:bb:e0:2a:bd:85:71:19:82:ad:6d:
         29:6a:c3:74
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUExN3pk0n3IaGp6B1VpQz90rNM08wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIxMTExWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiY2I5OTk5MTUwMDc4OTFiOTE0MzkwMzdlOTY5ODE5OTcz
NmE3ZDM5MThmMTliMzVmYjEzOTM1NDA2MzI4Yjk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuUidV4It6cvlft7zNL83T5P2iXMl2exNw6IEOHi4S3G2B
EK3m0IBifQFbFzYjLQLHXn3580nzXYI5oFyWu8f2Zt3r9qFtdbks+Q0kWZ/9Qw/J
isC89WNcxWN/enEOmXD5EPfG3w4S8Fqd+iSKV+Adzs+nX1p5o4yvkwRfaR4TsoHR
f6Js//PA/+OFvxRw/HSrBEHYzCiswajao+iPFSkHoOgkXY4cWRaxwVyWhQi7nwrJ
Ikc5G938XXRgxruj+KlbKYa32pzBqevOxe0hVAuMPx5knXzxBmSjFqHqBPfL4Mek
OYu2w6FVYs6FFWrh0+Cr6A6JX9muoP+PFQhc6KbfAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUb2G5jBsR8azuBVVn0tzOoO5m14MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4NmFlMzE0LTI0ZjUtNDcyOC04N2JhLTE5NGQ0YzA4ZDVhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/ypIAwDQYJKoZIhvcNAQELBQADggEBAB0HYGeApabJhxxj2dqc7r+b
ZS41N2cm37iJVSid2RWzFUd7DWOMDzCmwAqnLYOyv+4/ARQatE2hsZ82j7VNDJGp
dtyO7z6m2XarcZhNpLXZsz8gxDld7vgE52S0ZEeE4Ch9Oh93dX6u9iNvrGqY4sY4
j/VBL9supkVlEhiy3KP1aqR5RXOMenwmmpGJrPIuuXZZtQ7643MGTYbCoRum6k9p
HiU7aCti30P4Oyvtw6s6QpeQKqp5ug205SKZrAgLlqPzTcakF0Jj+ri03fATGCuQ
ahs/iETD7fS3VTvB5Vn2Fa6lzsTztjqEWk0PXQX9uIXcu+AqvYVxGYKtbSlqw3Q=
-----END CERTIFICATE-----