Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da9bbbe3-4484-4aab-92f6-3125c79233b7.roa
File:                     da9bbbe3-4484-4aab-92f6-3125c79233b7.roa (raw, json)
Hash identifier:          LHEpmRwcqNA4efOKg9gN9Z5eyJLbIPrv/xCZ7mRCkHw=
Subject key identifier:   3E:12:8C:00:32:6E:C1:F4:53:27:F0:4A:32:F8:BB:69:A7:7B:62:DD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2EC0740BE2057B7855E982467E3566B47B43B198
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da9bbbe3-4484-4aab-92f6-3125c79233b7.roa
Signing time:             Tue 11 Nov 2025 02:01:18 +0000
ROA not before:           Tue 11 Nov 2025 02:01:18 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:60c0::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:c0:74:0b:e2:05:7b:78:55:e9:82:46:7e:35:66:b4:7b:43:b1:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:01:18 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=c415e25b8462ce3b87e3f6b5109558a4d28e223491381f4f5ba0160a31205118, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:29:9e:ec:f0:ff:aa:a1:7b:87:b0:b5:87:9e:
                    ea:22:13:56:c0:8b:a8:39:40:85:6a:56:2b:a0:4b:
                    93:35:3c:01:aa:96:78:64:52:fe:cc:3e:d0:70:d2:
                    9d:a4:b2:34:26:cd:b6:e1:c1:b7:da:46:2b:c5:af:
                    02:f7:b9:8b:94:e0:1a:e9:36:c2:a0:0b:97:5a:94:
                    e7:16:c0:cd:5b:7b:e6:6e:5e:52:0d:22:93:f1:1f:
                    be:f3:79:17:ed:d4:c5:1e:6b:75:74:10:47:5b:c5:
                    ad:8f:68:d0:a5:bd:59:6d:26:0e:67:f2:ce:38:b9:
                    2f:d5:88:92:8c:a7:68:f2:d6:c6:bc:9c:85:62:a9:
                    2f:d6:c6:6f:99:a4:62:ad:b2:d4:a3:cd:8a:93:f7:
                    7f:9f:9a:17:d8:a4:ea:64:79:0a:41:37:ae:5f:42:
                    5f:9c:0e:22:69:b2:4a:86:76:f2:5e:37:97:80:dc:
                    fd:25:d2:c1:bd:39:0c:0d:bb:07:83:f7:3c:b1:22:
                    ff:a2:32:0d:af:c6:dc:ea:28:d0:32:67:f3:f8:b2:
                    e6:64:16:4d:c4:64:1a:4d:ae:b6:ee:d5:8b:65:54:
                    b9:45:e0:c6:4b:35:02:d9:1f:1d:e9:ea:93:19:44:
                    07:3f:27:a0:ce:ed:b4:70:bf:fa:b6:7f:86:72:02:
                    b7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:12:8C:00:32:6E:C1:F4:53:27:F0:4A:32:F8:BB:69:A7:7B:62:DD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da9bbbe3-4484-4aab-92f6-3125c79233b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:60c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:ba:1d:04:40:ce:bc:30:74:75:d2:87:dc:b1:fb:8d:6f:d9:
         57:58:c4:6a:c9:84:b0:a3:6a:8e:af:8b:35:07:bd:ac:23:75:
         8e:0c:88:24:5d:23:f5:c9:23:44:97:76:81:2e:1b:de:ae:5a:
         d2:f9:4b:68:59:60:c5:d4:76:71:20:76:3a:a7:6a:eb:1c:48:
         92:e1:1a:00:d6:06:80:67:6b:8d:b0:b2:98:14:4a:7e:db:84:
         15:ba:3d:81:7a:82:a5:53:17:0a:1e:ae:bf:bc:0b:a0:24:e5:
         82:5c:61:2a:d4:10:39:b8:32:f9:27:e9:f0:9f:57:91:33:01:
         64:d7:9e:ba:ee:9a:34:d2:f1:a7:49:66:80:3c:61:05:10:89:
         f6:c2:0f:4f:7d:3c:d2:16:6a:02:75:a0:93:17:8d:09:ea:31:
         34:e9:ca:c5:10:a4:d7:8a:29:6d:6f:21:3c:48:fe:06:44:82:
         78:db:95:5a:7c:21:40:bf:d3:43:ff:6e:db:50:00:2c:76:60:
         d1:13:13:62:39:6f:0f:5b:f3:79:2f:2a:dc:37:fb:45:4d:5e:
         47:a6:0c:27:c7:6d:95:91:14:53:10:3a:d6:69:cc:b8:dd:5a:
         57:95:fe:74:4a:a4:94:13:af:15:2d:27:97:0d:f2:ac:d0:31:
         d1:12:1b:63
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULsB0C+IFe3hV6YJGfjVmtHtDsZgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIwMTE4WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNDE1ZTI1Yjg0NjJjZTNiODdlM2Y2YjUxMDk1NThhNGQy
OGUyMjM0OTEzODFmNGY1YmEwMTYwYTMxMjA1MTE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrKZ7s8P+qoXuHsLWHnuoiE1bAi6g5QIVqViugS5M1PAGq
lnhkUv7MPtBw0p2ksjQmzbbhwbfaRivFrwL3uYuU4BrpNsKgC5dalOcWwM1be+Zu
XlINIpPxH77zeRft1MUea3V0EEdbxa2PaNClvVltJg5n8s44uS/ViJKMp2jy1sa8
nIViqS/Wxm+ZpGKtstSjzYqT93+fmhfYpOpkeQpBN65fQl+cDiJpskqGdvJeN5eA
3P0l0sG9OQwNuweD9zyxIv+iMg2vxtzqKNAyZ/P4suZkFk3EZBpNrrbu1YtlVLlF
4MZLNQLZHx3p6pMZRAc/J6DO7bRwv/q2f4ZyArfjAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUPhKMADJuwfRTJ/BKMvi7aad7Yt0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhOWJiYmUzLTQ0ODQtNGFhYi05MmY2LTMxMjVjNzkyMzNiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AYMAwDQYJKoZIhvcNAQELBQADggEBAMK6HQRAzrwwdHXSh9yx+41v
2VdYxGrJhLCjao6vizUHvawjdY4MiCRdI/XJI0SXdoEuG96uWtL5S2hZYMXUdnEg
djqnauscSJLhGgDWBoBna42wspgUSn7bhBW6PYF6gqVTFwoerr+8C6Ak5YJcYSrU
EDm4Mvkn6fCfV5EzAWTXnrrumjTS8adJZoA8YQUQifbCD099PNIWagJ1oJMXjQnq
MTTpysUQpNeKKW1vITxI/gZEgnjblVp8IUC/00P/bttQACx2YNETE2I5bw9b83kv
Ktw3+0VNXkemDCfHbZWRFFMQOtZpzLjdWleV/nRKpJQTrxUtJ5cN8qzQMdESG2M=
-----END CERTIFICATE-----