Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d8f8f28-d1ae-4e91-b39a-406776ee0fde.roa
File:                     8d8f8f28-d1ae-4e91-b39a-406776ee0fde.roa (raw, json)
Hash identifier:          FX+Gx8jjb9MNMUe+2DuXO5vL+c5OYDN/EaU+LbSWV34=
Subject key identifier:   F6:21:70:C1:1B:A3:26:C6:13:E4:DC:BB:D5:6F:0C:87:14:74:52:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24F2E6773FA53747BC9C279C15559ACBC1F490C5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d8f8f28-d1ae-4e91-b39a-406776ee0fde.roa
Signing time:             Wed 12 Nov 2025 01:10:59 +0000
ROA not before:           Wed 12 Nov 2025 01:10:59 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f17:8000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:f2:e6:77:3f:a5:37:47:bc:9c:27:9c:15:55:9a:cb:c1:f4:90:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:10:59 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=e0d8b76d56e79e88b5b5a2ffcfe5dded4dbda5f825f10ef726572c8d5b990a9a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2a:b7:e7:21:c1:b1:9c:9c:cf:a9:95:14:35:
                    cf:fa:90:1e:1b:03:a1:c2:ea:76:54:68:d8:cb:d7:
                    81:9a:c9:17:36:8a:9c:d3:95:0a:27:57:11:c3:00:
                    11:5b:fe:07:a4:68:f3:cd:ec:58:aa:c5:ea:89:fa:
                    80:af:e8:1b:0a:b7:f4:bf:68:c9:24:a3:82:12:fa:
                    fd:b4:0a:6b:a9:d7:5b:56:82:93:a9:d1:a6:a3:58:
                    d9:c9:ce:6d:1d:18:93:0c:6f:0a:5f:9c:23:48:d2:
                    aa:77:af:d3:09:fb:75:83:10:0a:6b:85:de:5d:ee:
                    a5:83:06:d8:be:43:c3:40:45:ec:37:3f:ab:56:05:
                    51:94:4c:c3:46:a1:2a:9a:67:a7:64:b1:8c:93:8c:
                    c6:0b:84:81:b3:09:49:b3:fd:e3:e3:84:04:b5:13:
                    df:f8:a7:39:7c:52:82:86:d8:24:5f:44:20:23:cb:
                    e5:a0:c8:ae:0a:96:95:7b:77:70:eb:7e:6a:c0:e5:
                    75:00:e0:fa:33:89:16:09:2b:d2:bc:03:2a:0f:a9:
                    4e:34:75:d9:71:bd:cc:0b:8c:9d:50:c8:da:b4:d2:
                    3a:48:12:c2:c1:cd:7c:bf:10:c4:45:71:bf:a3:08:
                    f7:4a:0e:53:cf:2f:28:84:cc:20:ad:1e:b0:b8:7e:
                    03:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:21:70:C1:1B:A3:26:C6:13:E4:DC:BB:D5:6F:0C:87:14:74:52:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d8f8f28-d1ae-4e91-b39a-406776ee0fde.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f17:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         82:55:ad:56:9a:ef:6f:73:0c:61:6d:84:5f:6d:35:63:87:8d:
         4b:6b:d4:e6:82:42:98:a6:bb:29:cc:66:4a:72:ee:6c:d0:f0:
         c8:7c:82:51:af:e6:6e:c1:67:d9:7d:72:58:fb:ae:48:09:f1:
         0f:5e:46:9a:76:1b:fa:81:82:89:41:84:30:37:53:d5:e4:2a:
         2d:e5:1e:02:00:50:38:30:f9:56:4b:6b:b9:bf:03:47:1c:47:
         36:b6:7e:32:f9:2e:f7:c1:7c:29:f1:b2:bb:6b:ed:43:29:76:
         d5:ab:bb:59:5e:2b:d3:b1:ad:dc:b0:6e:cc:6a:92:11:7f:69:
         b5:f9:6d:4c:9b:46:a9:f4:e5:cc:5c:39:90:23:55:64:d9:ac:
         fa:f7:de:25:0e:24:c0:e6:bd:67:53:5f:f7:63:bc:e8:30:28:
         c7:91:02:c1:74:4b:f2:58:6f:08:87:fe:7d:8b:40:74:c2:85:
         2d:7c:9f:fd:f9:cc:f0:96:cc:f5:a6:c1:9a:e7:0a:5b:41:59:
         29:68:ae:19:53:2a:25:b0:3e:60:b1:b5:2e:62:b8:58:6f:5a:
         78:06:97:d5:8f:73:88:8e:0b:ab:25:9d:1d:a2:1f:59:cf:17:
         c4:ac:1a:6f:5d:45:40:0c:02:28:d5:08:9a:95:04:55:9b:96:
         37:95:f4:98
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJPLmdz+lN0e8nCecFVWay8H0kMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDExMDU5WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMGQ4Yjc2ZDU2ZTc5ZTg4YjViNWEyZmZjZmU1ZGRlZDRk
YmRhNWY4MjVmMTBlZjcyNjU3MmM4ZDViOTkwYTlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOKrfnIcGxnJzPqZUUNc/6kB4bA6HC6nZUaNjL14GayRc2
ipzTlQonVxHDABFb/gekaPPN7FiqxeqJ+oCv6BsKt/S/aMkko4IS+v20Cmup11tW
gpOp0aajWNnJzm0dGJMMbwpfnCNI0qp3r9MJ+3WDEAprhd5d7qWDBti+Q8NARew3
P6tWBVGUTMNGoSqaZ6dksYyTjMYLhIGzCUmz/ePjhAS1E9/4pzl8UoKG2CRfRCAj
y+WgyK4KlpV7d3DrfmrA5XUA4PoziRYJK9K8AyoPqU40ddlxvcwLjJ1QyNq00jpI
EsLBzXy/EMRFcb+jCPdKDlPPLyiEzCCtHrC4fgPNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU9iFwwRujJsYT5Ny71W8MhxR0UqcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkOGY4ZjI4LWQxYWUtNGU5MS1iMzlhLTQwNjc3NmVlMGZkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8XgDANBgkqhkiG9w0BAQsFAAOCAQEAglWtVprvb3MMYW2EX201Y4eN
S2vU5oJCmKa7KcxmSnLubNDwyHyCUa/mbsFn2X1yWPuuSAnxD15GmnYb+oGCiUGE
MDdT1eQqLeUeAgBQODD5Vktrub8DRxxHNrZ+Mvku98F8KfGyu2vtQyl21au7WV4r
07Gt3LBuzGqSEX9ptfltTJtGqfTlzFw5kCNVZNms+vfeJQ4kwOa9Z1Nf92O86DAo
x5ECwXRL8lhvCIf+fYtAdMKFLXyf/fnM8JbM9abBmucKW0FZKWiuGVMqJbA+YLG1
LmK4WG9aeAaX1Y9ziI4LqyWdHaIfWc8XxKwab11FQAwCKNUImpUEVZuWN5X0mA==
-----END CERTIFICATE-----