Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7986098-6bff-4ad7-9690-b401315864c0.roa
File:                     d7986098-6bff-4ad7-9690-b401315864c0.roa (raw, json)
Hash identifier:          QCZCbgeyyTPRRM/br57DVQPKjkHY/CWgGVlq4p0MfNM=
Subject key identifier:   0D:9B:FF:41:9A:64:69:35:C2:60:A9:E1:EB:DB:E2:93:CB:FD:76:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       242C71CA35FC5399CE98F167DE050840EA3A23BE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7986098-6bff-4ad7-9690-b401315864c0.roa
Signing time:             Sat 08 Nov 2025 01:00:12 +0000
ROA not before:           Sat 08 Nov 2025 01:00:12 +0000
ROA not after:            Sat 13 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fec:e400::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:2c:71:ca:35:fc:53:99:ce:98:f1:67:de:05:08:40:ea:3a:23:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  8 01:00:12 2025 GMT
            Not After : Dec 13 23:59:59 2025 GMT
        Subject: serialNumber=0bb05fbf32ff7375038e711710515db8216d03fdfa4cc28dd722015e2e3fc99b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c1:dd:c9:0f:45:6f:de:c7:97:04:0e:19:44:
                    d6:e0:66:bd:be:ff:12:62:21:47:74:74:75:c5:e2:
                    07:f1:00:55:89:dc:09:09:9a:4c:a9:32:a0:4a:c2:
                    fd:2b:b6:14:d6:30:1e:22:37:c7:ba:90:28:ce:9e:
                    fd:3b:25:60:7f:03:6d:98:d7:15:f3:0c:db:36:5f:
                    06:55:30:a3:fc:fb:60:c6:46:a0:8f:0e:de:3b:53:
                    06:51:f9:30:b7:1e:09:18:f8:e1:4f:96:de:a1:3a:
                    ad:78:88:a3:26:79:7e:e0:00:e9:92:63:db:62:c6:
                    44:27:35:33:c8:8b:70:fd:f5:fd:4f:92:7e:7d:bf:
                    ea:8d:45:98:b3:d1:2f:97:d7:51:c8:f5:15:94:57:
                    e3:d1:a9:94:b0:97:aa:de:14:c8:03:4c:b4:d2:f7:
                    1b:26:e3:a6:3e:7a:1e:22:52:34:c0:ba:80:e5:c9:
                    9a:36:85:e5:9c:2b:74:b0:91:44:b0:da:e6:d6:46:
                    80:55:74:1f:f9:7a:a5:21:82:84:ff:7b:cb:88:ca:
                    d5:8b:7c:20:27:81:da:db:77:e1:3e:2d:c7:4f:e9:
                    37:16:41:12:dc:dc:ba:c6:11:10:68:07:0e:1e:4d:
                    38:58:dc:53:ef:7a:81:99:dc:20:8d:7c:fa:d0:d1:
                    52:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:9B:FF:41:9A:64:69:35:C2:60:A9:E1:EB:DB:E2:93:CB:FD:76:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7986098-6bff-4ad7-9690-b401315864c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fec:e400::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:20:ef:10:11:96:74:ce:75:26:ec:9a:5c:54:8b:fb:74:30:
         36:af:f0:a8:7e:59:4e:78:75:c4:8a:1a:f4:4a:99:4b:d1:62:
         51:29:70:f2:a7:77:3f:09:bd:41:ff:8b:1e:89:92:c4:9c:4f:
         49:fd:12:0a:a5:74:b4:d9:91:ec:0b:ee:ef:4e:4a:1e:99:76:
         6f:45:79:92:e6:b7:84:20:c2:19:97:cb:73:a4:c8:19:3f:2b:
         ee:7f:ff:77:04:49:0a:84:43:ea:90:e4:8c:e9:44:e7:23:51:
         1d:40:b0:8b:7d:bb:0c:a4:9e:de:a7:07:82:cb:eb:8f:75:3a:
         86:0a:08:82:44:5d:21:ad:50:14:09:e6:76:9d:5e:df:30:db:
         05:4d:a8:5e:2a:c8:c1:9c:63:b4:5d:79:af:a2:93:5d:d3:47:
         16:1a:ab:cc:ce:b5:a5:7c:ca:b7:77:6d:45:a3:1c:02:c8:75:
         c6:23:e7:21:e4:70:3a:e3:d9:01:52:71:e2:8b:00:91:0e:35:
         90:96:75:4c:bb:04:df:c2:b0:9d:bb:4a:61:50:6b:4c:08:d6:
         3d:70:92:e1:f0:16:1e:36:fe:91:43:08:96:12:74:84:e9:0c:
         8c:29:39:b8:b1:46:d8:e1:d5:89:31:b3:95:78:f1:d3:36:13:
         28:a8:fa:ef
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJCxxyjX8U5nOmPFn3gUIQOo6I74wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA4MDEwMDEyWhcNMjUxMjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmIwNWZiZjMyZmY3Mzc1MDM4ZTcxMTcxMDUxNWRiODIx
NmQwM2ZkZmE0Y2MyOGRkNzIyMDE1ZTJlM2ZjOTliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3wd3JD0Vv3seXBA4ZRNbgZr2+/xJiIUd0dHXF4gfxAFWJ
3AkJmkypMqBKwv0rthTWMB4iN8e6kCjOnv07JWB/A22Y1xXzDNs2XwZVMKP8+2DG
RqCPDt47UwZR+TC3HgkY+OFPlt6hOq14iKMmeX7gAOmSY9tixkQnNTPIi3D99f1P
kn59v+qNRZiz0S+X11HI9RWUV+PRqZSwl6reFMgDTLTS9xsm46Y+eh4iUjTAuoDl
yZo2heWcK3SwkUSw2ubWRoBVdB/5eqUhgoT/e8uIytWLfCAngdrbd+E+LcdP6TcW
QRLc3LrGERBoBw4eTThY3FPveoGZ3CCNfPrQ0VJ5AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUDZv/QZpkaTXCYKnh69vik8v9dsowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q3OTg2MDk4LTZiZmYtNGFkNy05NjkwLWI0MDEzMTU4NjRjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/s5AAwDQYJKoZIhvcNAQELBQADggEBAG0g7xARlnTOdSbsmlxUi/t0
MDav8Kh+WU54dcSKGvRKmUvRYlEpcPKndz8JvUH/ix6JksScT0n9EgqldLTZkewL
7u9OSh6Zdm9FeZLmt4QgwhmXy3OkyBk/K+5//3cESQqEQ+qQ5IzpROcjUR1AsIt9
uwyknt6nB4LL6491OoYKCIJEXSGtUBQJ5nadXt8w2wVNqF4qyMGcY7Rdea+ik13T
RxYaq8zOtaV8yrd3bUWjHALIdcYj5yHkcDrj2QFSceKLAJEONZCWdUy7BN/CsJ27
SmFQa0wI1j1wkuHwFh42/pFDCJYSdITpDIwpObixRtjh1Ykxs5V48dM2Eyio+u8=
-----END CERTIFICATE-----