Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8abeef96-6bb3-461d-ba23-da389d854132.roa
File:                     8abeef96-6bb3-461d-ba23-da389d854132.roa (raw, json)
Hash identifier:          q51Pie9Q/ILPRXDT2/j8HLM/j4hB9Z+szJTDOeiY5w0=
Subject key identifier:   D5:62:CB:F8:F6:1D:AF:44:28:5C:C0:23:CA:4D:96:10:99:49:49:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A4DC94B3D05C26B4D412996C59ADDA9198C2B71
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8abeef96-6bb3-461d-ba23-da389d854132.roa
Signing time:             Tue 11 Nov 2025 01:10:09 +0000
ROA not before:           Tue 11 Nov 2025 01:10:09 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ff2:2040::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:4d:c9:4b:3d:05:c2:6b:4d:41:29:96:c5:9a:dd:a9:19:8c:2b:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:10:09 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=fac25450a7522caabffbc567943a41d18e37cbed4c391a543ec1eeddb1089294, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:92:2a:f5:cc:3d:5f:c3:bc:ad:36:32:7e:2a:
                    fb:2f:f7:73:97:9a:46:33:3b:99:86:05:6f:bc:df:
                    b2:01:4d:96:51:8e:f5:1f:af:72:be:bb:d4:ec:32:
                    e7:30:a2:76:37:27:8e:a9:6f:85:39:38:77:c3:4c:
                    b5:dc:34:6e:50:73:69:77:59:99:0d:ed:43:c8:ac:
                    13:79:7d:44:63:d6:9c:71:fc:65:fb:19:bc:ae:01:
                    c5:8f:15:4e:b7:b5:99:1b:6b:34:c9:fa:55:13:d1:
                    c9:46:62:f6:51:eb:6f:a4:79:02:23:d0:8c:fd:e4:
                    88:ad:b3:7d:22:2c:be:2f:83:4c:d7:70:28:50:f5:
                    1a:d1:8d:49:e8:9f:0b:40:01:63:87:d9:52:ab:fe:
                    a7:66:c2:75:11:3a:42:a7:a0:88:43:3c:61:b0:39:
                    6a:70:2b:1b:24:96:53:9a:75:f1:8f:1e:4e:8e:69:
                    41:c9:19:26:80:ed:3d:08:b0:78:a2:60:31:2a:13:
                    dd:24:83:30:19:ba:05:60:1d:fa:e1:7f:71:a5:8f:
                    2e:de:32:c4:57:14:d4:35:06:39:bf:4c:98:b0:40:
                    b8:af:59:30:4f:9d:d2:51:a4:d7:d3:75:1e:bb:41:
                    64:10:48:09:ca:13:26:e4:a9:34:1a:58:2e:72:65:
                    91:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:62:CB:F8:F6:1D:AF:44:28:5C:C0:23:CA:4D:96:10:99:49:49:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8abeef96-6bb3-461d-ba23-da389d854132.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:86:bb:74:94:9a:d0:7b:9b:23:37:d8:b9:9f:ca:5b:f7:bb:
         82:67:b6:23:e1:1c:ef:69:37:34:80:0b:f1:d1:3d:52:72:d9:
         09:58:f6:89:fe:fb:ac:7f:70:74:06:b6:f9:a5:46:2f:29:be:
         d9:16:97:29:d0:53:35:81:83:f9:2a:6b:80:ec:94:19:e3:14:
         c8:12:9a:78:86:d8:f1:17:d4:01:5e:7e:c7:3c:d2:6d:42:01:
         3e:53:9f:52:ae:01:7c:cb:47:63:e2:4c:25:33:9d:a9:19:98:
         ae:33:19:ab:42:7d:ad:b3:99:ff:12:48:01:a7:63:d7:fc:e1:
         46:01:96:ef:68:48:9c:3c:c3:5d:11:f9:fe:b1:52:74:ba:e8:
         3d:7e:a3:e9:9e:89:44:e5:95:a9:b0:a2:e5:1a:86:28:87:56:
         7e:d2:0a:83:6a:21:39:5c:7a:0a:7e:05:80:5d:6c:5d:0c:13:
         c8:82:7d:6b:07:ec:a0:48:83:a5:5d:cd:20:b2:b9:11:28:8c:
         7b:00:f2:79:29:9f:b1:a4:24:cb:35:7f:ab:f0:18:1a:87:31:
         c3:6d:4e:b2:ce:ef:1b:c1:9a:b7:44:21:98:bf:3e:09:33:e9:
         f7:e2:65:64:f5:2e:13:aa:58:f6:60:67:3d:0a:df:e9:26:48:
         b0:b6:6f:e5
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCk3JSz0FwmtNQSmWxZrdqRmMK3EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDExMDA5WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWMyNTQ1MGE3NTIyY2FhYmZmYmM1Njc5NDNhNDFkMThl
MzdjYmVkNGMzOTFhNTQzZWMxZWVkZGIxMDg5Mjk0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClkir1zD1fw7ytNjJ+Kvsv93OXmkYzO5mGBW+837IBTZZR
jvUfr3K+u9TsMucwonY3J46pb4U5OHfDTLXcNG5Qc2l3WZkN7UPIrBN5fURj1pxx
/GX7GbyuAcWPFU63tZkbazTJ+lUT0clGYvZR62+keQIj0Iz95Iits30iLL4vg0zX
cChQ9RrRjUnonwtAAWOH2VKr/qdmwnUROkKnoIhDPGGwOWpwKxskllOadfGPHk6O
aUHJGSaA7T0IsHiiYDEqE90kgzAZugVgHfrhf3Gljy7eMsRXFNQ1Bjm/TJiwQLiv
WTBPndJRpNfTdR67QWQQSAnKEybkqTQaWC5yZZEVAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU1WLL+PYdr0QoXMAjyk2WEJlJSX8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhhYmVlZjk2LTZiYjMtNDYxZC1iYTIzLWRhMzg5ZDg1NDEzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/yIEAwDQYJKoZIhvcNAQELBQADggEBACKGu3SUmtB7myM32Lmfylv3
u4JntiPhHO9pNzSAC/HRPVJy2QlY9on++6x/cHQGtvmlRi8pvtkWlynQUzWBg/kq
a4DslBnjFMgSmniG2PEX1AFefsc80m1CAT5Tn1KuAXzLR2PiTCUznakZmK4zGatC
fa2zmf8SSAGnY9f84UYBlu9oSJw8w10R+f6xUnS66D1+o+meiUTllamwouUahiiH
Vn7SCoNqITlcegp+BYBdbF0ME8iCfWsH7KBIg6VdzSCyuREojHsA8nkpn7GkJMs1
f6vwGBqHMcNtTrLO7xvBmrdEIZi/Pgkz6ffiZWT1LhOqWPZgZz0K3+kmSLC2b+U=
-----END CERTIFICATE-----