Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de2acc05-058e-454c-bf61-f70e34b6d2ff.roa
File:                     de2acc05-058e-454c-bf61-f70e34b6d2ff.roa (raw, json)
Hash identifier:          /E8AZpKGeArGzMUDJFfB2g0C57cALcZ45FzhkF4IR3s=
Subject key identifier:   A8:D3:B8:46:9C:16:E8:B3:44:35:45:E4:59:81:ED:A9:7A:C7:40:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DFFE47763B4BCE0AE318BD960A0B22AD4C39197
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de2acc05-058e-454c-bf61-f70e34b6d2ff.roa
Signing time:             Tue 04 Nov 2025 00:20:06 +0000
ROA not before:           Tue 04 Nov 2025 00:20:06 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:4000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:ff:e4:77:63:b4:bc:e0:ae:31:8b:d9:60:a0:b2:2a:d4:c3:91:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:20:06 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=02e6dcddf475fd9d3cf275fbaec8abcfbee9e6efd4df990e47c32e6fb0deaf2e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f4:bc:5d:13:7b:0f:00:f3:88:30:55:72:f0:
                    eb:8e:83:e3:ad:26:6e:ee:21:8d:68:2c:f6:24:13:
                    1f:01:22:a7:4e:ee:71:5c:8b:f1:d5:a1:df:a2:01:
                    ce:89:f4:14:20:9b:f9:f7:f3:d6:01:4d:07:49:34:
                    c5:6e:0c:7d:94:52:01:c6:6f:49:94:39:9a:ff:5b:
                    a7:69:17:16:c3:8d:d2:7f:24:28:77:cf:59:c5:64:
                    78:b4:21:07:24:4e:c8:d6:70:90:3b:5d:a6:7b:9f:
                    c1:a8:3f:22:20:bb:ae:23:e0:a6:5c:a3:ef:e7:a1:
                    a7:71:e6:9b:80:66:8d:f3:a1:20:21:99:dc:c3:c7:
                    78:92:9d:c8:dd:cb:d8:20:89:27:db:6c:67:84:45:
                    00:a2:d6:03:22:04:ca:a3:2e:32:a1:ec:bd:ff:ad:
                    8e:17:97:4d:a3:2c:5c:b9:2e:d2:93:a7:88:58:44:
                    89:7c:bb:fe:bb:e8:87:8c:30:37:a9:86:5a:5d:4c:
                    ed:35:0d:78:1e:61:9b:ea:b6:a1:f7:ab:90:a0:3c:
                    e3:8f:78:f1:62:84:94:3c:3c:6f:5f:d8:78:98:81:
                    14:62:86:b7:09:7f:b3:fc:8a:0c:a9:2b:db:90:91:
                    42:a5:99:44:71:ec:ee:17:32:12:b2:ea:ce:0e:ed:
                    fe:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:D3:B8:46:9C:16:E8:B3:44:35:45:E4:59:81:ED:A9:7A:C7:40:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de2acc05-058e-454c-bf61-f70e34b6d2ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         8d:b8:14:58:2b:d8:06:93:f5:d3:29:61:72:ba:1c:8e:b9:fc:
         49:5b:21:81:48:e7:67:02:63:4c:f2:ab:f6:0d:a5:a3:30:03:
         96:da:37:dd:e7:b8:5b:f8:14:39:42:75:f0:e7:42:3f:36:8e:
         ce:c2:9b:ce:f1:d9:6e:f4:68:ea:7e:26:8d:61:f6:51:2b:5f:
         f9:34:2d:5b:cd:b3:f9:4c:81:20:88:62:98:dc:e3:0c:47:6b:
         5e:d4:b3:bb:a7:7f:d1:eb:97:d8:27:d7:65:59:01:83:ec:4c:
         dc:95:c0:7e:74:0d:4e:57:d6:84:ec:58:ca:c9:d8:0e:48:28:
         3f:c8:e7:e6:81:b3:aa:ac:17:6e:2e:8c:98:18:30:f4:e5:d0:
         9c:ac:9c:19:f5:3a:4c:e9:96:89:58:7b:90:92:b3:6b:c9:ec:
         3f:53:df:76:7e:88:3c:1a:2d:1d:e8:da:f3:03:37:a1:e4:a0:
         67:95:94:ea:f7:14:f1:99:75:bd:19:b1:f8:23:1e:60:d6:ce:
         9e:a8:7b:3e:cd:ac:0f:9a:c8:bd:dc:84:c3:bd:35:df:37:ec:
         fe:4a:a6:99:54:68:f3:d8:8a:67:e4:cd:0c:9d:f2:42:97:6e:
         1d:fd:da:20:61:e4:f9:16:48:bb:73:7f:94:e6:b4:25:71:f2:
         0d:1a:13:39
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPf/kd2O0vOCuMYvZYKCyKtTDkZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAyMDA2WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMmU2ZGNkZGY0NzVmZDlkM2NmMjc1ZmJhZWM4YWJjZmJl
ZTllNmVmZDRkZjk5MGU0N2MzMmU2ZmIwZGVhZjJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCS9LxdE3sPAPOIMFVy8OuOg+OtJm7uIY1oLPYkEx8BIqdO
7nFci/HVod+iAc6J9BQgm/n389YBTQdJNMVuDH2UUgHGb0mUOZr/W6dpFxbDjdJ/
JCh3z1nFZHi0IQckTsjWcJA7XaZ7n8GoPyIgu64j4KZco+/noadx5puAZo3zoSAh
mdzDx3iSncjdy9ggiSfbbGeERQCi1gMiBMqjLjKh7L3/rY4Xl02jLFy5LtKTp4hY
RIl8u/676IeMMDephlpdTO01DXgeYZvqtqH3q5CgPOOPePFihJQ8PG9f2HiYgRRi
hrcJf7P8igypK9uQkUKlmURx7O4XMhKy6s4O7f4RAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUqNO4RpwW6LNENUXkWYHtqXrHQOYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RlMmFjYzA1LTA1OGUtNDU0Yy1iZjYxLWY3MGUzNGI2ZDJmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/2QDANBgkqhkiG9w0BAQsFAAOCAQEAjbgUWCvYBpP10ylhcrocjrn8
SVshgUjnZwJjTPKr9g2lozADlto33ee4W/gUOUJ18OdCPzaOzsKbzvHZbvRo6n4m
jWH2UStf+TQtW82z+UyBIIhimNzjDEdrXtSzu6d/0euX2CfXZVkBg+xM3JXAfnQN
TlfWhOxYysnYDkgoP8jn5oGzqqwXbi6MmBgw9OXQnKycGfU6TOmWiVh7kJKza8ns
P1Pfdn6IPBotHeja8wM3oeSgZ5WU6vcU8Zl1vRmx+CMeYNbOnqh7Ps2sD5rIvdyE
w7013zfs/kqmmVRo89iKZ+TNDJ3yQpduHf3aIGHk+RZIu3N/lOa0JXHyDRoTOQ==
-----END CERTIFICATE-----