Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa
File:                     c88bc903-16fc-4d37-9398-665b5419307e.roa (raw, json)
Hash identifier:          EnJ259fjwn4chfGIgvcaoyQv06a+NvQdQZhblBGo4Ok=
Subject key identifier:   11:A7:F7:B2:6A:7A:99:81:1F:6F:84:60:8A:4F:1E:27:69:4A:61:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0DBCD1CCF7D6489F267CA80064E464697DFD48B4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa
Signing time:             Wed 22 Oct 2025 00:30:12 +0000
ROA not before:           Wed 22 Oct 2025 00:30:12 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f68:4000::/39 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:bc:d1:cc:f7:d6:48:9f:26:7c:a8:00:64:e4:64:69:7d:fd:48:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:30:12 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=58a5f9833815010460eb8ec1e85573fcc75ed1d8a1aecf935cd6d637231117bd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0d:29:dd:cb:ba:9a:f2:34:41:1d:cb:65:ca:
                    c2:ab:2f:19:91:e2:77:2e:50:40:0e:70:f6:5b:e4:
                    54:2b:99:4d:7b:38:70:44:e8:fc:44:7b:25:53:cf:
                    56:f7:8b:24:95:82:43:09:77:83:6d:21:11:65:75:
                    9a:ca:bb:a4:2e:b2:c8:75:5d:a3:90:90:1c:13:3a:
                    ab:1b:16:01:6d:0c:1e:14:ee:46:ed:68:6b:b9:92:
                    fc:7d:46:1b:91:c0:a3:e1:c4:c9:23:cb:3f:90:b4:
                    93:c1:8d:a7:82:a1:6b:44:d5:fc:25:86:4c:83:ec:
                    9e:9e:4c:75:d3:a2:8e:19:50:8e:84:b9:16:9c:53:
                    12:44:03:ee:27:db:53:80:c6:2a:25:d7:2f:1b:c2:
                    c3:f2:8e:34:20:41:55:ed:a6:1d:29:b2:fd:65:a3:
                    43:fb:ac:ef:f8:58:32:62:76:ab:2f:2b:b0:54:4e:
                    b1:bb:70:88:10:bf:64:9a:69:1d:bb:94:51:e7:b2:
                    b0:09:10:d1:80:66:6e:55:ba:1e:c3:d6:d3:51:bb:
                    c4:72:2b:32:a1:f4:a8:31:9c:e5:12:81:b5:cd:2d:
                    f9:4d:a2:fa:7d:fc:54:bc:ac:7e:e0:80:53:44:19:
                    71:cb:ed:a2:3d:13:d1:30:c9:13:73:35:1a:21:b1:
                    c5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A7:F7:B2:6A:7A:99:81:1F:6F:84:60:8A:4F:1E:27:69:4A:61:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c88bc903-16fc-4d37-9398-665b5419307e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f68:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         83:80:9b:a6:fd:5a:e3:04:51:d2:8f:7f:4e:cd:03:d9:a1:72:
         29:dc:73:5d:75:1d:e1:35:7c:2c:8e:2e:7e:a1:5e:a6:01:de:
         0b:1b:24:f7:ae:8a:ae:d1:30:fd:e1:fb:c1:66:5c:a2:5e:19:
         25:e1:68:a5:ac:18:67:21:91:6c:7e:fe:44:ae:25:45:50:1b:
         f5:5e:ac:f6:ac:84:aa:10:ba:3b:9a:b3:3e:f8:d1:5c:36:36:
         db:d5:09:34:46:9a:df:82:dd:47:32:39:11:33:82:57:0e:70:
         88:65:8a:42:d8:78:af:8d:85:0d:1c:03:46:62:48:13:01:b1:
         5a:b6:40:c5:12:3e:41:85:00:8f:e8:e6:6e:95:6c:a3:57:5a:
         23:93:3f:72:ed:69:43:b9:d1:be:d3:e0:94:78:d0:ea:02:36:
         66:b4:89:3c:2c:b8:6c:78:10:63:fb:95:6b:4f:b7:c8:f6:3d:
         26:a5:e4:dc:2a:4f:00:b4:3e:bf:a5:9a:ca:ce:84:b1:37:31:
         1b:b3:7a:18:cf:72:91:0b:e6:92:35:5a:de:53:9b:f0:cc:f2:
         f0:33:30:9f:52:12:f6:d4:3b:d0:be:c3:d4:0b:27:de:56:f8:
         91:6a:47:26:98:4a:7b:7c:4b:72:70:34:43:67:1a:9b:42:32:
         ed:43:d2:6b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUDbzRzPfWSJ8mfKgAZORkaX39SLQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAzMDEyWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1OGE1Zjk4MzM4MTUwMTA0NjBlYjhlYzFlODU1NzNmY2M3
NWVkMWQ4YTFhZWNmOTM1Y2Q2ZDYzNzIzMTExN2JkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqDSndy7qa8jRBHctlysKrLxmR4ncuUEAOcPZb5FQrmU17
OHBE6PxEeyVTz1b3iySVgkMJd4NtIRFldZrKu6Qussh1XaOQkBwTOqsbFgFtDB4U
7kbtaGu5kvx9RhuRwKPhxMkjyz+QtJPBjaeCoWtE1fwlhkyD7J6eTHXToo4ZUI6E
uRacUxJEA+4n21OAxiol1y8bwsPyjjQgQVXtph0psv1lo0P7rO/4WDJidqsvK7BU
TrG7cIgQv2SaaR27lFHnsrAJENGAZm5Vuh7D1tNRu8RyKzKh9KgxnOUSgbXNLflN
ovp9/FS8rH7ggFNEGXHL7aI9E9EwyRNzNRohscXRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUEaf3smp6mYEfb4Rgik8eJ2lKYe0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M4OGJjOTAzLTE2ZmMtNGQzNy05Mzk4LTY2NWI1NDE5MzA3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB9oQDANBgkqhkiG9w0BAQsFAAOCAQEAg4Cbpv1a4wRR0o9/Ts0D2aFy
KdxzXXUd4TV8LI4ufqFepgHeCxsk966KrtEw/eH7wWZcol4ZJeFopawYZyGRbH7+
RK4lRVAb9V6s9qyEqhC6O5qzPvjRXDY229UJNEaa34LdRzI5ETOCVw5wiGWKQth4
r42FDRwDRmJIEwGxWrZAxRI+QYUAj+jmbpVso1daI5M/cu1pQ7nRvtPglHjQ6gI2
ZrSJPCy4bHgQY/uVa0+3yPY9JqXk3CpPALQ+v6Ways6EsTcxG7N6GM9ykQvmkjVa
3lOb8Mzy8DMwn1IS9tQ70L7D1Asn3lb4kWpHJphKe3xLcnA0Q2cam0Iy7UPSaw==
-----END CERTIFICATE-----