Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf5a2529-8e78-4ebf-be85-0c8ced5067f1.roa
File:                     bf5a2529-8e78-4ebf-be85-0c8ced5067f1.roa (raw, json)
Hash identifier:          9PH7TdWZw7Dake6E548nr3imChB+k0V33YZTs4n1bAY=
Subject key identifier:   5D:80:94:A3:90:75:D1:C7:59:EB:CA:9C:70:10:69:1B:F4:B6:0B:5D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A50B64DFDC57ABDF9131C95C6A80EDC7992D8A5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf5a2529-8e78-4ebf-be85-0c8ced5067f1.roa
Signing time:             Wed 12 Nov 2025 01:00:49 +0000
ROA not before:           Wed 12 Nov 2025 01:00:49 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1d:4000::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:50:b6:4d:fd:c5:7a:bd:f9:13:1c:95:c6:a8:0e:dc:79:92:d8:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:00:49 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=3a1f13308a8b0147ae950e169f9ef861975607d907d56f5617a20ea738478e57, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b3:3e:0d:05:93:5d:e6:3c:9d:34:c6:52:7f:
                    77:8a:90:df:12:d6:1c:36:6d:e3:f0:3e:85:8d:f1:
                    fd:d5:e8:b2:62:b4:fb:95:43:d9:08:c9:fc:ed:cf:
                    f4:85:46:ff:9f:7b:c1:8b:df:ab:2e:fc:2d:cb:6a:
                    17:d5:22:cc:67:91:b8:cd:05:28:22:2f:bb:5f:ea:
                    7f:8e:bc:74:44:3e:20:58:c9:5e:eb:70:b6:d7:07:
                    a7:d1:a1:5c:5f:a1:0e:fd:29:58:89:e7:d8:d2:59:
                    bc:85:23:92:4d:1c:c7:76:f7:4b:0a:70:e0:2f:ac:
                    23:02:80:b5:d3:f6:53:46:cd:da:4b:c6:0c:27:39:
                    09:42:f1:ed:3d:9c:29:09:74:c1:32:10:05:eb:a5:
                    f4:ef:50:05:08:01:65:9c:6d:70:ef:00:21:e4:4f:
                    06:f7:05:23:25:d7:3e:fc:e0:d7:ba:0c:46:d7:ea:
                    b7:3e:96:89:b4:d4:a6:93:1e:fe:df:a1:ea:0d:d9:
                    db:41:ba:35:c2:74:28:7f:fa:08:bc:8e:a5:7e:94:
                    bd:1a:17:82:32:26:a8:e8:42:5b:25:a7:90:a4:31:
                    97:b1:2f:0c:a4:75:0a:47:30:06:49:dd:8e:da:02:
                    72:85:38:56:f9:d9:6a:50:95:12:13:04:2e:b4:64:
                    be:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:80:94:A3:90:75:D1:C7:59:EB:CA:9C:70:10:69:1B:F4:B6:0B:5D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf5a2529-8e78-4ebf-be85-0c8ced5067f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1d:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         ca:ea:c8:c1:2b:b2:8e:82:fc:d4:78:0b:17:63:8b:b3:00:25:
         92:46:46:9b:62:72:03:2f:04:93:50:a3:40:10:c6:1b:0a:99:
         2a:96:2b:58:07:61:92:74:62:8b:94:6d:72:4c:d3:80:1e:ba:
         a9:0c:f1:08:99:fe:0c:d5:b0:88:38:09:71:47:ed:31:c4:a5:
         72:d4:f5:73:9c:a5:ef:90:4a:f3:7b:49:db:7f:a2:8f:54:16:
         84:b3:d6:2d:cc:60:4e:e0:9d:96:33:04:0e:1f:69:25:7a:65:
         b2:b1:3d:5c:e7:05:20:23:ee:42:03:bb:72:c3:bd:8e:a5:79:
         60:c3:ad:31:83:eb:0e:17:d4:3a:3a:00:c7:ba:55:2b:61:3b:
         6f:25:60:78:29:9c:7d:2a:bb:b4:a1:81:fa:a6:a0:37:3a:05:
         3e:22:63:37:d8:e6:e1:29:b1:b8:a8:f6:23:b4:05:8a:82:f1:
         c0:81:ca:97:57:41:a9:0b:ee:d6:7a:29:e0:fe:e9:72:e9:e2:
         68:96:38:4e:94:4b:d7:55:b1:b0:db:56:ae:90:fe:9e:5e:b0:
         d2:83:2e:8e:7f:08:ac:8e:18:6c:aa:d9:f5:02:72:87:84:58:
         1a:ff:26:73:9b:4b:09:28:b7:38:2e:98:5b:9d:d6:a3:1a:e1:
         e7:2f:44:4d
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUClC2Tf3Fer35ExyVxqgO3HmS2KUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDEwMDQ5WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTFmMTMzMDhhOGIwMTQ3YWU5NTBlMTY5ZjllZjg2MTk3
NTYwN2Q5MDdkNTZmNTYxN2EyMGVhNzM4NDc4ZTU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCisz4NBZNd5jydNMZSf3eKkN8S1hw2bePwPoWN8f3V6LJi
tPuVQ9kIyfztz/SFRv+fe8GL36su/C3LahfVIsxnkbjNBSgiL7tf6n+OvHREPiBY
yV7rcLbXB6fRoVxfoQ79KViJ59jSWbyFI5JNHMd290sKcOAvrCMCgLXT9lNGzdpL
xgwnOQlC8e09nCkJdMEyEAXrpfTvUAUIAWWcbXDvACHkTwb3BSMl1z784Ne6DEbX
6rc+lom01KaTHv7foeoN2dtBujXCdCh/+gi8jqV+lL0aF4IyJqjoQlslp5CkMZex
LwykdQpHMAZJ3Y7aAnKFOFb52WpQlRITBC60ZL7zAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUXYCUo5B10cdZ68qccBBpG/S2C10wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmNWEyNTI5LThlNzgtNGViZi1iZTg1LTBjOGNlZDUwNjdmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8dQDANBgkqhkiG9w0BAQsFAAOCAQEAyurIwSuyjoL81HgLF2OLswAl
kkZGm2JyAy8Ek1CjQBDGGwqZKpYrWAdhknRii5RtckzTgB66qQzxCJn+DNWwiDgJ
cUftMcSlctT1c5yl75BK83tJ23+ij1QWhLPWLcxgTuCdljMEDh9pJXplsrE9XOcF
ICPuQgO7csO9jqV5YMOtMYPrDhfUOjoAx7pVK2E7byVgeCmcfSq7tKGB+qagNzoF
PiJjN9jm4SmxuKj2I7QFioLxwIHKl1dBqQvu1nop4P7pcuniaJY4TpRL11WxsNtW
rpD+nl6w0oMujn8IrI4YbKrZ9QJyh4RYGv8mc5tLCSi3OC6YW53Woxrh5y9ETQ==
-----END CERTIFICATE-----