Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a257878e-10ee-4838-922c-30999880ff07.roa
File:                     a257878e-10ee-4838-922c-30999880ff07.roa (raw, json)
Hash identifier:          jAB0feZ/kB2RR8nDKeR/Px8xtTUe7vefAL++KaUrySs=
Subject key identifier:   A4:1E:D3:3C:B0:43:EC:0F:73:CF:14:60:B9:68:9C:BE:7E:23:A9:F2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0C2977832DFC94DFF3C6A8EC8B895F6057754412
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a257878e-10ee-4838-922c-30999880ff07.roa
Signing time:             Thu 13 Nov 2025 01:00:07 +0000
ROA not before:           Thu 13 Nov 2025 01:00:07 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fed:3400::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:29:77:83:2d:fc:94:df:f3:c6:a8:ec:8b:89:5f:60:57:75:44:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 01:00:07 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=afb4529e7a73bfbc185db69bc6b585909af4a5a040e793203b9f12956da72d1b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cd:26:3d:31:57:a9:4f:94:0a:cd:41:52:da:
                    c8:01:e1:4f:ce:93:a2:39:e3:54:6b:fc:dc:0e:e8:
                    fb:5e:27:0f:f3:40:29:ea:9a:4f:4c:eb:ca:71:ae:
                    73:7e:3f:57:a8:a6:cc:95:d8:a8:b7:20:7f:00:e6:
                    f6:4d:e5:30:3b:73:c4:ae:f3:35:20:06:6a:87:63:
                    1c:5c:25:56:e6:64:f3:36:40:79:77:53:ab:b6:aa:
                    89:5f:4d:0e:0a:91:06:4d:c0:2b:35:69:ba:8e:37:
                    2c:95:7a:33:01:d1:4b:d4:5d:c9:d4:ec:2a:5a:72:
                    f7:b5:54:cb:da:0c:1f:cb:8e:07:bc:fd:ec:cc:c5:
                    4e:8d:a1:a4:da:45:07:0f:8f:66:d9:bd:61:e2:5a:
                    86:e8:dc:79:e8:0d:36:c9:5e:07:74:ad:60:e3:92:
                    c2:85:5a:65:a1:f2:27:69:f6:07:a1:a1:97:43:13:
                    c6:1c:05:99:a3:22:da:d0:dd:d5:e8:be:26:6e:a5:
                    a6:04:de:96:f1:0f:f5:7f:b5:ed:15:81:44:74:14:
                    f4:dd:33:d7:b7:5b:e6:11:58:1d:ed:c1:90:00:96:
                    ee:96:7d:b0:11:52:e3:9f:24:94:69:c4:34:9d:86:
                    0f:fa:44:e1:9c:f6:85:22:a8:8c:59:ec:93:bc:44:
                    a8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:1E:D3:3C:B0:43:EC:0F:73:CF:14:60:B9:68:9C:BE:7E:23:A9:F2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a257878e-10ee-4838-922c-30999880ff07.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fed:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         d7:36:f8:86:9f:6c:45:a8:ca:4b:76:95:ac:41:db:65:d5:7a:
         8e:40:91:f5:5a:4d:51:f0:02:24:95:86:23:8a:fa:c4:b3:22:
         49:bc:46:48:bf:d8:e0:6b:b9:ba:1a:e4:79:fe:c8:91:61:c4:
         80:42:93:0a:62:0c:39:9d:9c:e9:00:c5:26:32:06:21:54:31:
         31:75:66:9e:a3:9c:5e:20:f8:fe:98:38:fa:32:d3:57:96:ed:
         94:8b:85:41:f8:4d:84:b1:4e:03:39:da:ac:a1:95:9a:9d:b1:
         02:73:c0:f4:ab:49:2d:8d:d5:f3:df:e2:53:b5:5e:ca:e8:b4:
         a6:cb:00:f6:61:fb:ad:e1:4a:66:d6:09:8d:ad:7a:33:e2:bc:
         1c:22:23:c8:54:f5:8a:78:32:57:e9:37:42:6b:09:af:9e:d6:
         da:c3:76:24:c8:86:bd:da:27:ab:2b:15:9f:e1:e5:5e:fc:5c:
         1a:fc:d9:38:c4:ec:74:fe:89:63:92:d3:dd:ed:3d:c5:bf:8c:
         f5:d8:87:41:15:12:ae:85:c2:43:60:f7:f8:8d:bb:94:18:27:
         ae:11:e1:1d:70:77:39:df:41:be:ba:3a:59:25:4b:68:aa:43:
         59:30:f4:c9:e1:8c:b3:92:4e:6a:80:89:75:9d:77:74:68:66:
         02:11:74:0c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUDCl3gy38lN/zxqjsi4lfYFd1RBIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDEwMDA3WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmI0NTI5ZTdhNzNiZmJjMTg1ZGI2OWJjNmI1ODU5MDlh
ZjRhNWEwNDBlNzkzMjAzYjlmMTI5NTZkYTcyZDFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6zSY9MVepT5QKzUFS2sgB4U/Ok6I541Rr/NwO6PteJw/z
QCnqmk9M68pxrnN+P1eopsyV2Ki3IH8A5vZN5TA7c8Su8zUgBmqHYxxcJVbmZPM2
QHl3U6u2qolfTQ4KkQZNwCs1abqONyyVejMB0UvUXcnU7Cpacve1VMvaDB/Ljge8
/ezMxU6NoaTaRQcPj2bZvWHiWobo3HnoDTbJXgd0rWDjksKFWmWh8idp9gehoZdD
E8YcBZmjItrQ3dXoviZupaYE3pbxD/V/te0VgUR0FPTdM9e3W+YRWB3twZAAlu6W
fbARUuOfJJRpxDSdhg/6ROGc9oUiqIxZ7JO8RKiVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUpB7TPLBD7A9zzxRguWicvn4jqfIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyNTc4NzhlLTEwZWUtNDgzOC05MjJjLTMwOTk5ODgwZmYwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/tNDANBgkqhkiG9w0BAQsFAAOCAQEA1zb4hp9sRajKS3aVrEHbZdV6
jkCR9VpNUfACJJWGI4r6xLMiSbxGSL/Y4Gu5uhrkef7IkWHEgEKTCmIMOZ2c6QDF
JjIGIVQxMXVmnqOcXiD4/pg4+jLTV5btlIuFQfhNhLFOAznarKGVmp2xAnPA9KtJ
LY3V89/iU7Veyui0pssA9mH7reFKZtYJja16M+K8HCIjyFT1ingyV+k3QmsJr57W
2sN2JMiGvdonqysVn+HlXvxcGvzZOMTsdP6JY5LT3e09xb+M9diHQRUSroXCQ2D3
+I27lBgnrhHhHXB3Od9Bvro6WSVLaKpDWTD0yeGMs5JOaoCJdZ13dGhmAhF0DA==
-----END CERTIFICATE-----