Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc03b0b8-dc48-442a-b40c-185ce689ee9e.roa
File:                     dc03b0b8-dc48-442a-b40c-185ce689ee9e.roa (raw, json)
Hash identifier:          +1ekr9tmbssOr4oelyLBiEQNha+aXsFUMcnrF9BMxaY=
Subject key identifier:   8E:08:BB:35:A8:03:7D:93:9B:82:37:B4:6E:D3:B0:C3:42:2B:86:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       330395C6CD4368F999CB0916458F14CF137EB0D4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc03b0b8-dc48-442a-b40c-185ce689ee9e.roa
Signing time:             Tue 11 Nov 2025 01:32:13 +0000
ROA not before:           Tue 11 Nov 2025 01:32:13 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f38:2000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:03:95:c6:cd:43:68:f9:99:cb:09:16:45:8f:14:cf:13:7e:b0:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:32:13 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=5c24e315e12d62315c92ce0d602bc6efa9ee5982a04019eca2e410de1a538168, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c7:f7:b4:53:a6:24:98:86:75:3f:4e:87:6d:
                    89:64:c5:c1:42:bd:04:27:ed:b6:31:4b:5d:b5:9b:
                    82:f7:19:57:01:c3:24:04:c4:33:a9:1b:36:35:7c:
                    48:2b:e8:e8:e7:b8:1d:1a:8f:43:36:68:80:b4:eb:
                    10:6c:1c:33:fd:c6:9d:be:83:9f:d8:e7:df:08:ba:
                    a7:48:fc:30:8e:18:2e:0c:f6:e3:76:d1:b8:f2:10:
                    1f:95:25:24:5c:44:f6:1c:23:af:37:89:6d:6c:07:
                    6c:a3:15:9a:48:89:7f:64:41:a6:94:1e:ff:9c:b3:
                    b1:a2:30:19:b6:ea:5a:f1:5e:08:68:88:b9:43:0f:
                    06:80:68:04:50:e4:be:18:e4:51:02:64:f4:be:91:
                    85:cb:99:8c:3a:2e:4a:84:60:1a:0b:f2:96:d7:f9:
                    6c:f3:b8:b7:fa:8c:3f:38:ce:1d:c3:2b:61:03:21:
                    ee:dc:8a:34:35:ce:8c:00:67:34:3b:83:50:fd:c1:
                    54:e9:f3:d2:cf:eb:06:bd:25:8d:14:8b:d6:9d:62:
                    a8:02:b9:0b:71:0d:82:95:77:54:34:60:4f:79:79:
                    2a:ca:4d:8b:dd:3b:d4:36:87:f0:43:d7:19:a4:85:
                    83:08:a4:f8:49:7a:75:d7:04:2a:aa:5c:4b:82:3d:
                    19:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:08:BB:35:A8:03:7D:93:9B:82:37:B4:6E:D3:B0:C3:42:2B:86:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dc03b0b8-dc48-442a-b40c-185ce689ee9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4a:60:9f:71:7f:5e:1d:c4:5c:59:11:b4:d4:94:fa:56:20:9f:
         6f:e0:00:6b:00:64:b7:2f:60:a8:82:8d:29:e1:9c:6e:f5:bf:
         d3:73:42:20:a9:2e:2a:82:ed:c5:78:03:fa:51:25:80:49:3e:
         93:a9:d7:21:21:96:ea:b9:88:e6:d3:82:3e:14:81:18:a5:6d:
         65:00:f1:39:9d:1a:14:5b:27:95:1d:f4:1e:ec:e3:5b:09:8a:
         d2:40:ce:a8:36:00:27:66:40:c8:c7:a7:16:2d:9f:8a:c9:4a:
         89:30:31:f1:f4:cc:14:a8:73:95:ac:38:38:71:30:a3:a9:ea:
         0e:a2:49:dd:4c:2c:ec:29:18:0a:71:33:1b:f6:5a:b5:24:1c:
         f3:a6:19:cd:e8:87:48:db:0a:41:59:de:1a:c4:88:40:19:87:
         57:38:61:71:bb:7b:0b:93:23:7a:5c:1d:95:10:30:b5:97:ef:
         d1:a5:9c:45:d9:5b:49:85:52:07:f7:16:d9:d0:6e:d4:5a:db:
         31:f7:e7:68:79:e0:7a:16:c1:17:84:58:4f:3c:96:26:a2:9c:
         c8:bf:f1:4d:4e:3d:dd:2c:66:eb:8d:f1:64:d2:7c:6c:a2:80:
         06:61:82:4c:93:f1:06:36:02:08:e6:b1:24:56:59:e3:5c:4b:
         77:86:05:c0
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMwOVxs1DaPmZywkWRY8UzxN+sNQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEzMjEzWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzI0ZTMxNWUxMmQ2MjMxNWM5MmNlMGQ2MDJiYzZlZmE5
ZWU1OTgyYTA0MDE5ZWNhMmU0MTBkZTFhNTM4MTY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMx/e0U6YkmIZ1P06HbYlkxcFCvQQn7bYxS121m4L3GVcB
wyQExDOpGzY1fEgr6OjnuB0aj0M2aIC06xBsHDP9xp2+g5/Y598IuqdI/DCOGC4M
9uN20bjyEB+VJSRcRPYcI683iW1sB2yjFZpIiX9kQaaUHv+cs7GiMBm26lrxXgho
iLlDDwaAaARQ5L4Y5FECZPS+kYXLmYw6LkqEYBoL8pbX+WzzuLf6jD84zh3DK2ED
Ie7cijQ1zowAZzQ7g1D9wVTp89LP6wa9JY0Ui9adYqgCuQtxDYKVd1Q0YE95eSrK
TYvdO9Q2h/BD1xmkhYMIpPhJenXXBCqqXEuCPRkLAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUjgi7NagDfZObgje0btOww0IrhkYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RjMDNiMGI4LWRjNDgtNDQyYS1iNDBjLTE4NWNlNjg5ZWU5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB84IDANBgkqhkiG9w0BAQsFAAOCAQEASmCfcX9eHcRcWRG01JT6ViCf
b+AAawBkty9gqIKNKeGcbvW/03NCIKkuKoLtxXgD+lElgEk+k6nXISGW6rmI5tOC
PhSBGKVtZQDxOZ0aFFsnlR30HuzjWwmK0kDOqDYAJ2ZAyMenFi2fislKiTAx8fTM
FKhzlaw4OHEwo6nqDqJJ3Uws7CkYCnEzG/ZatSQc86YZzeiHSNsKQVneGsSIQBmH
Vzhhcbt7C5MjelwdlRAwtZfv0aWcRdlbSYVSB/cW2dBu1FrbMffnaHngehbBF4RY
TzyWJqKcyL/xTU493Sxm643xZNJ8bKKABmGCTJPxBjYCCOaxJFZZ41xLd4YFwA==
-----END CERTIFICATE-----