Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8df2c2c-dc4e-4de0-921f-473e414af165.roa
File:                     b8df2c2c-dc4e-4de0-921f-473e414af165.roa (raw, json)
Hash identifier:          UXiQn5SpvVm0pMj1GxNqUN7axTN+hicOqqMholcD+2A=
Subject key identifier:   EB:82:A8:30:D1:C7:C8:B8:F0:30:18:3C:B3:F2:82:33:E5:BE:5C:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7CC1609142672CC107CED67A1D0300F6EDCFD86E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8df2c2c-dc4e-4de0-921f-473e414af165.roa
Signing time:             Tue 11 Nov 2025 01:20:48 +0000
ROA not before:           Tue 11 Nov 2025 01:20:48 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:40c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:c1:60:91:42:67:2c:c1:07:ce:d6:7a:1d:03:00:f6:ed:cf:d8:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:20:48 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=9084d68d134bae1e2da5b9cb6a2913576aa1feb00569df8f2f2058b1ede72f54, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:03:d3:c1:3f:9f:a9:9c:96:15:bc:f2:09:e6:
                    12:a0:fe:f1:46:40:f6:76:f1:54:2d:d6:ec:20:da:
                    67:c7:fd:8f:bc:ee:19:11:e1:b7:33:c4:85:bc:26:
                    0d:a7:42:c1:59:4b:16:16:72:18:af:e6:a7:6c:ad:
                    3b:37:95:94:32:04:bb:c2:68:5c:e1:5b:8f:a6:2f:
                    36:f3:54:3f:73:5f:e3:f5:15:4e:fd:9f:13:5f:7b:
                    29:96:94:76:b8:75:20:9c:9e:2c:ac:93:a5:33:f6:
                    4b:9d:39:36:a5:3a:d6:0a:a5:50:a0:ef:f8:69:df:
                    a0:bf:3f:da:44:28:bc:61:3f:b3:ce:f7:a0:89:a7:
                    45:4e:92:58:a7:18:5d:0b:f6:87:7e:8b:c4:eb:77:
                    72:13:f6:39:95:4a:a8:f2:41:ae:6d:66:f0:43:61:
                    68:bc:8a:52:f8:81:ab:9c:da:a6:38:10:bf:ed:66:
                    94:94:24:4f:5f:a4:c1:a0:f9:7c:75:41:54:62:de:
                    5f:9c:8d:04:5d:cb:6e:3f:78:bb:8a:a1:c4:0e:6f:
                    41:79:3a:de:a8:21:77:4e:ee:96:e3:b5:03:e1:1f:
                    2b:2e:db:78:d9:e8:88:10:a1:fa:f7:23:56:a1:50:
                    b4:78:fa:e4:6e:da:68:bb:de:cd:5a:b5:fc:48:9b:
                    0d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:82:A8:30:D1:C7:C8:B8:F0:30:18:3C:B3:F2:82:33:E5:BE:5C:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8df2c2c-dc4e-4de0-921f-473e414af165.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:40c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:cb:37:62:c2:62:d4:f4:ae:ca:39:51:6c:8f:3d:fd:f5:53:
         e2:2c:f6:e3:5f:f4:f3:03:84:81:04:12:5a:2c:b3:c3:ef:dd:
         5f:8e:6c:e7:1d:98:96:f3:0d:1e:af:a2:6b:ba:81:9f:a6:5f:
         58:2d:04:8a:b0:c8:da:43:ce:1d:0a:47:14:43:9d:10:df:69:
         39:20:01:95:49:ab:b6:bb:cc:78:2c:8b:e5:cd:c9:a4:08:5f:
         fd:ff:c9:1c:05:a9:e6:0c:2a:85:3b:e0:b1:44:46:6e:4a:83:
         5f:1c:ab:dc:c7:b8:70:56:db:0b:bd:1d:b8:c7:5e:f8:62:91:
         17:6d:45:da:19:35:95:38:44:08:a1:09:43:cf:00:dc:f1:9d:
         9c:1b:32:7e:93:a4:93:93:f7:9d:8b:5f:94:0b:b0:77:b2:e7:
         ac:23:7f:b4:0d:c2:df:98:88:22:64:76:99:7a:41:13:bc:ee:
         0f:22:38:d4:2f:5c:a7:50:c6:b0:14:ac:fa:24:a7:b6:92:0c:
         1a:25:7a:45:d4:7b:a1:40:2f:5e:ef:b9:1e:d4:da:85:b6:09:
         2b:d5:99:59:d7:a4:c5:9c:cd:88:9d:9a:12:3d:46:9a:6f:d5:
         7f:b0:4a:04:ee:cf:bb:b3:75:9c:95:c6:2c:e1:fd:1a:67:72:
         b9:41:97:3a
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUfMFgkUJnLMEHztZ6HQMA9u3P2G4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEyMDQ4WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDg0ZDY4ZDEzNGJhZTFlMmRhNWI5Y2I2YTI5MTM1NzZh
YTFmZWIwMDU2OWRmOGYyZjIwNThiMWVkZTcyZjU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrA9PBP5+pnJYVvPIJ5hKg/vFGQPZ28VQt1uwg2mfH/Y+8
7hkR4bczxIW8Jg2nQsFZSxYWchiv5qdsrTs3lZQyBLvCaFzhW4+mLzbzVD9zX+P1
FU79nxNfeymWlHa4dSCcniysk6Uz9kudOTalOtYKpVCg7/hp36C/P9pEKLxhP7PO
96CJp0VOklinGF0L9od+i8Trd3IT9jmVSqjyQa5tZvBDYWi8ilL4gauc2qY4EL/t
ZpSUJE9fpMGg+Xx1QVRi3l+cjQRdy24/eLuKocQOb0F5Ot6oIXdO7pbjtQPhHysu
23jZ6IgQofr3I1ahULR4+uRu2mi73s1atfxImw2rAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU64KoMNHHyLjwMBg8s/KCM+W+XH8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4ZGYyYzJjLWRjNGUtNGRlMC05MjFmLTQ3M2U0MTRhZjE2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AQMAwDQYJKoZIhvcNAQELBQADggEBAC/LN2LCYtT0rso5UWyPPf31
U+Is9uNf9PMDhIEEEloss8Pv3V+ObOcdmJbzDR6vomu6gZ+mX1gtBIqwyNpDzh0K
RxRDnRDfaTkgAZVJq7a7zHgsi+XNyaQIX/3/yRwFqeYMKoU74LFERm5Kg18cq9zH
uHBW2wu9HbjHXvhikRdtRdoZNZU4RAihCUPPANzxnZwbMn6TpJOT952LX5QLsHey
56wjf7QNwt+YiCJkdpl6QRO87g8iONQvXKdQxrAUrPokp7aSDBolekXUe6FAL17v
uR7U2oW2CSvVmVnXpMWczYidmhI9Rppv1X+wSgTuz7uzdZyVxizh/RpncrlBlzo=
-----END CERTIFICATE-----