Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e6a02e-627a-43f7-826e-9ed87668d73d.roa
File:                     21e6a02e-627a-43f7-826e-9ed87668d73d.roa (raw, json)
Hash identifier:          AXYoyReZuOmAcrYpeLG36n31y/QuKbcWWog62PtQCL0=
Subject key identifier:   E7:FF:C4:68:36:F8:C6:68:EA:CC:93:B9:3C:56:A0:55:C6:F4:B4:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32C44451C6C3EA629B9A1767628CDEF11A1713F0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e6a02e-627a-43f7-826e-9ed87668d73d.roa
Signing time:             Mon 06 Oct 2025 16:02:51 +0000
ROA not before:           Mon 06 Oct 2025 16:02:51 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff3::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:c4:44:51:c6:c3:ea:62:9b:9a:17:67:62:8c:de:f1:1a:17:13:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:02:51 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=40a579c1afece8785490aa7d130f1b9c9f7e0a4b51c5d169b27befa28dba6e4f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:68:48:79:e0:3d:6e:d7:68:5f:f1:82:f3:cc:
                    0c:90:27:22:29:82:43:31:19:9f:e6:41:61:28:8e:
                    dd:c7:73:74:4a:f9:57:64:80:22:ee:c5:6e:d4:ad:
                    94:08:1c:52:ec:24:e8:5c:2f:1c:cd:0b:95:3d:19:
                    fd:76:ea:be:9f:09:d8:cd:8b:6e:e0:35:b3:ad:a6:
                    83:d1:22:79:8f:8e:04:a7:d0:3a:11:fb:a3:50:d1:
                    26:ba:f2:ef:c6:14:42:27:ba:02:d5:c6:c3:50:bb:
                    c3:e4:3c:0b:ee:e6:cf:6e:97:4c:5a:43:df:bc:78:
                    6c:d0:ce:52:81:94:aa:4f:44:b4:bf:5a:1a:8a:b4:
                    a5:e4:6e:a8:e2:73:c5:f3:ea:46:a4:f4:31:84:52:
                    07:de:07:0c:cc:84:34:11:ab:2e:e7:53:88:68:83:
                    7b:2c:91:15:ed:e3:57:87:18:8a:d8:48:c6:53:a3:
                    57:5c:50:6e:06:d6:d1:5b:5d:be:3a:44:9b:b7:de:
                    c6:6e:dd:fd:14:2a:cf:b0:75:19:d4:be:7f:ea:ec:
                    5a:35:87:d2:17:40:eb:e4:34:c9:28:6b:17:e9:ab:
                    cc:bf:79:cf:7c:d4:8f:4e:c9:4c:33:fd:16:a3:29:
                    88:11:db:fc:ec:33:4e:78:9a:50:62:80:15:83:96:
                    2c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:FF:C4:68:36:F8:C6:68:EA:CC:93:B9:3C:56:A0:55:C6:F4:B4:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e6a02e-627a-43f7-826e-9ed87668d73d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff3::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:50:98:1b:d2:e7:8f:3e:27:90:e3:13:34:82:26:5e:eb:9f:
         6c:dd:35:db:de:3d:fb:fe:49:ce:2e:bb:9e:da:aa:6d:f8:49:
         57:78:88:0b:46:61:68:49:12:1e:de:1b:dd:87:53:31:4d:a6:
         e7:b2:5e:41:68:6a:69:32:49:31:67:d3:0b:f9:a1:95:0b:89:
         28:ef:9e:09:14:8a:7d:91:a2:e8:c0:c8:93:dd:6a:c6:91:c7:
         0e:b8:4e:ae:54:6f:96:46:9d:3d:cc:fe:c6:f1:d6:48:9d:b2:
         bb:ad:ed:a0:7e:c2:41:4f:34:b2:9f:fc:d4:37:07:18:0c:63:
         8e:3a:4e:b2:5f:8d:a5:5b:23:a8:90:db:26:db:a1:cd:a0:d5:
         6d:a8:1c:6b:9b:f0:fc:74:2d:b1:a4:83:11:a1:f0:14:ab:c1:
         97:36:46:cc:26:63:73:fa:e8:6b:b5:db:83:bc:e2:d8:dd:33:
         c0:50:17:a2:97:93:5a:5d:33:5e:54:ad:48:df:1b:98:92:b3:
         3a:cd:a7:95:b4:05:26:04:d1:55:a4:92:88:68:7e:b6:a6:f2:
         fc:e6:d7:ad:dc:8a:11:dd:94:82:bb:00:58:97:c1:74:5e:e9:
         b1:d6:c4:72:a1:73:b6:6e:f6:70:54:c1:11:a2:31:b0:54:27:
         1d:66:e5:d6
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUMsREUcbD6mKbmhdnYoze8RoXE/AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYwMjUxWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MGE1NzljMWFmZWNlODc4NTQ5MGFhN2QxMzBmMWI5Yzlm
N2UwYTRiNTFjNWQxNjliMjdiZWZhMjhkYmE2ZTRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBaEh54D1u12hf8YLzzAyQJyIpgkMxGZ/mQWEojt3Hc3RK
+VdkgCLuxW7UrZQIHFLsJOhcLxzNC5U9Gf126r6fCdjNi27gNbOtpoPRInmPjgSn
0DoR+6NQ0Sa68u/GFEInugLVxsNQu8PkPAvu5s9ul0xaQ9+8eGzQzlKBlKpPRLS/
WhqKtKXkbqjic8Xz6kak9DGEUgfeBwzMhDQRqy7nU4hog3sskRXt41eHGIrYSMZT
o1dcUG4G1tFbXb46RJu33sZu3f0UKs+wdRnUvn/q7Fo1h9IXQOvkNMkoaxfpq8y/
ec981I9OyUwz/RajKYgR2/zsM054mlBigBWDlizdAgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQU5//EaDb4xmjqzJO5PFagVcb0tMkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxZTZhMDJlLTYyN2EtNDNmNy04MjZlLTllZDg3NjY4ZDczZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB/zMA0GCSqGSIb3DQEBCwUAA4IBAQC7UJgb0uePPieQ4xM0giZe659s
3TXb3j37/knOLrue2qpt+ElXeIgLRmFoSRIe3hvdh1MxTabnsl5BaGppMkkxZ9ML
+aGVC4ko754JFIp9kaLowMiT3WrGkccOuE6uVG+WRp09zP7G8dZInbK7re2gfsJB
TzSyn/zUNwcYDGOOOk6yX42lWyOokNsm26HNoNVtqBxrm/D8dC2xpIMRofAUq8GX
NkbMJmNz+uhrtduDvOLY3TPAUBeil5NaXTNeVK1I3xuYkrM6zaeVtAUmBNFVpJKI
aH62pvL85tet3IoR3ZSCuwBYl8F0Xumx1sRyoXO2bvZwVMERojGwVCcdZuXW
-----END CERTIFICATE-----