Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9f51838-30d7-4d1c-860c-6e6007978e48.roa
File:                     d9f51838-30d7-4d1c-860c-6e6007978e48.roa (raw, json)
Hash identifier:          TNpm90OuZ87T2KJSJrqSLndvvPX2yYgUvoluSLmHLWE=
Subject key identifier:   A9:B1:70:60:D6:CB:23:FA:BA:FA:A8:07:37:C6:F2:A8:19:F6:C1:AC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7A6C5ACC00953C274787256EA8C255364311EB8F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9f51838-30d7-4d1c-860c-6e6007978e48.roa
Signing time:             Wed 12 Nov 2025 01:01:20 +0000
ROA not before:           Wed 12 Nov 2025 01:01:20 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f19:4000::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:6c:5a:cc:00:95:3c:27:47:87:25:6e:a8:c2:55:36:43:11:eb:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:01:20 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=648550602d90119851a5b1a2c736d04f55bac9cb3beb853d31c34473fed2e709, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ed:2d:67:07:26:f2:1e:3d:ae:93:b9:a6:89:
                    13:a9:d3:d8:80:d5:fc:ce:10:db:c1:33:c7:6a:1f:
                    88:5c:1e:87:31:68:1c:ef:80:5f:e4:b1:2d:ab:27:
                    23:34:99:cb:f9:c6:c0:67:da:f5:34:44:6e:51:8c:
                    63:8d:e7:5f:cd:3b:e1:a8:fa:d0:38:40:e2:84:bd:
                    ee:5f:8c:5a:2b:c6:dc:bd:ff:a2:82:00:4e:1d:dc:
                    48:6a:fd:d9:f1:95:7e:0f:23:da:f1:e3:a7:99:69:
                    d6:7b:b1:bf:24:e8:d2:59:0e:ba:2e:cd:59:b4:d6:
                    f7:f4:50:cd:95:eb:e5:6e:2f:6a:59:21:a4:1b:ea:
                    a7:5f:8e:a7:b6:5e:88:86:6c:57:11:c7:57:3c:da:
                    e6:22:9a:72:f1:19:1c:52:d2:cb:f9:71:59:09:89:
                    17:ba:f1:45:8e:9b:0c:61:9b:91:8c:10:a7:3f:d9:
                    0d:5a:f2:45:60:69:bb:99:8f:5a:b7:a4:04:2c:54:
                    d1:52:7f:eb:9b:73:02:b2:0b:c5:88:9c:8a:a3:26:
                    2d:51:d5:1f:d1:94:f1:a8:d3:2b:5e:08:5d:37:a4:
                    6f:54:22:a0:ec:74:fc:47:c1:81:99:a3:a3:9d:22:
                    d8:a6:fb:7f:a8:e8:cf:df:e5:86:16:da:a5:8b:24:
                    b0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:B1:70:60:D6:CB:23:FA:BA:FA:A8:07:37:C6:F2:A8:19:F6:C1:AC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9f51838-30d7-4d1c-860c-6e6007978e48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f19:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         16:b6:82:ed:fd:b0:67:69:30:a2:e2:a7:0c:8e:40:67:65:dd:
         a1:b1:57:bd:04:47:85:50:28:09:7d:70:03:45:94:a9:67:99:
         bf:bd:34:cc:75:ff:fe:45:14:0e:e3:8d:22:3e:4c:70:87:b4:
         e6:3d:45:9a:c5:a7:44:1a:6e:ce:08:c8:c6:7c:79:f9:b5:da:
         6e:42:0f:7c:46:cf:47:27:ec:17:8b:22:8c:76:11:e6:63:8f:
         25:f4:08:da:3f:b3:9b:d5:06:9b:e0:f3:b9:5f:11:cf:90:93:
         2f:6c:aa:35:2b:8f:00:94:12:5d:d8:49:c3:e4:f1:12:d2:fe:
         46:c7:b7:24:e8:83:22:f5:45:33:cc:5e:58:61:df:7e:f4:ad:
         6f:d8:74:a6:8d:19:f4:11:aa:fd:9c:2d:77:55:ed:1f:c2:53:
         85:2e:f9:29:87:8f:98:b9:1c:d2:04:e6:35:a5:c0:47:e4:e7:
         f6:f7:c1:18:55:21:c2:a1:9c:02:9b:56:3f:be:1c:37:e2:80:
         7c:5b:5b:dd:64:bb:e8:9e:c7:68:4a:db:74:37:c6:14:82:f3:
         ac:4f:45:c7:79:aa:f4:e1:b8:27:a1:c6:8c:0a:d6:2e:f6:78:
         03:e1:e1:5e:a3:21:e7:4c:4e:08:e5:be:1e:ee:0f:68:45:84:
         53:ec:de:c1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUemxazACVPCdHhyVuqMJVNkMR648wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDEwMTIwWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NDg1NTA2MDJkOTAxMTk4NTFhNWIxYTJjNzM2ZDA0ZjU1
YmFjOWNiM2JlYjg1M2QzMWMzNDQ3M2ZlZDJlNzA5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC27S1nBybyHj2uk7mmiROp09iA1fzOENvBM8dqH4hcHocx
aBzvgF/ksS2rJyM0mcv5xsBn2vU0RG5RjGON51/NO+Go+tA4QOKEve5fjForxty9
/6KCAE4d3Ehq/dnxlX4PI9rx46eZadZ7sb8k6NJZDrouzVm01vf0UM2V6+VuL2pZ
IaQb6qdfjqe2XoiGbFcRx1c82uYimnLxGRxS0sv5cVkJiRe68UWOmwxhm5GMEKc/
2Q1a8kVgabuZj1q3pAQsVNFSf+ubcwKyC8WInIqjJi1R1R/RlPGo0yteCF03pG9U
IqDsdPxHwYGZo6OdItim+3+o6M/f5YYW2qWLJLBXAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUqbFwYNbLI/q6+qgHN8byqBn2wawwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5ZjUxODM4LTMwZDctNGQxYy04NjBjLTZlNjAwNzk3OGU0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8ZQDANBgkqhkiG9w0BAQsFAAOCAQEAFraC7f2wZ2kwouKnDI5AZ2Xd
obFXvQRHhVAoCX1wA0WUqWeZv700zHX//kUUDuONIj5McIe05j1FmsWnRBpuzgjI
xnx5+bXabkIPfEbPRyfsF4sijHYR5mOPJfQI2j+zm9UGm+DzuV8Rz5CTL2yqNSuP
AJQSXdhJw+TxEtL+Rse3JOiDIvVFM8xeWGHffvStb9h0po0Z9BGq/Zwtd1XtH8JT
hS75KYePmLkc0gTmNaXAR+Tn9vfBGFUhwqGcAptWP74cN+KAfFtb3WS76J7HaErb
dDfGFILzrE9Fx3mq9OG4J6HGjArWLvZ4A+HhXqMh50xOCOW+Hu4PaEWEU+zewQ==
-----END CERTIFICATE-----