Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bca413bd-7320-44f7-a129-8a68742a9485.roa
File:                     bca413bd-7320-44f7-a129-8a68742a9485.roa (raw, json)
Hash identifier:          N6V6hFGWRhIrPYoJU07TX5tIVkXHVpUjMxHu+aufc2Y=
Subject key identifier:   4C:57:9E:AC:C5:02:E4:50:91:A5:96:0A:BD:B3:30:D7:71:3A:76:35
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0E997690C7C80CA1F86A3E38C7B037BEF63D56E7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bca413bd-7320-44f7-a129-8a68742a9485.roa
Signing time:             Sun 26 Oct 2025 00:11:25 +0000
ROA not before:           Sun 26 Oct 2025 00:11:25 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2620:107:4004::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:99:76:90:c7:c8:0c:a1:f8:6a:3e:38:c7:b0:37:be:f6:3d:56:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:11:25 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=913e8ef4d3801f0a16c82c696d7bcd237009cbd41c82fb621e1a5db99625dbd0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:62:a7:d6:27:c5:48:78:1b:11:79:84:00:45:
                    31:f7:d2:1c:79:10:44:69:f5:0b:fc:65:2a:53:0b:
                    ee:77:d7:eb:f1:fc:36:6e:e7:a5:3f:7b:e5:22:e6:
                    15:ae:f2:db:06:eb:61:f0:1a:8e:30:75:79:4c:2a:
                    07:c7:d2:17:d1:55:86:e9:78:c5:d3:ca:ac:54:2e:
                    85:31:70:dd:ff:57:a9:9d:d2:15:63:72:38:4a:d3:
                    c7:dd:62:de:f6:0e:69:39:9d:ef:c5:76:97:0b:64:
                    82:10:a0:b4:b4:e6:39:f9:af:4f:96:92:03:37:f9:
                    5c:88:d1:83:2d:0c:08:22:1d:8f:d1:22:7e:36:d9:
                    bc:43:1b:ec:ae:c0:77:2e:96:9d:86:6d:40:bd:86:
                    79:a9:77:fa:a4:0a:d1:54:2d:92:ef:f5:ab:bd:34:
                    f4:ee:32:c7:07:14:55:d5:3f:ae:1c:5a:18:0f:70:
                    ea:01:50:f8:0b:dc:46:a6:b2:80:c8:0b:3b:6c:92:
                    4a:e5:7a:39:3a:f2:71:3e:f0:2c:bb:26:4c:58:17:
                    a8:3d:ca:d6:1b:79:09:4e:d8:d5:f5:c6:28:32:ca:
                    7b:22:4a:17:2e:99:98:36:0f:dc:0b:61:93:80:56:
                    62:d5:e1:57:2f:45:c2:f0:f1:9f:b6:f3:fd:4f:c2:
                    f1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:57:9E:AC:C5:02:E4:50:91:A5:96:0A:BD:B3:30:D7:71:3A:76:35
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bca413bd-7320-44f7-a129-8a68742a9485.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:107:4004::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:c3:1b:e9:d2:46:ff:5c:50:b5:9e:d0:b7:cf:a5:9e:ce:ab:
         94:af:39:36:d1:69:63:9b:42:58:52:51:06:85:f4:6c:21:07:
         de:e1:14:9a:1d:f5:54:d9:78:40:74:59:4e:a9:33:4c:9f:e4:
         09:e9:a2:7e:e4:b5:5e:88:ed:13:bb:3a:19:9d:4e:a7:68:00:
         db:d4:86:93:89:2c:97:e3:de:15:39:ad:83:21:fb:ee:44:6a:
         4b:4c:b4:3c:ba:37:95:61:87:bc:01:08:f8:61:8a:b2:28:a4:
         78:98:33:2b:8a:2a:c6:ac:6c:06:a4:95:1d:c5:33:0b:01:0a:
         08:b9:98:4f:bf:3f:78:75:ab:b3:d3:e9:0c:62:7f:6a:3b:d4:
         96:09:45:bf:51:94:d5:c1:59:87:d2:73:d1:09:28:ff:dd:5f:
         a4:48:6f:8b:d2:c0:a2:99:15:0d:55:ba:ee:c4:8c:a0:3f:4b:
         15:1f:3d:ac:58:35:ae:6a:12:d4:cd:3c:31:b8:6e:87:1e:01:
         4b:04:05:1f:47:a4:cb:89:10:11:4b:73:d2:14:9b:26:80:8b:
         b9:75:42:73:81:0a:e3:39:d5:8e:87:eb:c1:f2:e1:02:58:1e:
         cb:24:77:37:a0:7a:f1:45:c0:5c:93:2f:24:be:bc:9b:56:c6:
         23:57:c5:35
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUDpl2kMfIDKH4aj44x7A3vvY9VucwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAxMTI1WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTNlOGVmNGQzODAxZjBhMTZjODJjNjk2ZDdiY2QyMzcw
MDljYmQ0MWM4MmZiNjIxZTFhNWRiOTk2MjVkYmQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlYqfWJ8VIeBsReYQARTH30hx5EERp9Qv8ZSpTC+531+vx
/DZu56U/e+Ui5hWu8tsG62HwGo4wdXlMKgfH0hfRVYbpeMXTyqxULoUxcN3/V6md
0hVjcjhK08fdYt72Dmk5ne/FdpcLZIIQoLS05jn5r0+WkgM3+VyI0YMtDAgiHY/R
In422bxDG+yuwHculp2GbUC9hnmpd/qkCtFULZLv9au9NPTuMscHFFXVP64cWhgP
cOoBUPgL3EamsoDICztskkrlejk68nE+8Cy7JkxYF6g9ytYbeQlO2NX1xigyynsi
ShcumZg2D9wLYZOAVmLV4VcvRcLw8Z+28/1PwvFnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUTFeerMUC5FCRpZYKvbMw13E6djUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JjYTQxM2JkLTczMjAtNDRmNy1hMTI5LThhNjg3NDJhOTQ4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmIAEHQAQwDQYJKoZIhvcNAQELBQADggEBALTDG+nSRv9cULWe0LfPpZ7O
q5SvOTbRaWObQlhSUQaF9GwhB97hFJod9VTZeEB0WU6pM0yf5Anpon7ktV6I7RO7
OhmdTqdoANvUhpOJLJfj3hU5rYMh++5EaktMtDy6N5Vhh7wBCPhhirIopHiYMyuK
KsasbAaklR3FMwsBCgi5mE+/P3h1q7PT6Qxif2o71JYJRb9RlNXBWYfSc9EJKP/d
X6RIb4vSwKKZFQ1Vuu7EjKA/SxUfPaxYNa5qEtTNPDG4boceAUsEBR9HpMuJEBFL
c9IUmyaAi7l1QnOBCuM51Y6H68Hy4QJYHsskdzegevFFwFyTLyS+vJtWxiNXxTU=
-----END CERTIFICATE-----