Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abd74f01-0844-40c3-b6e5-ef0435c0830c.roa
File:                     abd74f01-0844-40c3-b6e5-ef0435c0830c.roa (raw, json)
Hash identifier:          8kbjYCwMG83wesO1Jv2M64IdUNfbYSmqP1gfoPM3owM=
Subject key identifier:   A1:B2:D2:BF:83:0B:2F:A6:77:06:AB:44:74:22:29:89:CB:EC:66:62
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E36E7C042B9C6A3D602E64F08BE982A23D3A4FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abd74f01-0844-40c3-b6e5-ef0435c0830c.roa
Signing time:             Tue 21 Oct 2025 00:41:36 +0000
ROA not before:           Tue 21 Oct 2025 00:41:36 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:2000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:36:e7:c0:42:b9:c6:a3:d6:02:e6:4f:08:be:98:2a:23:d3:a4:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:41:36 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=4097beaadafcd3794475784a7c3d2c8c667b98d55d323d7e74c0c8af24c404db, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bc:de:b8:97:52:37:cb:6a:77:d1:36:97:6c:
                    65:47:be:13:d6:59:5f:4c:e5:02:ff:72:e4:40:67:
                    46:7c:c4:ea:87:fb:5b:3a:90:de:72:74:bb:04:f8:
                    7c:41:9a:d9:1e:da:36:bd:58:86:20:f2:e5:1c:db:
                    fa:88:05:ef:be:ac:63:94:b6:9e:3a:50:68:b0:01:
                    ab:0f:6d:a7:a6:dc:14:29:bd:3d:07:8c:44:16:76:
                    1c:1a:b7:40:20:dc:69:08:4d:46:27:34:d7:da:08:
                    3a:8c:1b:b3:4c:a6:9b:bf:4f:18:9c:60:d1:b8:57:
                    c3:e8:73:4c:60:8d:27:6d:5c:fd:48:3f:3c:dd:a6:
                    d7:8c:a1:a5:72:88:34:3b:fd:ef:0d:c9:1d:58:e8:
                    ca:97:0f:91:0e:24:1a:de:e3:5a:35:82:4f:11:39:
                    00:a1:fc:4e:26:e4:fb:85:33:81:ff:ce:f8:6c:a9:
                    ab:fe:59:25:fe:51:50:84:54:06:09:7a:e3:0f:36:
                    4d:38:a8:fb:1d:be:a4:da:c0:5f:0a:97:27:e2:52:
                    23:75:20:36:fc:a3:e9:87:7d:d3:bf:e8:3c:e2:23:
                    90:c8:05:77:16:fe:84:cf:e7:ed:c7:73:53:d1:bb:
                    ec:01:f5:67:60:67:f0:b2:fc:41:45:9a:91:25:17:
                    c8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:B2:D2:BF:83:0B:2F:A6:77:06:AB:44:74:22:29:89:CB:EC:66:62
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/abd74f01-0844-40c3-b6e5-ef0435c0830c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         70:5b:5a:82:ea:29:cb:8b:bf:c6:84:c1:8d:68:1d:11:4f:03:
         03:d4:be:61:2d:e7:8e:6a:d2:0f:f6:3a:7f:6d:59:db:4f:3f:
         5a:dc:e2:fc:32:71:e3:c2:c2:bf:a1:3a:07:a7:c9:b1:42:12:
         1a:1e:db:0d:18:b2:78:83:48:9f:22:18:b2:01:75:e2:7d:ad:
         f1:7e:af:98:82:48:35:2c:2b:b3:d0:46:30:51:8e:8a:af:dd:
         b4:c1:f2:d4:bc:7e:df:e4:42:b5:0f:fa:c5:81:c6:b1:fd:a4:
         75:e1:8c:11:42:af:cc:3d:3d:48:37:32:e1:ce:7f:04:a1:2e:
         19:d3:07:79:c2:e4:b1:87:6c:3c:1f:23:0d:c3:fe:7b:6d:f5:
         c1:fd:9c:02:42:1d:90:c8:1e:c0:9c:6c:63:e4:f4:f7:b4:62:
         46:62:91:f7:46:ac:a2:97:f3:49:d3:a3:52:08:9d:af:8a:4d:
         42:eb:a6:71:82:4b:a9:c9:53:56:09:da:23:cf:a7:aa:db:cc:
         bc:30:c0:8a:18:18:be:17:c1:bb:cc:59:55:66:2a:0c:e6:57:
         38:4e:df:af:08:fe:a7:7a:75:28:09:de:30:b9:37:33:ff:35:
         27:c1:cd:bb:e5:1d:8e:7d:9d:d4:b9:a7:ee:1c:ba:68:8b:f7:
         e9:a2:63:ed
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPjbnwEK5xqPWAuZPCL6YKiPTpPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MTM2WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDk3YmVhYWRhZmNkMzc5NDQ3NTc4NGE3YzNkMmM4YzY2
N2I5OGQ1NWQzMjNkN2U3NGMwYzhhZjI0YzQwNGRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQvN64l1I3y2p30TaXbGVHvhPWWV9M5QL/cuRAZ0Z8xOqH
+1s6kN5ydLsE+HxBmtke2ja9WIYg8uUc2/qIBe++rGOUtp46UGiwAasPbaem3BQp
vT0HjEQWdhwat0Ag3GkITUYnNNfaCDqMG7NMppu/TxicYNG4V8Poc0xgjSdtXP1I
PzzdpteMoaVyiDQ7/e8NyR1Y6MqXD5EOJBre41o1gk8ROQCh/E4m5PuFM4H/zvhs
qav+WSX+UVCEVAYJeuMPNk04qPsdvqTawF8KlyfiUiN1IDb8o+mHfdO/6DziI5DI
BXcW/oTP5+3Hc1PRu+wB9WdgZ/Cy/EFFmpElF8h1AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUobLSv4MLL6Z3BqtEdCIpicvsZmIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FiZDc0ZjAxLTA4NDQtNDBjMy1iNmU1LWVmMDQzNWMwODMwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gIDANBgkqhkiG9w0BAQsFAAOCAQEAcFtaguopy4u/xoTBjWgdEU8D
A9S+YS3njmrSD/Y6f21Z208/Wtzi/DJx48LCv6E6B6fJsUISGh7bDRiyeINInyIY
sgF14n2t8X6vmIJINSwrs9BGMFGOiq/dtMHy1Lx+3+RCtQ/6xYHGsf2kdeGMEUKv
zD09SDcy4c5/BKEuGdMHecLksYdsPB8jDcP+e231wf2cAkIdkMgewJxsY+T097Ri
RmKR90asopfzSdOjUgidr4pNQuumcYJLqclTVgnaI8+nqtvMvDDAihgYvhfBu8xZ
VWYqDOZXOE7frwj+p3p1KAneMLk3M/81J8HNu+Udjn2d1Lmn7hy6aIv36aJj7Q==
-----END CERTIFICATE-----