Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3885190c-0e7d-4bef-85f4-9bad51bf98ab.roa
File:                     3885190c-0e7d-4bef-85f4-9bad51bf98ab.roa (raw, json)
Hash identifier:          OXSFtN+rPeZ7jfX5EnVfRXsJP9/5iczKklb/czQGPM8=
Subject key identifier:   02:45:9F:FD:FA:CD:CC:B1:CA:7A:AE:1E:B7:ED:8F:AD:95:AB:85:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       43C35AB9B8F354B003BB9EB854977204F28CA70B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3885190c-0e7d-4bef-85f4-9bad51bf98ab.roa
Signing time:             Tue 21 Oct 2025 00:40:53 +0000
ROA not before:           Tue 21 Oct 2025 00:40:53 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1a:c800::/37 maxlen: 37
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:c3:5a:b9:b8:f3:54:b0:03:bb:9e:b8:54:97:72:04:f2:8c:a7:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:40:53 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=cc0997e2d4c4b16568cb772218c3fe782ce58aa91d7d113f3e34ea4f577e4bb1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c2:43:c2:b5:34:a4:1c:c7:d3:4b:1a:6e:50:
                    86:d4:ec:27:d4:dc:01:5a:c9:71:a8:99:c7:cd:fa:
                    f3:8a:d8:4b:0a:c7:3a:88:d8:42:53:e2:f5:68:e0:
                    be:f0:e2:cf:da:08:c0:04:a8:03:8b:1d:79:a1:86:
                    6d:3a:14:3e:8b:95:94:2c:6c:44:f4:fc:79:b5:56:
                    df:2c:ac:16:06:18:a3:ee:a3:ca:48:1b:53:6b:dd:
                    5b:e7:40:12:6c:2b:c2:7f:0a:43:8f:ed:d5:31:b7:
                    45:98:42:87:42:8e:ea:5b:c4:c2:02:b1:1a:11:26:
                    ed:19:70:8c:d2:97:8d:41:3a:bf:96:59:89:70:8c:
                    1b:d0:f1:c9:0e:17:40:f1:a9:98:8b:2d:70:76:a9:
                    28:fc:13:e6:95:1d:5b:03:8d:f4:eb:67:dd:85:ee:
                    0d:84:16:c8:7f:52:d1:0a:8d:1e:2b:a8:ff:78:78:
                    7f:35:57:72:c3:0a:47:88:57:2f:5c:a4:94:d9:a4:
                    e2:d8:fe:f9:36:2d:1a:15:5a:ee:63:ab:68:dc:a2:
                    ed:0b:0c:84:9c:3e:55:ff:22:91:f7:00:91:d1:13:
                    fd:67:be:db:ac:74:ac:b6:86:64:74:d7:04:a7:12:
                    4f:b2:8d:ca:59:e8:ef:a2:d5:29:59:c4:b2:b5:97:
                    c5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:45:9F:FD:FA:CD:CC:B1:CA:7A:AE:1E:B7:ED:8F:AD:95:AB:85:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3885190c-0e7d-4bef-85f4-9bad51bf98ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1a:c800::/37

    Signature Algorithm: sha256WithRSAEncryption
         1f:23:41:47:ba:d6:ab:ff:6e:55:6e:75:ae:94:27:67:28:f7:
         92:dd:e4:35:6a:3b:d6:5d:43:9a:c5:d7:45:e8:50:d5:1b:78:
         07:cc:5b:2e:ad:67:03:c4:0d:65:5a:6e:74:52:c8:c0:18:8e:
         61:d6:13:42:0e:58:99:44:ea:c2:90:9f:0a:59:88:68:d1:e3:
         8e:13:53:fe:d1:e2:1b:d9:a2:15:8a:88:db:11:1d:e8:ee:bb:
         32:b5:d8:6d:35:ef:5b:45:7b:ae:0b:cb:ad:b1:a2:d7:d9:68:
         41:14:e0:97:aa:a1:a8:08:7b:08:5e:af:99:42:08:63:8a:47:
         bc:68:8a:48:00:f2:8c:5b:f6:d2:43:d7:7d:da:79:c5:77:17:
         26:ae:eb:67:fe:df:e7:52:ee:8a:1e:94:05:cf:53:ed:0d:8c:
         33:2c:51:b7:58:e0:38:2a:9d:80:cc:a8:0d:52:19:19:e1:94:
         ca:af:a4:e2:33:19:05:e5:8a:7b:d2:43:39:4e:fe:9a:ad:9a:
         4d:a4:7d:77:a6:2b:5d:30:68:5a:17:ac:87:af:1f:a3:c2:76:
         0f:ea:bf:4a:4b:dd:e0:82:51:c3:02:17:16:7c:d6:cd:f3:fd:
         29:0f:9a:e1:de:35:70:70:cf:2f:7a:58:e9:e5:a1:ea:92:40:
         d1:ae:e0:e7
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQ8NaubjzVLADu564VJdyBPKMpwswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MDUzWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzA5OTdlMmQ0YzRiMTY1NjhjYjc3MjIxOGMzZmU3ODJj
ZTU4YWE5MWQ3ZDExM2YzZTM0ZWE0ZjU3N2U0YmIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjwkPCtTSkHMfTSxpuUIbU7CfU3AFayXGomcfN+vOK2EsK
xzqI2EJT4vVo4L7w4s/aCMAEqAOLHXmhhm06FD6LlZQsbET0/Hm1Vt8srBYGGKPu
o8pIG1Nr3VvnQBJsK8J/CkOP7dUxt0WYQodCjupbxMICsRoRJu0ZcIzSl41BOr+W
WYlwjBvQ8ckOF0DxqZiLLXB2qSj8E+aVHVsDjfTrZ92F7g2EFsh/UtEKjR4rqP94
eH81V3LDCkeIVy9cpJTZpOLY/vk2LRoVWu5jq2jcou0LDIScPlX/IpH3AJHRE/1n
vtusdKy2hmR01wSnEk+yjcpZ6O+i1SlZxLK1l8WjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUAkWf/frNzLHKeq4et+2PrZWrhXMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4ODUxOTBjLTBlN2QtNGJlZi04NWY0LTliYWQ1MWJmOThhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8ayDANBgkqhkiG9w0BAQsFAAOCAQEAHyNBR7rWq/9uVW51rpQnZyj3
kt3kNWo71l1DmsXXRehQ1Rt4B8xbLq1nA8QNZVpudFLIwBiOYdYTQg5YmUTqwpCf
ClmIaNHjjhNT/tHiG9miFYqI2xEd6O67MrXYbTXvW0V7rgvLrbGi19loQRTgl6qh
qAh7CF6vmUIIY4pHvGiKSADyjFv20kPXfdp5xXcXJq7rZ/7f51Luih6UBc9T7Q2M
MyxRt1jgOCqdgMyoDVIZGeGUyq+k4jMZBeWKe9JDOU7+mq2aTaR9d6YrXTBoWhes
h68fo8J2D+q/Skvd4IJRwwIXFnzWzfP9KQ+a4d41cHDPL3pY6eWh6pJA0a7g5w==
-----END CERTIFICATE-----