Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33d00f85-2dad-40e9-ad84-05aa8de0f228.roa
File:                     33d00f85-2dad-40e9-ad84-05aa8de0f228.roa (raw, json)
Hash identifier:          NtbDZJCmZ8N4yLJN//3wpCjhFLqNfqv/i/4RVKWNafs=
Subject key identifier:   ED:9F:E3:C0:98:72:C2:19:D2:83:8B:FA:85:5E:5A:D4:A8:EF:DE:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68837213173D8B2B9B1124B367D2123128B61FF0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33d00f85-2dad-40e9-ad84-05aa8de0f228.roa
Signing time:             Tue 28 Oct 2025 01:01:17 +0000
ROA not before:           Tue 28 Oct 2025 01:01:17 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1b:8000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:83:72:13:17:3d:8b:2b:9b:11:24:b3:67:d2:12:31:28:b6:1f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 01:01:17 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=d4215a92f8a31218d2787ef24957960c1ad08fcc79567ca8da91937a9239483f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:80:92:f8:52:44:34:f8:24:a8:9c:25:2e:e5:
                    63:d4:c4:12:32:dc:62:99:5b:5d:d6:2e:f7:64:0e:
                    b7:b2:cf:09:23:95:04:9b:99:f8:73:a7:de:97:b0:
                    a0:da:d2:f5:60:0d:41:9f:4a:ae:3b:19:7f:5b:85:
                    c3:02:f7:49:e7:73:b4:56:f2:ad:f7:12:65:9f:51:
                    08:cd:0a:6d:d0:60:26:78:a7:63:06:6f:49:b9:58:
                    ab:3a:54:c8:f9:7c:19:ee:72:85:60:08:3e:05:25:
                    ae:80:6c:f0:e8:1d:51:e3:24:57:28:2f:87:e5:86:
                    7f:9d:ec:2f:8d:76:38:13:bf:30:df:16:f2:a7:9d:
                    54:bb:24:78:64:29:c8:d8:da:d6:1e:a8:a1:a7:89:
                    01:d6:74:8a:76:be:be:0c:57:f5:da:02:05:7e:3e:
                    21:73:79:4d:23:93:c8:9a:ca:1c:76:96:ae:7c:bf:
                    22:ff:66:6a:58:15:3b:b4:5c:32:1c:14:51:35:ed:
                    c7:2c:45:a4:e1:bf:2f:89:ec:6c:b7:32:d3:ae:25:
                    db:99:f3:06:a9:64:1f:29:56:ea:20:8c:7e:fd:b4:
                    c2:a4:d5:bd:13:85:57:51:3c:59:cd:07:85:b1:49:
                    7a:df:af:b9:be:87:ff:c2:ef:3b:fa:42:31:da:63:
                    9f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9F:E3:C0:98:72:C2:19:D2:83:8B:FA:85:5E:5A:D4:A8:EF:DE:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33d00f85-2dad-40e9-ad84-05aa8de0f228.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1b:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         68:b6:9d:dd:90:08:c8:8e:2a:fc:c3:b0:56:ca:9f:06:02:27:
         33:98:ca:d8:c0:6c:a0:78:f7:d7:41:2c:ac:a3:c3:c4:68:4d:
         e8:b0:89:91:8e:d5:33:93:bc:e4:c9:0c:e9:44:0c:d2:cd:21:
         aa:cc:9e:13:7b:cf:44:46:b9:8a:b3:fc:07:fb:1a:5d:d7:4e:
         90:e4:a1:17:fb:e5:11:41:c0:7e:09:36:79:12:cb:f7:5d:2b:
         19:0c:c3:1a:5a:31:65:95:64:f9:3d:15:f0:90:40:15:01:31:
         8a:cb:46:94:78:77:c6:a9:2c:c5:78:20:56:38:4f:34:f7:85:
         2f:3b:bc:13:b9:6b:ea:1a:8e:77:89:1d:2f:da:db:3c:17:b7:
         b7:ef:ae:b6:e9:a1:f1:13:2b:dd:e4:08:7e:1a:71:e6:e6:39:
         c7:a3:ac:21:15:e2:8c:40:02:ac:5a:75:b4:5b:66:f0:03:07:
         b2:30:50:98:39:92:15:d3:c9:79:83:7c:62:4a:52:c3:53:c6:
         6d:53:1b:e3:5b:ab:5d:ab:f3:36:6b:b9:ce:64:d4:d1:bb:ab:
         b4:3b:fa:1d:46:dc:62:31:b1:be:01:73:e4:d7:30:88:d4:63:
         52:c6:06:30:f6:af:32:c9:8c:eb:3e:25:59:5f:50:2b:13:83:
         df:dd:b7:b7
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUaINyExc9iyubESSzZ9ISMSi2H/AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDEwMTE3WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDIxNWE5MmY4YTMxMjE4ZDI3ODdlZjI0OTU3OTYwYzFh
ZDA4ZmNjNzk1NjdjYThkYTkxOTM3YTkyMzk0ODNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBgJL4UkQ0+CSonCUu5WPUxBIy3GKZW13WLvdkDreyzwkj
lQSbmfhzp96XsKDa0vVgDUGfSq47GX9bhcMC90nnc7RW8q33EmWfUQjNCm3QYCZ4
p2MGb0m5WKs6VMj5fBnucoVgCD4FJa6AbPDoHVHjJFcoL4flhn+d7C+NdjgTvzDf
FvKnnVS7JHhkKcjY2tYeqKGniQHWdIp2vr4MV/XaAgV+PiFzeU0jk8iayhx2lq58
vyL/ZmpYFTu0XDIcFFE17ccsRaThvy+J7Gy3MtOuJduZ8wapZB8pVuogjH79tMKk
1b0ThVdRPFnNB4WxSXrfr7m+h//C7zv6QjHaY59hAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU7Z/jwJhywhnSg4v6hV5a1Kjv3tEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzZDAwZjg1LTJkYWQtNDBlOS1hZDg0LTA1YWE4ZGUwZjIyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8bgDANBgkqhkiG9w0BAQsFAAOCAQEAaLad3ZAIyI4q/MOwVsqfBgIn
M5jK2MBsoHj310EsrKPDxGhN6LCJkY7VM5O85MkM6UQM0s0hqsyeE3vPREa5irP8
B/saXddOkOShF/vlEUHAfgk2eRLL910rGQzDGloxZZVk+T0V8JBAFQExistGlHh3
xqksxXggVjhPNPeFLzu8E7lr6hqOd4kdL9rbPBe3t++utumh8RMr3eQIfhpx5uY5
x6OsIRXijEACrFp1tFtm8AMHsjBQmDmSFdPJeYN8YkpSw1PGbVMb41urXavzNmu5
zmTU0burtDv6HUbcYjGxvgFz5NcwiNRjUsYGMPavMsmM6z4lWV9QKxOD3923tw==
-----END CERTIFICATE-----