Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa
File:                     c88bc903-16fc-4d37-9398-665b5419307e.roa (raw, json)
Hash identifier:          83q3iRwXLzpPZ6b4xG52CfPEl+iE4lsMEglh9O9iDXY=
Subject key identifier:   02:8E:AA:76:DF:DA:09:F2:C7:D9:DD:B9:36:29:1B:72:D1:9E:54:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       30255C839F693EDB46369909068EB4EB4C7209F3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa
Signing time:             Sun 16 Nov 2025 00:20:48 +0000
ROA not before:           Sun 16 Nov 2025 00:20:48 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f68:4000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:25:5c:83:9f:69:3e:db:46:36:99:09:06:8e:b4:eb:4c:72:09:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:20:48 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=707b54359f1b040c32b9e92b97dbefd0e926e571a6a1538087695865cd0781b0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ba:13:88:2e:95:99:3e:9b:97:95:69:a7:5c:
                    5f:48:c0:87:e3:b6:65:59:4b:8f:01:22:e1:95:29:
                    fe:af:93:8e:c7:0d:02:25:fa:b9:16:ae:7e:a9:ca:
                    a7:12:00:7f:0a:80:d3:c6:77:ee:2b:c4:45:b4:e7:
                    0e:1e:62:84:36:3b:8a:62:f9:27:84:cf:88:5a:c5:
                    13:4a:c0:7f:32:5d:f4:e0:6e:c6:59:09:e7:b3:45:
                    bf:ce:b9:68:90:23:6c:be:3f:2f:95:38:9c:60:58:
                    70:1f:87:af:9f:ad:70:db:c3:31:c6:c7:e7:09:8a:
                    51:58:de:33:4f:5e:d4:7e:66:b1:d3:37:56:01:90:
                    dc:d2:09:5c:73:71:6a:f2:c4:95:a7:7d:a5:f9:5a:
                    5b:28:8a:d2:8b:90:1f:0f:ce:46:8f:c3:62:4e:5e:
                    bb:6b:ff:85:b7:51:7b:77:b3:8a:0e:be:50:9d:77:
                    f0:ce:02:6a:86:38:21:b0:38:6d:05:b5:a7:07:c1:
                    77:99:82:48:a3:da:3c:02:5a:c3:09:44:0c:ac:65:
                    e5:ad:2b:7e:8f:7f:e4:c4:0f:fb:a4:7c:05:58:d7:
                    5b:24:cb:70:0a:20:c9:bb:82:39:3c:5a:93:cf:64:
                    17:24:24:19:59:b3:7e:f9:81:54:6f:f2:47:4f:2a:
                    96:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8E:AA:76:DF:DA:09:F2:C7:D9:DD:B9:36:29:1B:72:D1:9E:54:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f68:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         98:ff:79:10:99:fa:da:4b:08:92:ae:1a:dd:b4:76:87:33:2b:
         ee:12:38:2f:6a:c3:29:30:87:94:c9:2b:27:86:3b:74:a6:3c:
         77:0d:1a:6e:5a:10:37:78:bd:a3:ac:16:ab:bd:0c:29:10:63:
         60:44:86:16:bc:aa:65:4e:01:7d:4f:c2:5a:aa:17:ac:6b:b3:
         97:7c:51:56:cc:07:e5:68:42:63:fa:db:4c:09:b5:69:a2:15:
         0a:9d:2f:2a:3a:9d:0b:da:12:f1:75:94:b0:64:e3:09:a5:e1:
         b6:65:c7:3c:2d:2d:11:1b:04:40:96:96:0b:83:d0:1f:54:7a:
         c6:bf:15:03:a4:d1:f8:42:10:59:22:01:8c:d4:ee:bd:4c:61:
         29:51:6f:ba:da:9a:66:52:87:97:d0:19:20:8a:c7:2b:95:51:
         d9:78:72:a0:85:57:13:31:cb:a1:2d:7b:4b:ec:a9:af:38:88:
         df:09:13:76:c4:9a:c6:6b:22:18:1a:d5:6e:0f:12:56:c5:1b:
         f3:d0:ef:24:5d:f4:09:d4:6b:cf:9f:59:bc:35:d4:86:b7:28:
         4e:c1:7c:a9:ca:39:e5:b8:26:46:e0:a1:f5:cb:63:2d:4d:f2:
         0d:85:c5:cd:e0:46:b3:31:5e:3f:40:5c:d6:7f:a2:73:e7:70:
         f7:22:df:fd
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMCVcg59pPttGNpkJBo6060xyCfMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAyMDQ4WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MDdiNTQzNTlmMWIwNDBjMzJiOWU5MmI5N2RiZWZkMGU5
MjZlNTcxYTZhMTUzODA4NzY5NTg2NWNkMDc4MWIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkuhOILpWZPpuXlWmnXF9IwIfjtmVZS48BIuGVKf6vk47H
DQIl+rkWrn6pyqcSAH8KgNPGd+4rxEW05w4eYoQ2O4pi+SeEz4haxRNKwH8yXfTg
bsZZCeezRb/OuWiQI2y+Py+VOJxgWHAfh6+frXDbwzHGx+cJilFY3jNPXtR+ZrHT
N1YBkNzSCVxzcWryxJWnfaX5WlsoitKLkB8PzkaPw2JOXrtr/4W3UXt3s4oOvlCd
d/DOAmqGOCGwOG0FtacHwXeZgkij2jwCWsMJRAysZeWtK36Pf+TED/ukfAVY11sk
y3AKIMm7gjk8WpPPZBckJBlZs375gVRv8kdPKpZNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUAo6qdt/aCfLH2d25NikbctGeVHAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M4OGJjOTAzLTE2ZmMtNGQzNy05Mzk4LTY2NWI1NDE5MzA3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB9oQDANBgkqhkiG9w0BAQsFAAOCAQEAmP95EJn62ksIkq4a3bR2hzMr
7hI4L2rDKTCHlMkrJ4Y7dKY8dw0abloQN3i9o6wWq70MKRBjYESGFryqZU4BfU/C
WqoXrGuzl3xRVswH5WhCY/rbTAm1aaIVCp0vKjqdC9oS8XWUsGTjCaXhtmXHPC0t
ERsEQJaWC4PQH1R6xr8VA6TR+EIQWSIBjNTuvUxhKVFvutqaZlKHl9AZIIrHK5VR
2XhyoIVXEzHLoS17S+yprziI3wkTdsSaxmsiGBrVbg8SVsUb89DvJF30CdRrz59Z
vDXUhrcoTsF8qco55bgmRuCh9ctjLU3yDYXFzeBGszFeP0Bc1n+ic+dw9yLf/Q==
-----END CERTIFICATE-----