Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7cbee864-9fac-416e-8092-c63081d891ee.roa
File:                     7cbee864-9fac-416e-8092-c63081d891ee.roa (raw, json)
Hash identifier:          id9l3SNBaUOeF1w5i/NdKZ8aIWQHjR/ZH2aBh80E71U=
Subject key identifier:   8B:0D:BE:43:CA:A1:D8:2A:13:92:37:0C:4C:01:E5:C9:2B:24:58:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2871B50526BFE3731517B80A68BEEFAFE9323562
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7cbee864-9fac-416e-8092-c63081d891ee.roa
Signing time:             Wed 29 Oct 2025 07:26:48 +0000
ROA not before:           Wed 29 Oct 2025 07:26:48 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fea:8000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:71:b5:05:26:bf:e3:73:15:17:b8:0a:68:be:ef:af:e9:32:35:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 07:26:48 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=ba5a7a8324705ef6f65281a92138dcf9270355a4ad678e6db56855677498d038, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2c:fe:dd:b6:a1:fc:32:28:13:d8:c6:80:78:
                    6e:fb:d8:45:ec:e5:bf:8e:9d:62:9d:d2:d0:ce:35:
                    2f:36:7b:1f:a7:53:c2:b2:cd:9e:60:b3:63:ba:38:
                    d3:4c:28:a6:15:1c:16:06:41:9a:33:6c:2b:7f:63:
                    e2:28:2b:0c:66:33:cf:d9:7c:4c:7a:30:32:40:ef:
                    cb:00:a0:d5:e9:8d:9c:3f:14:ea:eb:85:20:f5:a9:
                    d6:51:7b:37:ba:55:1f:6d:28:7a:f9:5c:35:29:fa:
                    e7:e7:ee:a7:9f:02:ee:30:a8:2a:02:91:f1:81:09:
                    6b:85:8a:e0:28:98:2f:42:1e:81:d4:9d:e4:e4:18:
                    37:3c:22:23:b5:ec:47:f3:3d:a5:ae:30:7a:e4:85:
                    98:06:a8:18:47:93:11:57:ef:00:26:57:c2:fc:f8:
                    20:c6:86:df:a7:58:13:9f:ef:a6:f7:48:de:68:aa:
                    55:d1:2a:76:fd:d7:df:6b:d2:70:97:a2:65:47:b5:
                    44:f9:a0:ab:7d:2b:36:6d:cc:18:2b:5b:d3:66:b2:
                    8c:de:e8:0f:06:4f:dc:f5:0a:db:b7:92:8a:4b:1f:
                    f0:61:fc:ae:1d:a4:da:6b:aa:a7:d5:6a:c0:da:c0:
                    91:0c:ca:39:ee:19:86:87:67:64:7e:3a:2c:5e:e5:
                    8b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0D:BE:43:CA:A1:D8:2A:13:92:37:0C:4C:01:E5:C9:2B:24:58:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7cbee864-9fac-416e-8092-c63081d891ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fea:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         c2:72:db:e9:02:b5:d0:c3:2a:34:b0:ec:3f:71:a6:29:d7:ac:
         2a:9b:a2:63:94:15:ab:b7:1a:6c:3a:e1:91:58:54:e3:43:a0:
         1b:ed:f7:52:30:e7:bb:3f:85:f0:13:3e:e6:1d:db:b3:c8:95:
         28:68:53:7b:a3:d6:79:56:dc:e3:e7:b2:7a:a8:be:b6:8c:33:
         cc:37:98:12:b6:da:42:e8:b0:ee:95:52:86:7e:27:23:58:0e:
         ad:c7:60:95:8c:30:35:58:61:7b:39:cf:a3:89:54:11:a3:1f:
         42:e8:a8:a6:bf:a0:ec:af:29:99:83:b5:16:74:7d:11:12:29:
         2a:11:d3:c7:46:81:77:0d:5a:bf:dd:72:cb:55:48:76:95:e2:
         82:41:f8:4c:f5:89:b4:ba:d9:1d:9b:3a:14:82:91:24:ee:4f:
         d9:59:70:2f:21:ed:3a:e4:cb:63:41:51:6f:52:84:e3:c3:be:
         88:40:e6:67:73:93:00:27:2c:0d:0b:83:13:0b:37:45:47:fc:
         51:ac:40:bb:1e:4c:cf:5c:7f:af:fb:78:73:26:68:bd:22:af:
         3e:66:64:d8:49:fd:01:32:18:3d:c1:da:9c:bf:39:b2:08:1b:
         2a:f4:3e:a3:0d:63:d3:bd:dd:b9:f5:36:fb:17:24:67:41:36:
         02:a4:b9:bc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKHG1BSa/43MVF7gKaL7vr+kyNWIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDcyNjQ4WhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYTVhN2E4MzI0NzA1ZWY2ZjY1MjgxYTkyMTM4ZGNmOTI3
MDM1NWE0YWQ2NzhlNmRiNTY4NTU2Nzc0OThkMDM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPLP7dtqH8MigT2MaAeG772EXs5b+OnWKd0tDONS82ex+n
U8KyzZ5gs2O6ONNMKKYVHBYGQZozbCt/Y+IoKwxmM8/ZfEx6MDJA78sAoNXpjZw/
FOrrhSD1qdZReze6VR9tKHr5XDUp+ufn7qefAu4wqCoCkfGBCWuFiuAomC9CHoHU
neTkGDc8IiO17EfzPaWuMHrkhZgGqBhHkxFX7wAmV8L8+CDGht+nWBOf76b3SN5o
qlXRKnb9199r0nCXomVHtUT5oKt9KzZtzBgrW9Nmsoze6A8GT9z1Ctu3kopLH/Bh
/K4dpNprqqfVasDawJEMyjnuGYaHZ2R+Oixe5YulAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUiw2+Q8qh2CoTkjcMTAHlySskWO0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdjYmVlODY0LTlmYWMtNDE2ZS04MDkyLWM2MzA4MWQ4OTFlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/qgDANBgkqhkiG9w0BAQsFAAOCAQEAwnLb6QK10MMqNLDsP3GmKdes
KpuiY5QVq7cabDrhkVhU40OgG+33UjDnuz+F8BM+5h3bs8iVKGhTe6PWeVbc4+ey
eqi+towzzDeYErbaQuiw7pVShn4nI1gOrcdglYwwNVhheznPo4lUEaMfQuiopr+g
7K8pmYO1FnR9ERIpKhHTx0aBdw1av91yy1VIdpXigkH4TPWJtLrZHZs6FIKRJO5P
2VlwLyHtOuTLY0FRb1KE48O+iEDmZ3OTACcsDQuDEws3RUf8UaxAux5Mz1x/r/t4
cyZovSKvPmZk2En9ATIYPcHanL85sggbKvQ+ow1j073dufU2+xckZ0E2AqS5vA==
-----END CERTIFICATE-----