Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3f91ab4-930a-4958-b6c8-811feb211be7.roa
File:                     b3f91ab4-930a-4958-b6c8-811feb211be7.roa (raw, json)
Hash identifier:          DQ0zdz/v5MWKAxmpj8yPMcZG0q5SD5hJ4AophVhsH5Y=
Subject key identifier:   36:94:9C:1C:99:57:68:2A:B1:37:2F:6B:FF:DE:72:75:19:B7:26:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F03748D5DBCF6AE2C4D24D4227F10502695195D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3f91ab4-930a-4958-b6c8-811feb211be7.roa
Signing time:             Wed 12 Nov 2025 01:50:13 +0000
ROA not before:           Wed 12 Nov 2025 01:50:13 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f10:c800::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:03:74:8d:5d:bc:f6:ae:2c:4d:24:d4:22:7f:10:50:26:95:19:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:50:13 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=5aecbada3ff611734c2937cd9e7af5fa724ef4382f6d5bf1b4b4a7b768a9c744, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3a:36:82:a3:cc:1d:f8:70:0c:0d:9b:7c:87:
                    30:97:0c:3f:9e:58:ed:b0:4d:32:bb:94:65:21:e3:
                    7d:3d:e3:53:32:7c:d3:8f:b5:ae:b9:93:46:ce:2e:
                    d4:01:b2:b7:c7:75:e9:f1:bd:bd:84:9f:3d:64:21:
                    6f:28:99:6c:56:1a:88:51:54:0d:16:f5:b4:42:5d:
                    30:c7:02:5e:74:77:31:76:48:51:a6:fa:d0:2c:3f:
                    58:e7:03:79:de:3a:9a:cd:b8:db:2d:e7:78:d7:06:
                    67:35:25:e3:31:15:42:c0:24:93:6e:ca:3f:47:4b:
                    7e:5d:8a:37:90:b9:28:7d:68:d3:85:27:8f:39:c7:
                    43:b3:75:71:56:f0:f1:f1:59:74:11:f5:8b:3f:b7:
                    b6:2a:6f:ac:e6:b2:1c:65:10:07:f1:e6:63:34:95:
                    6d:5f:e8:57:c4:21:9d:a0:88:f8:f6:3d:ea:94:e5:
                    25:57:40:d2:6f:15:4e:d4:00:78:b1:8a:cd:e5:d5:
                    28:16:79:b7:9b:d9:3e:d1:01:87:1f:95:f4:a5:b1:
                    e3:cb:ec:da:7d:12:92:02:1d:ff:2e:18:19:f8:df:
                    1f:25:81:dc:99:e9:c4:74:e6:dc:4c:05:2f:fe:9d:
                    f6:56:75:86:20:84:6f:5b:00:f9:1a:af:63:86:29:
                    73:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:94:9C:1C:99:57:68:2A:B1:37:2F:6B:FF:DE:72:75:19:B7:26:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3f91ab4-930a-4958-b6c8-811feb211be7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f10:c800::/37

    Signature Algorithm: sha256WithRSAEncryption
         27:5d:6e:52:20:8f:29:3b:dd:5e:6c:2f:8b:a6:73:4c:45:df:
         71:0f:1d:7d:37:4a:86:f4:ba:63:46:ec:3e:17:4b:89:35:ad:
         95:36:f9:0a:89:91:b1:a2:6c:fb:93:4a:36:3d:ec:95:6a:4c:
         89:6b:92:46:86:47:d9:c0:e7:9a:4b:54:2e:4a:7c:ea:74:74:
         c0:e0:a5:dd:ce:33:1b:3e:48:be:83:20:0d:12:ac:15:1d:53:
         98:cf:4c:d9:8f:6e:67:bb:cf:dd:40:69:85:a9:1a:0e:40:a1:
         04:40:86:a8:5e:47:56:dd:6b:38:8d:e8:41:58:53:5e:2d:1e:
         61:25:4e:73:02:5a:11:49:43:ad:55:fb:b1:9e:87:a1:8f:64:
         2a:dd:04:f5:44:33:fb:00:b9:0b:d7:43:c6:55:6b:ee:3e:ad:
         7b:a1:51:f1:95:99:79:79:04:a9:57:37:35:0a:a0:95:76:4a:
         81:72:94:1f:41:da:39:8f:64:f9:3d:28:f6:71:a3:9f:54:88:
         28:5a:aa:bb:24:0e:5d:31:93:f1:c2:30:3c:5a:39:c7:fd:c3:
         cd:a0:73:fd:66:b2:a2:f6:7c:1c:7a:ac:89:a4:ed:9f:2b:9e:
         b4:e4:d3:c8:46:58:2f:3d:6c:be:1c:19:dd:a2:ce:4e:47:0e:
         51:4a:3b:2c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUbwN0jV289q4sTSTUIn8QUCaVGV0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDE1MDEzWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YWVjYmFkYTNmZjYxMTczNGMyOTM3Y2Q5ZTdhZjVmYTcy
NGVmNDM4MmY2ZDViZjFiNGI0YTdiNzY4YTljNzQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7OjaCo8wd+HAMDZt8hzCXDD+eWO2wTTK7lGUh430941My
fNOPta65k0bOLtQBsrfHdenxvb2Enz1kIW8omWxWGohRVA0W9bRCXTDHAl50dzF2
SFGm+tAsP1jnA3neOprNuNst53jXBmc1JeMxFULAJJNuyj9HS35dijeQuSh9aNOF
J485x0OzdXFW8PHxWXQR9Ys/t7Yqb6zmshxlEAfx5mM0lW1f6FfEIZ2giPj2PeqU
5SVXQNJvFU7UAHixis3l1SgWebeb2T7RAYcflfSlsePL7Np9EpICHf8uGBn43x8l
gdyZ6cR05txMBS/+nfZWdYYghG9bAPkar2OGKXMtAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUNpScHJlXaCqxNy9r/95ydRm3JjYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzZjkxYWI0LTkzMGEtNDk1OC1iNmM4LTgxMWZlYjIxMWJlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8QyDANBgkqhkiG9w0BAQsFAAOCAQEAJ11uUiCPKTvdXmwvi6ZzTEXf
cQ8dfTdKhvS6Y0bsPhdLiTWtlTb5ComRsaJs+5NKNj3slWpMiWuSRoZH2cDnmktU
Lkp86nR0wOCl3c4zGz5IvoMgDRKsFR1TmM9M2Y9uZ7vP3UBphakaDkChBECGqF5H
Vt1rOI3oQVhTXi0eYSVOcwJaEUlDrVX7sZ6HoY9kKt0E9UQz+wC5C9dDxlVr7j6t
e6FR8ZWZeXkEqVc3NQqglXZKgXKUH0HaOY9k+T0o9nGjn1SIKFqquyQOXTGT8cIw
PFo5x/3DzaBz/WayovZ8HHqsiaTtnyuetOTTyEZYLz1svhwZ3aLOTkcOUUo7LA==
-----END CERTIFICATE-----