Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/91bf7848-3999-4493-bb9a-0d9915c1accb.roa
File:                     91bf7848-3999-4493-bb9a-0d9915c1accb.roa (raw, json)
Hash identifier:          Q940NYHtL948qWoeDOWAoN9jV+U1dBC+x6ZsAWCeIPc=
Subject key identifier:   5C:27:8E:DB:84:79:68:F3:29:8F:78:A4:FE:3B:6A:13:2D:6D:AE:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       27E79062D0A027C9F2EEE0BFFC15B1C582D59329
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/91bf7848-3999-4493-bb9a-0d9915c1accb.roa
Signing time:             Tue 28 Oct 2025 00:20:49 +0000
ROA not before:           Tue 28 Oct 2025 00:20:49 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffd:80e1::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:e7:90:62:d0:a0:27:c9:f2:ee:e0:bf:fc:15:b1:c5:82:d5:93:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:20:49 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=93376003c9861efa2bf53a7f6ad7924e83dd12e89630749db4089a36d1953341, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9b:51:f3:05:83:65:46:89:7e:d0:97:d3:de:
                    ec:70:cd:fc:ee:15:f9:8e:b3:b2:ad:2a:21:5e:ef:
                    e8:70:67:d4:8e:3b:c8:29:bc:51:ba:8d:e0:f4:1d:
                    98:43:19:f3:a8:c1:83:dc:6d:ac:c9:f9:fc:d2:5b:
                    e6:0a:1f:45:70:13:90:a2:35:f9:4b:57:93:be:fb:
                    3f:c0:b3:13:a0:7b:60:2c:ac:87:24:7f:e1:5c:77:
                    a1:a3:15:b9:87:a6:4e:b6:51:c7:33:5b:03:ba:ca:
                    00:5b:2a:fa:06:02:e4:76:83:87:69:b1:29:f4:38:
                    c0:d8:cc:80:32:78:76:6a:0e:5c:bd:f4:8e:41:1c:
                    86:26:1c:77:7f:c4:9d:ca:d7:2b:71:85:00:d1:22:
                    87:86:09:d8:68:c5:2a:7d:41:1a:9c:b8:99:80:c0:
                    15:22:b7:39:d0:98:af:94:d7:45:c7:6a:9c:58:56:
                    3d:25:b8:c6:14:95:bb:e4:18:1e:5a:4a:ac:5e:93:
                    d3:e3:55:89:6d:14:8b:c1:00:2f:9b:4a:18:85:a1:
                    ac:47:10:61:8e:9e:89:ff:d0:47:22:6a:02:c7:1c:
                    bc:5a:f4:a5:4a:93:83:54:b5:cd:8a:52:e9:0e:93:
                    bd:43:75:51:3a:4a:b9:00:ba:08:15:05:33:26:2e:
                    14:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:27:8E:DB:84:79:68:F3:29:8F:78:A4:FE:3B:6A:13:2D:6D:AE:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/91bf7848-3999-4493-bb9a-0d9915c1accb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:80e1::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:f3:51:8c:11:ff:a5:12:c3:10:06:b5:d5:2a:e9:3a:04:2f:
         35:96:a0:03:43:6e:bd:53:9f:14:e6:d9:1d:e1:80:1e:bc:78:
         36:52:b2:2a:ee:ba:8b:03:c1:e8:79:8a:64:00:11:22:d5:3b:
         cc:6e:9f:7e:63:b8:71:a4:b2:6e:ca:4d:0e:33:bf:bb:2f:34:
         d7:d8:28:9c:5d:d0:ba:fa:72:b1:cf:56:c7:bf:73:63:33:47:
         e9:30:a8:67:87:e2:67:4a:6d:44:b4:5f:f0:9a:41:14:01:3e:
         7d:92:ae:1d:5f:47:1f:cf:92:cb:4c:52:57:63:ea:91:6c:4f:
         62:20:e0:3c:e0:fe:21:f8:1e:93:fc:10:08:13:6e:40:21:b1:
         f1:fc:f0:db:5c:8b:c5:ee:58:25:aa:29:3f:69:08:10:42:c4:
         06:90:3b:77:c2:30:fd:31:94:61:13:2b:07:ce:6a:a8:d1:1c:
         2a:c3:05:16:af:01:2e:b3:32:98:c6:de:7f:f0:05:23:be:64:
         11:b2:c7:02:bc:f0:9f:cf:f2:4f:74:8a:39:a0:15:89:16:d7:
         37:b3:4c:0f:d2:ff:9e:03:4b:4a:1f:d7:b2:69:f6:da:24:78:
         11:94:4a:f7:7f:64:68:d4:5c:93:57:5b:d6:ba:24:06:3a:de:
         a9:56:77:00
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJ+eQYtCgJ8ny7uC//BWxxYLVkykwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAyMDQ5WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzM3NjAwM2M5ODYxZWZhMmJmNTNhN2Y2YWQ3OTI0ZTgz
ZGQxMmU4OTYzMDc0OWRiNDA4OWEzNmQxOTUzMzQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEm1HzBYNlRol+0JfT3uxwzfzuFfmOs7KtKiFe7+hwZ9SO
O8gpvFG6jeD0HZhDGfOowYPcbazJ+fzSW+YKH0VwE5CiNflLV5O++z/AsxOge2As
rIckf+Fcd6GjFbmHpk62UcczWwO6ygBbKvoGAuR2g4dpsSn0OMDYzIAyeHZqDly9
9I5BHIYmHHd/xJ3K1ytxhQDRIoeGCdhoxSp9QRqcuJmAwBUitznQmK+U10XHapxY
Vj0luMYUlbvkGB5aSqxek9PjVYltFIvBAC+bShiFoaxHEGGOnon/0EciagLHHLxa
9KVKk4NUtc2KUukOk71DdVE6SrkAuggVBTMmLhSNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUXCeO24R5aPMpj3ik/jtqEy1trjkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkxYmY3ODQ4LTM5OTktNDQ5My1iYjlhLTBkOTkxNWMxYWNjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gOEwDQYJKoZIhvcNAQELBQADggEBAJfzUYwR/6USwxAGtdUq6ToE
LzWWoANDbr1TnxTm2R3hgB68eDZSsiruuosDweh5imQAESLVO8xun35juHGksm7K
TQ4zv7svNNfYKJxd0Lr6crHPVse/c2MzR+kwqGeH4mdKbUS0X/CaQRQBPn2Srh1f
Rx/PkstMUldj6pFsT2Ig4Dzg/iH4HpP8EAgTbkAhsfH88Ntci8XuWCWqKT9pCBBC
xAaQO3fCMP0xlGETKwfOaqjRHCrDBRavAS6zMpjG3n/wBSO+ZBGyxwK88J/P8k90
ijmgFYkW1zezTA/S/54DS0of17Jp9tokeBGUSvd/ZGjUXJNXW9a6JAY63qlWdwA=
-----END CERTIFICATE-----