Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ac8db7e-0352-4ac5-97df-faf09a2fa46f.roa
File:                     9ac8db7e-0352-4ac5-97df-faf09a2fa46f.roa (raw, json)
Hash identifier:          cM4fbOcavbnLRM0x1OZVPUqe2oOKl2V/JKFctGZSUx0=
Subject key identifier:   F7:D6:0E:77:EA:F7:12:9B:E0:A8:6A:33:43:D0:14:3F:A5:60:50:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       080EAE63D535612272A990158ED82547A2C02DBB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ac8db7e-0352-4ac5-97df-faf09a2fa46f.roa
Signing time:             Tue 11 Nov 2025 02:10:05 +0000
ROA not before:           Tue 11 Nov 2025 02:10:05 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:5080::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:0e:ae:63:d5:35:61:22:72:a9:90:15:8e:d8:25:47:a2:c0:2d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:10:05 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=8cc169d5f23d075156b1db92956c9cbece84fcceb21760da522910a21dbb40fd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:9d:e2:6a:9f:67:6c:ef:0e:13:33:c2:1d:
                    eb:48:f8:21:3e:19:2e:cf:13:e4:d4:70:18:e2:66:
                    50:7d:40:f1:7e:ff:f6:6e:92:03:ed:c4:ae:9d:de:
                    91:cb:1c:30:43:9f:df:84:39:c3:f9:b2:e5:e0:3d:
                    e8:84:cd:ba:d1:87:0b:fd:8f:86:6b:f0:63:33:ab:
                    73:4e:e4:22:87:5a:a3:bc:88:73:ab:36:d9:f6:e5:
                    d9:da:4d:87:6f:4d:f6:6b:2c:bb:05:b0:b8:12:0a:
                    71:ae:54:00:ae:d5:3b:d4:4e:bb:68:83:09:8a:35:
                    bc:e9:2a:d8:b3:8e:7c:4f:c5:ee:e5:87:89:d8:c2:
                    5f:ca:25:0a:97:30:d8:29:1b:78:31:58:dc:fd:ca:
                    70:a2:05:ae:a2:7c:a1:60:81:52:10:60:3a:f0:ab:
                    b1:35:b2:d9:f1:33:c7:9a:f2:37:87:d5:1c:f5:ab:
                    28:a5:63:57:95:25:a8:1e:9b:40:7c:e5:a8:d6:3d:
                    dd:94:af:ee:b2:94:26:a3:c4:a4:84:68:35:11:49:
                    2f:c5:8c:07:39:15:b9:44:be:a5:ef:b5:5a:20:83:
                    59:c9:e4:b8:9a:6a:d9:c8:74:4f:32:b4:82:73:09:
                    92:e2:92:5b:4b:9c:1f:b9:2b:50:57:3c:b0:eb:a6:
                    dd:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:D6:0E:77:EA:F7:12:9B:E0:A8:6A:33:43:D0:14:3F:A5:60:50:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ac8db7e-0352-4ac5-97df-faf09a2fa46f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:5080::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:c0:b3:6d:89:77:af:4b:89:d6:e1:04:99:18:b1:a9:94:e6:
         2f:b0:ef:c6:04:39:d4:58:72:18:23:b9:72:b3:c5:a9:93:8a:
         81:cd:d0:a4:d8:41:73:9b:8b:04:10:6a:60:dc:64:69:ba:0f:
         10:9d:4f:eb:9d:df:b4:74:39:87:cb:35:12:0f:6d:02:89:a9:
         7d:81:c2:e1:4c:d6:a2:a4:20:5c:19:ed:24:00:aa:0d:e1:c9:
         4c:70:55:c4:3a:5e:93:18:74:d8:1f:19:cb:25:0b:c0:19:c1:
         29:70:96:22:23:70:4a:ea:10:20:e8:70:1b:a8:14:1c:a7:ba:
         9a:da:7f:ea:5d:8c:aa:e5:bc:ec:dc:c3:07:e4:3c:9d:b7:ce:
         52:f1:22:84:01:8f:35:6f:fa:2a:5d:23:be:8d:3b:7f:bc:52:
         7f:7b:eb:08:9a:60:c5:8f:04:f2:74:5b:6f:53:60:fd:62:6a:
         c0:0b:06:52:4d:26:b4:d6:9f:33:5c:fb:e9:5d:c8:4b:b7:dc:
         a1:ee:f7:4e:4d:17:fa:82:42:13:3a:54:79:3a:22:71:d0:fd:
         60:05:1b:58:26:3e:13:4d:36:bc:4e:8e:de:22:12:ae:6a:54:
         ca:0c:7f:42:8b:bd:6c:77:aa:44:47:74:0f:e7:9f:66:7b:58:
         9a:f7:ce:61
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCA6uY9U1YSJyqZAVjtglR6LALbswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIxMDA1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2MxNjlkNWYyM2QwNzUxNTZiMWRiOTI5NTZjOWNiZWNl
ODRmY2NlYjIxNzYwZGE1MjI5MTBhMjFkYmI0MGZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyeZ3iap9nbO8OEzPCHetI+CE+GS7PE+TUcBjiZlB9QPF+
//ZukgPtxK6d3pHLHDBDn9+EOcP5suXgPeiEzbrRhwv9j4Zr8GMzq3NO5CKHWqO8
iHOrNtn25dnaTYdvTfZrLLsFsLgSCnGuVACu1TvUTrtogwmKNbzpKtizjnxPxe7l
h4nYwl/KJQqXMNgpG3gxWNz9ynCiBa6ifKFggVIQYDrwq7E1stnxM8ea8jeH1Rz1
qyilY1eVJagem0B85ajWPd2Ur+6ylCajxKSEaDURSS/FjAc5FblEvqXvtVogg1nJ
5LiaatnIdE8ytIJzCZLikltLnB+5K1BXPLDrpt0nAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU99YOd+r3EpvgqGozQ9AUP6VgUCkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhYzhkYjdlLTAzNTItNGFjNS05N2RmLWZhZjA5YTJmYTQ2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//UIAwDQYJKoZIhvcNAQELBQADggEBABXAs22Jd69LidbhBJkYsamU
5i+w78YEOdRYchgjuXKzxamTioHN0KTYQXObiwQQamDcZGm6DxCdT+ud37R0OYfL
NRIPbQKJqX2BwuFM1qKkIFwZ7SQAqg3hyUxwVcQ6XpMYdNgfGcslC8AZwSlwliIj
cErqECDocBuoFBynupraf+pdjKrlvOzcwwfkPJ23zlLxIoQBjzVv+ipdI76NO3+8
Un976wiaYMWPBPJ0W29TYP1iasALBlJNJrTWnzNc++ldyEu33KHu905NF/qCQhM6
VHk6InHQ/WAFG1gmPhNNNrxOjt4iEq5qVMoMf0KLvWx3qkRHdA/nn2Z7WJr3zmE=
-----END CERTIFICATE-----