Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af984960-fb9e-452a-9faf-e307203c1b94.roa
File:                     af984960-fb9e-452a-9faf-e307203c1b94.roa (raw, json)
Hash identifier:          tUG2b1TTaoC4A/7Mnj/Qsmcl9bL4i8mxAnXPffYbfxE=
Subject key identifier:   AD:D5:E2:C8:6E:60:D2:D0:55:8F:41:75:93:71:8F:44:CD:6F:FD:99
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6191771DFB95BB558E9E0E047D27F7EE44FCA259
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af984960-fb9e-452a-9faf-e307203c1b94.roa
Signing time:             Sun 02 Nov 2025 00:10:07 +0000
ROA not before:           Sun 02 Nov 2025 00:10:07 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:8000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:91:77:1d:fb:95:bb:55:8e:9e:0e:04:7d:27:f7:ee:44:fc:a2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:10:07 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=1e602f0dbf03e7f4161f3184b9b4bacdf79e3a2c5b12a95784f3f03443f6691b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8a:22:1f:34:df:f1:69:ba:fa:d9:7c:a9:b0:
                    11:55:1e:ca:70:f3:46:b9:a4:b9:3f:e3:9e:30:d7:
                    8d:20:28:43:27:ca:f2:42:8e:68:bc:af:05:30:cb:
                    d4:02:82:98:b1:f9:12:c7:86:e0:cc:90:e4:c1:25:
                    8c:45:1f:bf:07:2a:f7:75:d1:9a:56:16:fb:8c:7c:
                    9c:5e:35:28:9d:5d:c9:94:cd:b1:b0:eb:98:af:5e:
                    90:7e:f9:42:d7:23:11:23:91:a1:6d:e5:63:d0:03:
                    25:7b:f9:77:ae:cc:1f:94:5c:b1:36:93:70:60:cb:
                    e0:0c:f1:36:b0:6e:f9:07:c4:f5:77:74:b6:4c:6b:
                    30:45:eb:a8:a2:6b:7e:b0:27:b7:e9:32:fb:04:9d:
                    87:dd:3d:11:67:70:4d:b3:c0:8f:0f:0e:33:90:59:
                    4b:38:0c:c6:11:50:77:c5:d0:bf:30:6e:a2:03:66:
                    c9:9a:21:5b:3f:cf:1b:4e:d3:13:19:52:a8:2b:90:
                    ec:f2:4c:e5:48:03:8c:7f:62:a4:81:4e:80:05:b5:
                    cf:88:5d:ff:39:39:1a:96:f0:5c:0d:d2:00:17:ab:
                    68:ef:02:e5:4e:91:91:be:2a:c4:43:fc:a8:12:7d:
                    f1:2a:bc:28:76:cc:fb:65:73:e7:b9:07:cd:54:58:
                    f5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D5:E2:C8:6E:60:D2:D0:55:8F:41:75:93:71:8F:44:CD:6F:FD:99
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af984960-fb9e-452a-9faf-e307203c1b94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         7d:51:07:a6:4f:7b:91:f6:57:18:99:1b:55:00:fd:65:bb:5e:
         fc:c2:80:a4:f6:f1:d7:ae:a4:01:f4:98:6e:1d:4c:91:38:af:
         f3:50:07:0f:71:50:43:f6:f0:7a:6f:57:1a:72:ee:ed:ea:46:
         7c:03:0d:7d:73:7b:99:7a:9e:2d:08:d5:60:d3:9a:3e:af:ce:
         3f:4c:fb:07:72:0f:07:1e:aa:47:ff:a3:cd:ec:08:28:96:73:
         25:f3:e5:1c:c7:2d:7f:e2:5c:d5:c7:55:80:f0:b6:57:44:fd:
         ff:cd:90:ce:2c:aa:b5:70:b8:7d:b0:85:48:e4:ec:5d:43:88:
         e9:a3:95:02:8b:00:b4:a6:55:f5:b8:b2:5d:4c:db:4e:2d:52:
         48:f5:0c:6c:7e:74:cd:c9:9e:8c:28:57:a1:fb:8d:7b:8f:50:
         e3:79:9c:9f:de:6b:a5:38:54:18:67:1d:45:40:e7:2b:a0:b9:
         d3:e5:1f:f1:84:68:7f:4d:4a:1c:54:b4:0c:e0:ad:06:9f:a5:
         bf:40:1a:59:ff:e5:60:86:91:99:96:4d:cb:ba:d9:a9:68:48:
         2f:6a:d5:93:f3:4a:bd:36:c0:a0:79:db:8b:1c:72:26:64:6b:
         c4:cd:0e:4a:3c:a7:4e:7d:1a:ea:7c:01:af:fe:e8:02:bb:e1:
         c2:ef:ad:15
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUYZF3HfuVu1WOng4EfSf37kT8olkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAxMDA3WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTYwMmYwZGJmMDNlN2Y0MTYxZjMxODRiOWI0YmFjZGY3
OWUzYTJjNWIxMmE5NTc4NGYzZjAzNDQzZjY2OTFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEiiIfNN/xabr62XypsBFVHspw80a5pLk/454w140gKEMn
yvJCjmi8rwUwy9QCgpix+RLHhuDMkOTBJYxFH78HKvd10ZpWFvuMfJxeNSidXcmU
zbGw65ivXpB++ULXIxEjkaFt5WPQAyV7+XeuzB+UXLE2k3Bgy+AM8TawbvkHxPV3
dLZMazBF66iia36wJ7fpMvsEnYfdPRFncE2zwI8PDjOQWUs4DMYRUHfF0L8wbqID
ZsmaIVs/zxtO0xMZUqgrkOzyTOVIA4x/YqSBToAFtc+IXf85ORqW8FwN0gAXq2jv
AuVOkZG+KsRD/KgSffEqvCh2zPtlc+e5B81UWPXBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUrdXiyG5g0tBVj0F1k3GPRM1v/ZkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmOTg0OTYwLWZiOWUtNDUyYS05ZmFmLWUzMDcyMDNjMWI5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB8ygDANBgkqhkiG9w0BAQsFAAOCAQEAfVEHpk97kfZXGJkbVQD9Zbte
/MKApPbx166kAfSYbh1MkTiv81AHD3FQQ/bwem9XGnLu7epGfAMNfXN7mXqeLQjV
YNOaPq/OP0z7B3IPBx6qR/+jzewIKJZzJfPlHMctf+Jc1cdVgPC2V0T9/82Qziyq
tXC4fbCFSOTsXUOI6aOVAosAtKZV9biyXUzbTi1SSPUMbH50zcmejChXofuNe49Q
43mcn95rpThUGGcdRUDnK6C50+Uf8YRof01KHFS0DOCtBp+lv0AaWf/lYIaRmZZN
y7rZqWhIL2rVk/NKvTbAoHnbixxyJmRrxM0OSjynTn0a6nwBr/7oArvhwu+tFQ==
-----END CERTIFICATE-----