Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a51cf629-3b5c-444d-a5a3-c49bffcebe3a.roa
File:                     a51cf629-3b5c-444d-a5a3-c49bffcebe3a.roa (raw, json)
Hash identifier:          69iVTJS+WfVBBDcV0ZqG+l/0Vh43rM951C9tgBAxPGc=
Subject key identifier:   66:73:12:86:70:3C:72:6D:5A:B5:CE:1D:1A:6D:9E:A9:B4:8D:03:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       50894AA053160F777FCB16C7CA9C7A1921BA3AD5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a51cf629-3b5c-444d-a5a3-c49bffcebe3a.roa
Signing time:             Tue 21 Oct 2025 00:40:12 +0000
ROA not before:           Tue 21 Oct 2025 00:40:12 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fef:8000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:89:4a:a0:53:16:0f:77:7f:cb:16:c7:ca:9c:7a:19:21:ba:3a:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:40:12 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=75c3c09a4783588b6fd4bcf63e74a6bd9a89a142bd0571a724e001a9aed2abda, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:cd:92:e1:2e:ca:61:42:0b:ff:63:3f:1b:2f:
                    62:4e:a0:8a:08:fa:07:5e:f7:19:8f:e7:c5:5d:fd:
                    84:aa:85:34:44:95:1a:e0:b2:e7:1c:54:5d:12:df:
                    d1:8d:78:a8:b2:1c:4e:71:ee:63:10:43:40:8a:d1:
                    d6:c5:c2:1c:73:8c:5d:4b:c9:c4:6f:4a:34:ba:4c:
                    a6:8e:18:b7:26:fa:0d:7d:6a:2d:a7:0b:52:34:56:
                    33:12:af:79:7e:fc:32:31:62:0b:7f:b0:a3:49:b4:
                    90:da:8a:9d:16:e1:4f:84:db:77:8a:2f:d4:ee:f2:
                    2a:ff:be:79:94:15:1f:cf:07:08:b0:80:90:83:b2:
                    1c:72:b4:8d:9e:b1:cf:83:57:d6:26:38:07:e0:45:
                    f4:3e:b0:97:60:6e:8d:84:21:fd:74:f1:5c:7b:9b:
                    ff:2f:70:6b:16:f4:82:3e:77:5b:0e:c2:20:03:3e:
                    23:ac:2d:53:23:d0:58:f1:fe:12:61:70:62:53:e7:
                    9c:2e:91:db:b7:77:8b:60:b1:85:a8:93:50:05:bc:
                    e8:5c:fb:63:b4:2c:4d:f1:4a:0f:05:01:db:29:5b:
                    3b:1f:04:c8:10:77:e5:1d:75:df:08:51:a4:98:ef:
                    10:08:3b:df:7d:c6:8a:3a:fe:5f:15:5c:46:ab:99:
                    cf:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:73:12:86:70:3C:72:6D:5A:B5:CE:1D:1A:6D:9E:A9:B4:8D:03:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a51cf629-3b5c-444d-a5a3-c49bffcebe3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fef:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         a9:67:82:11:fe:29:61:8d:63:74:72:8d:94:c4:93:f5:e5:50:
         51:b7:32:37:7b:47:d1:28:47:6c:68:8e:37:f0:e4:37:5c:9a:
         97:98:13:a3:d6:91:ea:71:57:6a:9c:05:0e:a2:17:1f:c4:4c:
         6d:16:09:2c:53:7f:0a:4b:a9:bc:a0:7b:c0:c2:1c:ab:d2:6d:
         7e:c0:59:92:f0:9e:c1:65:85:f5:bf:e7:87:ba:56:a2:6f:9a:
         dc:fe:b0:cd:b2:0b:5a:39:1d:c5:ef:d5:f6:69:89:45:b3:40:
         09:f4:f3:4c:05:12:86:8a:e2:87:6d:26:5b:b7:ac:6a:61:f1:
         53:75:0a:b0:a4:66:41:ee:a2:bc:41:17:07:19:11:d2:e2:01:
         f0:f1:20:f0:71:4f:dc:27:36:b6:23:8d:cd:a5:19:c1:c8:71:
         80:90:9e:a0:6a:b3:25:b3:c9:88:9a:34:c7:00:bd:e4:8c:f0:
         bb:00:22:4e:b2:26:0f:71:c3:1e:51:ad:40:94:a8:6c:8d:35:
         5d:34:04:6c:4f:99:82:a2:10:f3:a9:b0:ba:63:d1:85:e8:19:
         51:eb:53:c3:fd:75:89:37:c8:ae:2c:0e:d3:5f:7d:2d:be:8b:
         2f:6c:22:36:04:54:c1:0c:65:e5:56:46:a6:82:b6:0e:c8:be:
         6c:23:60:7a
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUUIlKoFMWD3d/yxbHypx6GSG6OtUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MDEyWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NWMzYzA5YTQ3ODM1ODhiNmZkNGJjZjYzZTc0YTZiZDlh
ODlhMTQyYmQwNTcxYTcyNGUwMDFhOWFlZDJhYmRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVzZLhLsphQgv/Yz8bL2JOoIoI+gde9xmP58Vd/YSqhTRE
lRrgsuccVF0S39GNeKiyHE5x7mMQQ0CK0dbFwhxzjF1LycRvSjS6TKaOGLcm+g19
ai2nC1I0VjMSr3l+/DIxYgt/sKNJtJDaip0W4U+E23eKL9Tu8ir/vnmUFR/PBwiw
gJCDshxytI2esc+DV9YmOAfgRfQ+sJdgbo2EIf108Vx7m/8vcGsW9II+d1sOwiAD
PiOsLVMj0Fjx/hJhcGJT55wukdu3d4tgsYWok1AFvOhc+2O0LE3xSg8FAdspWzsf
BMgQd+Uddd8IUaSY7xAIO999xoo6/l8VXEarmc9vAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUZnMShnA8cm1atc4dGm2eqbSNA1QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1MWNmNjI5LTNiNWMtNDQ0ZC1hNWEzLWM0OWJmZmNlYmUzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/vgDANBgkqhkiG9w0BAQsFAAOCAQEAqWeCEf4pYY1jdHKNlMST9eVQ
UbcyN3tH0ShHbGiON/DkN1yal5gTo9aR6nFXapwFDqIXH8RMbRYJLFN/CkupvKB7
wMIcq9JtfsBZkvCewWWF9b/nh7pWom+a3P6wzbILWjkdxe/V9mmJRbNACfTzTAUS
horih20mW7esamHxU3UKsKRmQe6ivEEXBxkR0uIB8PEg8HFP3Cc2tiONzaUZwchx
gJCeoGqzJbPJiJo0xwC95IzwuwAiTrImD3HDHlGtQJSobI01XTQEbE+ZgqIQ86mw
umPRhegZUetTw/11iTfIriwO0199Lb6LL2wiNgRUwQxl5VZGpoK2Dsi+bCNgeg==
-----END CERTIFICATE-----