Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2d10cfa-fb3e-4f12-a732-0c9e5832c58b.roa
File:                     a2d10cfa-fb3e-4f12-a732-0c9e5832c58b.roa (raw, json)
Hash identifier:          wo24XJ4QiyjygGbN+paSgPEAFwez3GmXUkN6jfVd3zg=
Subject key identifier:   B1:82:BE:B0:AE:3D:27:1F:AD:CB:2C:57:BB:CB:D5:37:AC:6D:59:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0123B5A85BBF9F33C2E81F037CD4845ECBBA68D2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2d10cfa-fb3e-4f12-a732-0c9e5832c58b.roa
Signing time:             Wed 12 Nov 2025 00:31:46 +0000
ROA not before:           Wed 12 Nov 2025 00:31:46 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f25:8000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:23:b5:a8:5b:bf:9f:33:c2:e8:1f:03:7c:d4:84:5e:cb:ba:68:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:31:46 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=0674916eacd24e8cec793b217b150f09046cb1b704e8e28c4e3650f289dfa682, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:72:0d:1b:67:da:06:43:ac:52:27:5f:94:13:
                    79:1d:61:0c:89:58:0e:21:f9:fb:5a:d2:11:ec:e8:
                    fc:24:10:ed:33:2f:4f:a4:ed:70:48:4a:3f:b7:12:
                    26:63:85:50:ec:06:79:81:f3:ff:20:4c:38:9a:d4:
                    df:c9:43:56:73:5f:41:9c:70:ec:74:0d:5b:e9:5e:
                    1e:29:12:6f:05:94:a1:96:e1:df:aa:04:b9:09:bf:
                    b0:4a:b0:13:c1:dc:b1:87:31:27:0b:42:8b:ef:39:
                    8b:f3:87:5c:89:af:6b:fc:f9:b2:c3:4d:e9:d9:4d:
                    0e:f7:cc:3e:b4:f7:67:b7:6d:b3:6b:9a:a8:a6:0f:
                    85:4d:bf:c4:ca:cc:de:a5:76:35:01:1b:05:ae:e7:
                    f6:7c:91:d0:27:12:4d:91:2a:8d:88:f6:25:dd:9a:
                    e5:48:a4:49:61:1c:5e:0e:dc:f3:38:c2:e1:82:a3:
                    51:6d:ab:8c:c8:bc:82:5c:61:4d:dc:f2:b4:7b:fb:
                    e5:69:2e:53:2d:b0:fd:f7:28:68:38:da:e4:48:00:
                    f4:29:f5:16:af:80:e5:b9:e1:6e:84:f8:46:5b:76:
                    8c:49:7f:04:5e:c0:0f:30:9c:9e:f4:3e:b2:c0:b1:
                    e3:ee:7a:3c:58:f2:52:79:5d:b3:11:44:c4:df:9c:
                    3d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:82:BE:B0:AE:3D:27:1F:AD:CB:2C:57:BB:CB:D5:37:AC:6D:59:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2d10cfa-fb3e-4f12-a732-0c9e5832c58b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f25:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7d:66:68:cf:26:b2:b9:0d:0a:32:a8:fb:72:f7:52:cb:1e:29:
         31:74:80:09:ee:8f:6c:aa:9d:b9:3a:68:c6:b5:a9:02:2a:91:
         1b:92:73:56:8c:73:48:42:f8:a5:c1:e1:cd:4b:d0:6c:bc:68:
         0d:0e:8a:99:51:f2:5c:10:2d:93:e4:c4:61:80:3f:c6:1a:b0:
         94:ad:cc:0a:52:0c:a7:be:66:29:42:8f:8a:48:39:f4:ed:0f:
         2b:f1:f4:fc:16:a2:ce:52:66:67:5a:9f:9f:ec:c5:6c:de:1c:
         72:dc:6b:e1:fc:77:62:0d:88:29:9b:75:1d:39:ac:80:77:09:
         8f:48:d6:1c:ad:59:20:1f:ad:23:09:d1:fd:1d:23:e3:8c:d4:
         be:39:84:ba:dc:52:1f:7e:cf:bd:f0:08:32:54:3b:0b:c4:63:
         f1:01:b7:ce:85:99:3d:86:99:46:b4:da:91:a8:9a:e3:05:ed:
         8c:1e:22:53:77:76:00:17:bb:82:0e:cf:99:e2:51:9b:e8:11:
         e2:12:64:06:a5:cf:7f:2f:de:44:7c:0b:a6:93:bb:f0:fe:77:
         5b:00:36:45:cf:22:fc:26:fd:cb:36:9a:1b:1a:b9:46:c2:c0:
         40:1d:c2:e5:b8:6f:0d:5b:0a:aa:58:95:8e:15:7a:e0:bf:59:
         fd:79:08:81
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUASO1qFu/nzPC6B8DfNSEXsu6aNIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAzMTQ2WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNjc0OTE2ZWFjZDI0ZThjZWM3OTNiMjE3YjE1MGYwOTA0
NmNiMWI3MDRlOGUyOGM0ZTM2NTBmMjg5ZGZhNjgyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2cg0bZ9oGQ6xSJ1+UE3kdYQyJWA4h+fta0hHs6PwkEO0z
L0+k7XBISj+3EiZjhVDsBnmB8/8gTDia1N/JQ1ZzX0GccOx0DVvpXh4pEm8FlKGW
4d+qBLkJv7BKsBPB3LGHMScLQovvOYvzh1yJr2v8+bLDTenZTQ73zD6092e3bbNr
mqimD4VNv8TKzN6ldjUBGwWu5/Z8kdAnEk2RKo2I9iXdmuVIpElhHF4O3PM4wuGC
o1Ftq4zIvIJcYU3c8rR7++VpLlMtsP33KGg42uRIAPQp9RavgOW54W6E+EZbdoxJ
fwRewA8wnJ70PrLAsePuejxY8lJ5XbMRRMTfnD0hAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUsYK+sK49Jx+tyyxXu8vVN6xtWZUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyZDEwY2ZhLWZiM2UtNGYxMi1hNzMyLTBjOWU1ODMyYzU4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8lgDANBgkqhkiG9w0BAQsFAAOCAQEAfWZozyayuQ0KMqj7cvdSyx4p
MXSACe6PbKqduTpoxrWpAiqRG5JzVoxzSEL4pcHhzUvQbLxoDQ6KmVHyXBAtk+TE
YYA/xhqwlK3MClIMp75mKUKPikg59O0PK/H0/BaizlJmZ1qfn+zFbN4cctxr4fx3
Yg2IKZt1HTmsgHcJj0jWHK1ZIB+tIwnR/R0j44zUvjmEutxSH37PvfAIMlQ7C8Rj
8QG3zoWZPYaZRrTakaia4wXtjB4iU3d2ABe7gg7PmeJRm+gR4hJkBqXPfy/eRHwL
ppO78P53WwA2Rc8i/Cb9yzaaGxq5RsLAQB3C5bhvDVsKqliVjhV64L9Z/XkIgQ==
-----END CERTIFICATE-----