Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa784511-9eda-424b-996e-5ad4556ee606.roa
File:                     fa784511-9eda-424b-996e-5ad4556ee606.roa (raw, json)
Hash identifier:          d2tofls9jYf0s46/q4uCElr1aAMl8XzemISHsrRXlMc=
Subject key identifier:   A0:B8:EB:C7:EF:DD:79:BC:8A:3E:FB:6B:C3:BE:E3:37:3E:7B:B8:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A67D70BB7352E7DDA93FC29B7F3CBEB81F28408
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa784511-9eda-424b-996e-5ad4556ee606.roa
Signing time:             Wed 12 Nov 2025 00:31:09 +0000
ROA not before:           Wed 12 Nov 2025 00:31:09 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1e:4800::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:67:d7:0b:b7:35:2e:7d:da:93:fc:29:b7:f3:cb:eb:81:f2:84:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:31:09 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=a4b42e38f4c13d767b4613b071a1782139f0f1dadc19dea531e92eaf6cdb9d6a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:10:c4:45:29:5c:e1:9c:81:76:f1:0b:73:08:
                    95:99:50:7d:a4:8f:6a:8b:ff:18:7d:05:28:76:1f:
                    56:c9:93:07:99:e7:ee:8d:7f:f9:df:e7:6b:1e:a0:
                    89:e1:e9:75:b1:55:63:49:c9:93:39:41:72:23:10:
                    b9:44:31:b6:28:f0:63:07:6a:ab:71:ae:0d:fb:6b:
                    6f:3f:7c:dc:15:02:39:9b:be:b4:a0:7c:6c:cc:98:
                    a2:fd:9c:9f:3c:4e:a8:8e:42:6f:ff:19:9e:ea:b8:
                    66:7c:f8:0b:b9:e0:c1:64:86:04:b7:49:d1:1e:7e:
                    c8:f7:39:ea:3a:ed:2f:82:fa:ac:46:77:60:4a:28:
                    ac:cc:f0:bd:71:96:76:bd:7e:f9:a2:63:47:b3:a4:
                    95:54:a7:f7:3e:61:61:9e:d3:12:d8:54:79:98:33:
                    cd:f5:05:5b:7f:89:64:ef:93:67:da:ba:6b:84:a8:
                    41:45:fd:5e:ff:d1:b4:63:1c:6d:11:f5:9d:11:80:
                    9f:19:04:15:17:10:a2:68:07:a0:63:70:15:22:f0:
                    1d:e1:d2:78:33:a8:70:11:47:93:25:7c:70:66:07:
                    79:5b:9a:cb:5a:30:32:68:31:f3:70:2d:01:0c:d5:
                    b6:3d:42:dd:26:54:d4:86:16:4e:0d:a6:71:6a:b6:
                    3d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B8:EB:C7:EF:DD:79:BC:8A:3E:FB:6B:C3:BE:E3:37:3E:7B:B8:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fa784511-9eda-424b-996e-5ad4556ee606.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1e:4800::/37

    Signature Algorithm: sha256WithRSAEncryption
         5d:06:9f:b4:51:fa:0d:0d:1c:f2:97:ea:84:88:e5:1a:f6:18:
         c6:df:3f:c3:8b:2a:95:c8:0a:7f:9c:b4:f8:72:ad:80:3f:9f:
         a7:ec:6f:ae:9d:18:b3:a3:7e:f7:b3:0c:8b:3f:dc:c2:25:b9:
         28:3d:98:7b:67:08:f7:2d:83:82:2d:c8:8e:96:b3:ba:d7:21:
         39:35:76:3b:3c:62:65:00:c1:e1:3c:12:08:9e:82:b1:2b:a3:
         9d:ba:b3:76:e9:68:c3:3a:a3:92:66:9a:15:e3:65:b6:b8:9f:
         be:96:4b:3d:24:16:93:b6:23:8c:a9:7b:9d:a7:74:8b:6f:47:
         4b:74:a3:2f:2c:4f:4b:20:79:c5:fd:8f:3a:59:34:de:98:cd:
         a4:ca:f7:39:7b:15:64:06:51:20:f6:c0:5b:46:2f:10:5b:e8:
         5b:d7:00:d8:dc:62:82:2c:f1:7f:0c:65:eb:c0:22:77:5f:92:
         aa:e2:78:50:41:98:b7:81:57:7f:19:63:0b:47:2a:bf:a1:e8:
         ec:f4:00:e9:38:8c:9b:f5:b3:87:e0:90:a0:64:d9:b8:41:fc:
         8f:3d:d6:69:3e:24:59:0b:0f:4e:63:bd:de:f5:80:7b:80:a5:
         ba:d1:31:b5:41:47:2f:bf:62:c2:eb:b8:dc:0c:38:3f:45:49:
         6e:75:c0:cb
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUWmfXC7c1Ln3ak/wpt/PL64HyhAgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAzMTA5WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNGI0MmUzOGY0YzEzZDc2N2I0NjEzYjA3MWExNzgyMTM5
ZjBmMWRhZGMxOWRlYTUzMWU5MmVhZjZjZGI5ZDZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8EMRFKVzhnIF28QtzCJWZUH2kj2qL/xh9BSh2H1bJkweZ
5+6Nf/nf52seoInh6XWxVWNJyZM5QXIjELlEMbYo8GMHaqtxrg37a28/fNwVAjmb
vrSgfGzMmKL9nJ88TqiOQm//GZ7quGZ8+Au54MFkhgS3SdEefsj3Oeo67S+C+qxG
d2BKKKzM8L1xlna9fvmiY0ezpJVUp/c+YWGe0xLYVHmYM831BVt/iWTvk2faumuE
qEFF/V7/0bRjHG0R9Z0RgJ8ZBBUXEKJoB6BjcBUi8B3h0ngzqHARR5MlfHBmB3lb
mstaMDJoMfNwLQEM1bY9Qt0mVNSGFk4NpnFqtj1dAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUoLjrx+/debyKPvtrw77jNz57uPowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZhNzg0NTExLTllZGEtNDI0Yi05OTZlLTVhZDQ1NTZlZTYwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8eSDANBgkqhkiG9w0BAQsFAAOCAQEAXQaftFH6DQ0c8pfqhIjlGvYY
xt8/w4sqlcgKf5y0+HKtgD+fp+xvrp0Ys6N+97MMiz/cwiW5KD2Ye2cI9y2Dgi3I
jpazutchOTV2OzxiZQDB4TwSCJ6CsSujnbqzdulowzqjkmaaFeNltrifvpZLPSQW
k7YjjKl7nad0i29HS3SjLyxPSyB5xf2POlk03pjNpMr3OXsVZAZRIPbAW0YvEFvo
W9cA2Nxigizxfwxl68Aid1+SquJ4UEGYt4FXfxljC0cqv6Ho7PQA6TiMm/Wzh+CQ
oGTZuEH8jz3WaT4kWQsPTmO93vWAe4ClutExtUFHL79iwuu43Aw4P0VJbnXAyw==
-----END CERTIFICATE-----