Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c09eb33-9642-4506-acdc-cda09a75dedd.roa
File:                     8c09eb33-9642-4506-acdc-cda09a75dedd.roa (raw, json)
Hash identifier:          rQW3QYlFY2BxWDVsfyLyTtzcxNtNMfBDnsJyiYl49f8=
Subject key identifier:   8F:66:6F:B7:69:B9:44:C8:0E:62:CA:5A:56:2B:35:89:C2:AF:76:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       274A5D229534E84C96570623BDF7B4CB504236A3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c09eb33-9642-4506-acdc-cda09a75dedd.roa
Signing time:             Wed 12 Nov 2025 02:10:09 +0000
ROA not before:           Wed 12 Nov 2025 02:10:09 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:1000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:4a:5d:22:95:34:e8:4c:96:57:06:23:bd:f7:b4:cb:50:42:36:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:10:09 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=2fcf5227b15ab40a4642b776e151e1b0d70c7c4d93e2c62e8fc0b56a82eadbce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:96:3c:3e:9c:9f:40:af:80:4f:17:b6:80:76:
                    56:35:d8:0d:8a:b7:90:dd:04:54:a7:95:0f:7c:e1:
                    41:53:ef:d0:e1:cb:46:8b:a5:31:c8:fd:70:41:03:
                    16:0a:69:20:b3:2c:19:8f:95:5b:f7:03:1d:ff:83:
                    40:84:69:a4:7b:c4:8f:05:a3:ea:5d:32:a0:28:d6:
                    b3:79:f9:cf:66:1c:d7:2b:ad:65:41:cc:1b:a0:d0:
                    9b:e8:de:95:42:a6:0d:29:32:3e:ba:d3:2b:60:15:
                    29:24:39:2d:e7:bd:00:13:e4:f8:34:68:0c:ff:f2:
                    ed:c8:a1:62:e2:fd:ca:1b:f3:e8:3b:e4:2e:b0:8a:
                    25:d8:3a:af:cb:1e:e5:82:53:cd:3f:d8:64:63:65:
                    71:cb:66:bd:b3:13:51:85:a8:d2:30:e8:ff:3b:a9:
                    b6:8d:e9:8b:20:65:15:93:6d:1d:cd:03:53:2c:ec:
                    a4:11:25:4d:11:06:91:9f:e0:c0:43:66:7b:ae:5a:
                    cd:0d:83:98:4d:93:ab:98:b4:cb:83:05:f9:64:c2:
                    62:21:17:53:cd:b9:67:cd:83:55:97:8c:2a:34:cf:
                    17:28:16:31:da:44:57:e4:11:5a:f1:1b:1a:bb:04:
                    9f:96:9b:4f:74:22:e8:2c:ab:3f:d5:b0:b4:7a:65:
                    bd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:66:6F:B7:69:B9:44:C8:0E:62:CA:5A:56:2B:35:89:C2:AF:76:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c09eb33-9642-4506-acdc-cda09a75dedd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b8:97:40:6f:76:1c:1f:e4:89:5d:96:73:5c:d0:85:82:e5:c1:
         c8:63:d9:24:e4:a0:38:93:fb:d0:65:05:26:01:e4:0f:7b:2a:
         83:cb:e4:da:22:64:d0:f8:47:96:2c:90:92:27:63:53:4c:77:
         9b:3b:4f:97:6f:39:8e:6f:68:ec:24:2b:95:00:4e:15:41:d0:
         78:96:0b:5b:06:85:14:3a:b8:3d:08:10:c2:0e:e0:3e:64:76:
         9e:3a:82:a8:8e:e3:89:2f:ba:83:05:0e:a5:e8:0a:51:fe:ae:
         10:ce:fb:f5:cb:8f:04:7d:61:16:1f:42:32:86:51:b4:4f:71:
         c2:61:92:7b:7b:fc:96:b1:f0:a9:3b:35:f0:04:cb:08:9e:3a:
         0d:d4:a2:71:36:c1:86:d1:bb:25:ea:25:90:a1:53:5c:8b:de:
         30:5d:6e:8c:c5:7b:0b:db:c7:32:1b:7a:36:ef:f7:3b:18:99:
         cf:c0:26:81:19:ac:b0:2e:d9:11:ab:de:25:85:f0:92:4e:0b:
         5e:63:37:53:13:0f:ac:43:9b:0d:2f:1c:ef:7d:0f:8a:38:27:
         c0:7a:0f:dc:f3:7b:59:6f:a4:67:f4:c9:cc:1c:1c:1a:38:35:
         54:f3:f6:7d:96:b1:19:16:a0:e8:dd:ba:79:64:3c:4d:32:e2:
         84:2f:79:0b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJ0pdIpU06EyWVwYjvfe0y1BCNqMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIxMDA5WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZmNmNTIyN2IxNWFiNDBhNDY0MmI3NzZlMTUxZTFiMGQ3
MGM3YzRkOTNlMmM2MmU4ZmMwYjU2YTgyZWFkYmNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZljw+nJ9Ar4BPF7aAdlY12A2Kt5DdBFSnlQ984UFT79Dh
y0aLpTHI/XBBAxYKaSCzLBmPlVv3Ax3/g0CEaaR7xI8Fo+pdMqAo1rN5+c9mHNcr
rWVBzBug0Jvo3pVCpg0pMj660ytgFSkkOS3nvQAT5Pg0aAz/8u3IoWLi/cob8+g7
5C6wiiXYOq/LHuWCU80/2GRjZXHLZr2zE1GFqNIw6P87qbaN6YsgZRWTbR3NA1Ms
7KQRJU0RBpGf4MBDZnuuWs0Ng5hNk6uYtMuDBflkwmIhF1PNuWfNg1WXjCo0zxco
FjHaRFfkEVrxGxq7BJ+Wm090Iugsqz/VsLR6Zb0HAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUj2Zvt2m5RMgOYspaVis1icKvdjgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhjMDllYjMzLTk2NDItNDUwNi1hY2RjLWNkYTA5YTc1ZGVkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/yEDANBgkqhkiG9w0BAQsFAAOCAQEAuJdAb3YcH+SJXZZzXNCFguXB
yGPZJOSgOJP70GUFJgHkD3sqg8vk2iJk0PhHliyQkidjU0x3mztPl285jm9o7CQr
lQBOFUHQeJYLWwaFFDq4PQgQwg7gPmR2njqCqI7jiS+6gwUOpegKUf6uEM779cuP
BH1hFh9CMoZRtE9xwmGSe3v8lrHwqTs18ATLCJ46DdSicTbBhtG7JeolkKFTXIve
MF1ujMV7C9vHMht6Nu/3OxiZz8AmgRmssC7ZEaveJYXwkk4LXmM3UxMPrEObDS8c
730PijgnwHoP3PN7WW+kZ/TJzBwcGjg1VPP2fZaxGRag6N26eWQ8TTLihC95Cw==
-----END CERTIFICATE-----