Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f89be87-45c1-410c-99ee-05d9e524cb54.roa
File:                     0f89be87-45c1-410c-99ee-05d9e524cb54.roa (raw, json)
Hash identifier:          5oOUynyo6FQezb+eQBTwXgSm4VtgnCczrcdFe1VMoJc=
Subject key identifier:   96:77:28:62:51:49:DE:FA:76:E0:6F:C4:E1:8E:92:43:E3:2D:8B:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3CF034B02157FF23C976AA88892DE46ABDC3BA33
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f89be87-45c1-410c-99ee-05d9e524cb54.roa
Signing time:             Tue 04 Nov 2025 00:20:06 +0000
ROA not before:           Tue 04 Nov 2025 00:20:06 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:a400::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f0:34:b0:21:57:ff:23:c9:76:aa:88:89:2d:e4:6a:bd:c3:ba:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:20:06 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=5c2e92eeaced101d0dd2e1acc86ff8c492b247bf3b1be42cdf7711fd9bf6e931, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:cf:cc:99:ba:d6:10:f3:b3:79:9d:8d:8e:08:
                    f4:43:d6:00:68:6d:8e:76:88:b3:ea:c8:9f:e6:4e:
                    59:18:12:7d:a9:df:b9:9d:7e:8c:e6:ba:cc:95:ff:
                    f1:72:bf:69:18:c8:72:7d:a5:e9:76:9d:8d:20:ac:
                    3c:56:31:be:25:96:f4:1b:e6:94:e8:69:4e:72:97:
                    7b:cb:9a:58:10:cb:8e:1f:c3:f8:ff:60:8c:be:ee:
                    3e:27:ab:cf:95:c7:41:1a:71:47:b6:0f:dc:2e:43:
                    39:79:50:0f:ec:bd:76:00:4d:25:03:d7:b7:f2:20:
                    15:a5:42:0b:f2:34:62:e9:5d:b9:80:fb:f0:77:d6:
                    f2:aa:2a:a6:9a:d4:fe:92:00:2a:f2:e2:90:cc:36:
                    b4:c2:c4:08:cb:68:96:f0:9b:b7:24:db:1d:9a:a4:
                    e4:b4:e2:12:dd:04:4a:87:5b:9c:69:40:cc:bc:71:
                    69:0e:26:4f:01:79:21:4d:49:2e:64:d8:dc:66:7c:
                    e9:01:47:87:54:ec:39:12:0b:37:0c:f4:df:31:34:
                    31:cd:7d:72:e4:8b:73:5c:80:a6:bc:c1:97:45:01:
                    58:f0:27:e7:97:25:86:c9:8f:75:e7:6d:0d:02:5b:
                    13:40:68:3d:2f:f1:b1:cd:91:73:28:3f:9e:09:7b:
                    33:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:77:28:62:51:49:DE:FA:76:E0:6F:C4:E1:8E:92:43:E3:2D:8B:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f89be87-45c1-410c-99ee-05d9e524cb54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         56:97:ca:48:12:ee:e9:45:df:9f:c0:03:51:df:18:21:d4:44:
         91:50:d2:8e:61:f8:5c:72:21:38:96:df:25:86:60:0a:88:db:
         d3:ac:9e:6e:10:fa:98:4e:ce:36:8a:5e:b1:6c:c3:5e:50:d0:
         50:f4:e0:e1:25:4f:81:48:8b:1e:b4:7a:87:c1:1e:2f:55:92:
         95:fd:32:75:24:ee:05:2b:6d:ab:ee:b8:f6:47:0b:67:9e:13:
         6b:11:66:5d:0b:7f:0d:a9:7d:20:03:a4:8c:89:3e:d5:56:2c:
         d7:1b:b7:1e:0f:b9:45:74:f6:c4:e8:2e:2a:5d:b5:99:ad:c6:
         b7:90:45:98:a1:ef:89:05:f4:8e:76:ed:bd:01:eb:95:ed:3a:
         b5:25:13:04:b8:a3:46:1f:61:5f:50:e6:76:7b:d3:1f:a3:9b:
         4f:2c:63:66:6e:29:00:53:3a:76:56:a3:67:55:9c:ec:d1:5c:
         14:e3:6a:d3:9b:73:2b:0b:17:70:91:46:9c:a0:69:a2:2e:9d:
         96:2b:57:43:21:a3:67:c7:b7:7b:a9:65:e5:e7:8c:b0:6b:eb:
         3e:d7:e3:88:94:6c:5d:4d:7a:a5:1a:17:52:85:c0:cf:c1:04:
         d8:9c:00:bb:79:b0:0f:54:4f:22:9f:43:b3:6c:1f:8d:56:fc:
         1d:58:c4:96
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPPA0sCFX/yPJdqqIiS3kar3DujMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAyMDA2WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzJlOTJlZWFjZWQxMDFkMGRkMmUxYWNjODZmZjhjNDky
YjI0N2JmM2IxYmU0MmNkZjc3MTFmZDliZjZlOTMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJz8yZutYQ87N5nY2OCPRD1gBobY52iLPqyJ/mTlkYEn2p
37mdfozmusyV//Fyv2kYyHJ9pel2nY0grDxWMb4llvQb5pToaU5yl3vLmlgQy44f
w/j/YIy+7j4nq8+Vx0EacUe2D9wuQzl5UA/svXYATSUD17fyIBWlQgvyNGLpXbmA
+/B31vKqKqaa1P6SACry4pDMNrTCxAjLaJbwm7ck2x2apOS04hLdBEqHW5xpQMy8
cWkOJk8BeSFNSS5k2NxmfOkBR4dU7DkSCzcM9N8xNDHNfXLki3NcgKa8wZdFAVjw
J+eXJYbJj3XnbQ0CWxNAaD0v8bHNkXMoP54JezPlAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUlncoYlFJ3vp24G/E4Y6SQ+Mti8IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBmODliZTg3LTQ1YzEtNDEwYy05OWVlLTA1ZDllNTI0Y2I1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/2pDANBgkqhkiG9w0BAQsFAAOCAQEAVpfKSBLu6UXfn8ADUd8YIdRE
kVDSjmH4XHIhOJbfJYZgCojb06yebhD6mE7ONopesWzDXlDQUPTg4SVPgUiLHrR6
h8EeL1WSlf0ydSTuBSttq+649kcLZ54TaxFmXQt/Dal9IAOkjIk+1VYs1xu3Hg+5
RXT2xOguKl21ma3Gt5BFmKHviQX0jnbtvQHrle06tSUTBLijRh9hX1DmdnvTH6Ob
TyxjZm4pAFM6dlajZ1Wc7NFcFONq05tzKwsXcJFGnKBpoi6dlitXQyGjZ8e3e6ll
5eeMsGvrPtfjiJRsXU16pRoXUoXAz8EE2JwAu3mwD1RPIp9Ds2wfjVb8HVjElg==
-----END CERTIFICATE-----