Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9814519b-e29c-45df-b37a-f202bfa4d2cd.roa
File:                     9814519b-e29c-45df-b37a-f202bfa4d2cd.roa (raw, json)
Hash identifier:          UvfUs6GfsGZHZM2I452+vfDkaPY7QVrRAoW93eFjMbs=
Subject key identifier:   F3:CF:A7:92:7E:54:7E:45:44:51:D8:1C:59:D5:E9:EB:A1:4D:34:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E172F262CE4DFFEEB56E07C798664C8D0D71FD1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9814519b-e29c-45df-b37a-f202bfa4d2cd.roa
Signing time:             Wed 12 Nov 2025 01:50:06 +0000
ROA not before:           Wed 12 Nov 2025 01:50:06 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:5000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:17:2f:26:2c:e4:df:fe:eb:56:e0:7c:79:86:64:c8:d0:d7:1f:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:50:06 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=e18505bd3367e32ca383dd232781ea15c31b6c442740f5baa8c9852d54001f9a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6e:56:83:b4:83:95:51:2b:bb:1c:69:8b:88:
                    4a:c6:13:92:8b:a6:76:62:b4:b3:36:38:21:e2:73:
                    3b:e1:69:f6:30:8e:1d:55:fc:16:86:0e:48:dc:ed:
                    eb:f1:80:ea:4b:9d:6b:91:06:d8:c7:37:b4:f8:04:
                    87:a2:d3:f3:29:c0:60:bd:43:2d:a1:22:f9:a3:4f:
                    20:86:da:0e:4f:7d:f0:d2:2c:49:ce:f2:f0:ca:4b:
                    3f:db:61:22:8c:23:46:b0:27:0b:94:17:85:99:e3:
                    4a:80:22:db:eb:54:39:fd:5a:c1:36:fa:55:a0:9d:
                    01:4b:32:e4:87:90:bc:1c:ca:7e:46:91:cf:11:df:
                    72:36:ba:04:10:c0:62:73:18:4f:72:47:06:85:1e:
                    12:b8:bc:8c:e6:30:8e:d5:55:e8:90:70:15:d5:5c:
                    87:a3:3d:18:70:c1:97:8b:80:dd:e0:00:4f:f0:ed:
                    d2:d5:85:cb:17:08:51:5f:e2:03:6d:e8:3f:bb:43:
                    b8:ad:54:55:03:7d:2f:59:3c:ee:7b:b8:be:f0:26:
                    ce:2e:46:21:91:70:fb:c9:5d:13:5e:af:8c:59:96:
                    75:2b:0f:a7:cd:7e:8b:58:1c:8f:1a:64:68:69:3a:
                    21:35:44:d0:3b:7b:48:73:b0:6f:87:97:51:be:d3:
                    4b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CF:A7:92:7E:54:7E:45:44:51:D8:1C:59:D5:E9:EB:A1:4D:34:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9814519b-e29c-45df-b37a-f202bfa4d2cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         85:e2:82:c0:25:11:c7:b0:3e:00:27:89:ff:6c:91:8d:bc:2f:
         3d:2a:db:bd:bd:27:3e:62:6d:cd:05:d7:d1:2f:0f:4e:91:6b:
         55:0b:46:94:60:5e:7f:35:fe:c6:d3:8a:55:70:b4:ab:15:45:
         86:28:12:a3:e4:d6:ba:a5:8a:19:18:42:5f:68:93:71:ba:df:
         f1:4c:77:24:39:69:4d:33:4f:17:b2:2e:76:01:2e:8f:b3:5c:
         f2:6d:37:77:16:b8:77:1e:1a:57:66:ab:7e:ae:67:ae:a2:ed:
         4a:be:03:17:56:46:c2:d3:a9:ed:aa:70:08:81:85:81:c3:9e:
         f9:e1:da:6e:d2:59:73:ff:e9:d8:92:5a:dd:05:78:eb:4e:0c:
         5c:ae:94:92:50:31:5a:17:2a:6c:31:28:31:af:f1:84:6a:85:
         9a:3b:57:38:16:26:72:45:32:cf:51:0f:a8:38:e1:0f:e4:57:
         48:26:f8:dc:c2:da:c2:2c:3d:ca:a0:e5:33:b8:69:77:0d:b0:
         6c:a2:04:88:ad:76:2f:52:80:18:65:b9:37:45:70:bd:23:d4:
         82:62:3f:50:f6:d4:bc:c0:4b:22:8f:88:56:a4:a6:31:84:af:
         d0:34:ab:98:4f:f3:ba:fb:ee:74:9a:9d:a7:a8:37:91:77:81:
         42:bd:5c:c2
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIULhcvJizk3/7rVuB8eYZkyNDXH9EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDE1MDA2WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMTg1MDViZDMzNjdlMzJjYTM4M2RkMjMyNzgxZWExNWMz
MWI2YzQ0Mjc0MGY1YmFhOGM5ODUyZDU0MDAxZjlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlblaDtIOVUSu7HGmLiErGE5KLpnZitLM2OCHiczvhafYw
jh1V/BaGDkjc7evxgOpLnWuRBtjHN7T4BIei0/MpwGC9Qy2hIvmjTyCG2g5PffDS
LEnO8vDKSz/bYSKMI0awJwuUF4WZ40qAItvrVDn9WsE2+lWgnQFLMuSHkLwcyn5G
kc8R33I2ugQQwGJzGE9yRwaFHhK4vIzmMI7VVeiQcBXVXIejPRhwwZeLgN3gAE/w
7dLVhcsXCFFf4gNt6D+7Q7itVFUDfS9ZPO57uL7wJs4uRiGRcPvJXRNer4xZlnUr
D6fNfotYHI8aZGhpOiE1RNA7e0hzsG+Hl1G+00t3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU88+nkn5UfkVEUdgcWdXp66FNNKYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4MTQ1MTliLWUyOWMtNDVkZi1iMzdhLWYyMDJiZmE0ZDJjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wUDANBgkqhkiG9w0BAQsFAAOCAQEAheKCwCURx7A+ACeJ/2yRjbwv
PSrbvb0nPmJtzQXX0S8PTpFrVQtGlGBefzX+xtOKVXC0qxVFhigSo+TWuqWKGRhC
X2iTcbrf8Ux3JDlpTTNPF7IudgEuj7Nc8m03dxa4dx4aV2arfq5nrqLtSr4DF1ZG
wtOp7apwCIGFgcOe+eHabtJZc//p2JJa3QV4604MXK6UklAxWhcqbDEoMa/xhGqF
mjtXOBYmckUyz1EPqDjhD+RXSCb43MLawiw9yqDlM7hpdw2wbKIEiK12L1KAGGW5
N0VwvSPUgmI/UPbUvMBLIo+IVqSmMYSv0DSrmE/zuvvudJqdp6g3kXeBQr1cwg==
-----END CERTIFICATE-----