Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17403c26-dfc9-4063-8d3e-9c868da268b1.roa
File:                     17403c26-dfc9-4063-8d3e-9c868da268b1.roa (raw, json)
Hash identifier:          cdfMgDjO5bPaetop78F+47G3laTGC/c1DmFuV73L1j4=
Subject key identifier:   61:6D:0B:14:7E:3A:FB:9B:AB:1B:C4:DE:B8:AD:5E:D9:4C:AF:CC:B7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A242A041430B152018A3C58806CB81FF807E2B6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17403c26-dfc9-4063-8d3e-9c868da268b1.roa
Signing time:             Fri 10 Oct 2025 00:11:16 +0000
ROA not before:           Fri 10 Oct 2025 00:11:16 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:a400::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:24:2a:04:14:30:b1:52:01:8a:3c:58:80:6c:b8:1f:f8:07:e2:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:11:16 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=117e7eecdb6f03710ed3ae8af1339d9008919b5b50d6a683706e2ce8149e290e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:3b:25:43:d6:de:2f:0d:95:1c:9e:15:ff:23:
                    2d:a3:37:77:d0:68:52:f1:4b:ee:0c:6d:24:76:37:
                    20:d4:d5:75:ef:e2:dc:80:97:c5:4e:44:76:a0:60:
                    c3:f0:97:5f:6d:bc:f7:ca:1a:64:16:30:c4:fc:e7:
                    4f:c9:99:04:b1:2f:80:85:24:27:1e:b2:ec:58:8e:
                    ee:74:66:d1:2b:2d:bd:0b:77:a9:e0:af:b1:a3:c0:
                    e4:95:94:4a:15:a2:3a:ba:d4:c3:3e:6b:9a:f8:b7:
                    52:fe:e4:08:ef:0c:4a:01:36:d7:7a:f0:ee:72:1c:
                    9c:64:15:13:c1:d6:eb:10:ff:8a:19:5a:3d:f8:75:
                    57:b7:3d:eb:82:8b:f2:94:39:2c:9c:64:e7:bd:10:
                    1c:bd:0a:ff:41:8a:42:76:79:b2:fa:70:8b:be:d1:
                    af:03:8d:4d:f2:7b:7d:78:62:c7:25:17:3b:92:cd:
                    0f:ac:bd:91:98:27:1d:96:0e:a8:d1:92:29:5b:94:
                    ca:62:05:e8:be:3b:d1:ed:6b:02:b1:a9:44:65:b3:
                    b0:bc:87:2a:22:c4:af:60:0c:b2:b7:24:26:28:b9:
                    99:3e:4e:32:cd:16:88:47:77:4f:88:81:3d:e8:fe:
                    23:c1:d1:dc:8d:48:5d:9b:2e:5d:a9:a0:65:8e:68:
                    84:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:6D:0B:14:7E:3A:FB:9B:AB:1B:C4:DE:B8:AD:5E:D9:4C:AF:CC:B7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17403c26-dfc9-4063-8d3e-9c868da268b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:a400::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:6c:9e:02:a4:46:cf:fc:bd:db:b0:49:e3:4e:8e:90:44:29:
         37:79:c5:60:cc:9d:71:8d:c5:16:68:9f:d4:12:46:5f:f4:e3:
         f3:8c:05:dd:bc:05:4a:02:75:f4:6a:c6:81:bb:c4:b1:27:bd:
         40:b6:e9:fb:2b:f1:01:a5:08:d3:12:d8:47:e2:fc:0e:d5:70:
         08:96:7f:5b:67:0b:1b:f3:fe:e0:2c:5f:a5:b2:64:7f:66:8c:
         20:b4:f9:17:c0:bc:06:85:c3:a2:64:bd:0d:73:ff:b3:51:18:
         36:6d:fd:31:fa:58:45:ed:06:6c:c6:5e:ec:d6:b7:8d:8c:28:
         0f:e1:10:9b:0f:81:24:8c:34:0b:b0:5c:2d:98:76:45:2b:06:
         a1:39:73:d2:92:51:53:6a:9e:f6:da:ec:54:ac:b7:7f:ea:c3:
         15:05:7b:60:1e:02:d7:16:d3:45:ca:ab:9a:4a:4f:fa:9d:d6:
         a5:76:c8:c4:c5:29:54:9f:c1:5b:a9:84:6a:b7:93:ef:d9:b6:
         3d:b7:fb:76:03:3f:67:d7:f7:bf:96:31:64:72:1f:e5:d3:91:
         34:88:fe:b8:0b:5b:22:dc:bd:4d:a2:59:9d:5b:bb:71:49:9c:
         7f:11:23:8a:2f:b5:3a:14:be:9d:7e:74:64:5a:f8:fb:06:85:
         26:2b:89:ed
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKiQqBBQwsVIBijxYgGy4H/gH4rYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAxMTE2WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTdlN2VlY2RiNmYwMzcxMGVkM2FlOGFmMTMzOWQ5MDA4
OTE5YjViNTBkNmE2ODM3MDZlMmNlODE0OWUyOTBlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeOyVD1t4vDZUcnhX/Iy2jN3fQaFLxS+4MbSR2NyDU1XXv
4tyAl8VORHagYMPwl19tvPfKGmQWMMT850/JmQSxL4CFJCcesuxYju50ZtErLb0L
d6ngr7GjwOSVlEoVojq61MM+a5r4t1L+5AjvDEoBNtd68O5yHJxkFRPB1usQ/4oZ
Wj34dVe3PeuCi/KUOSycZOe9EBy9Cv9BikJ2ebL6cIu+0a8DjU3ye314YsclFzuS
zQ+svZGYJx2WDqjRkilblMpiBei+O9HtawKxqURls7C8hyoixK9gDLK3JCYouZk+
TjLNFohHd0+IgT3o/iPB0dyNSF2bLl2poGWOaIRzAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUYW0LFH46+5urG8TeuK1e2UyvzLcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE3NDAzYzI2LWRmYzktNDA2My04ZDNlLTljODY4ZGEyNjhiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/2pAAwDQYJKoZIhvcNAQELBQADggEBAMZsngKkRs/8vduwSeNOjpBE
KTd5xWDMnXGNxRZon9QSRl/04/OMBd28BUoCdfRqxoG7xLEnvUC26fsr8QGlCNMS
2Efi/A7VcAiWf1tnCxvz/uAsX6WyZH9mjCC0+RfAvAaFw6JkvQ1z/7NRGDZt/TH6
WEXtBmzGXuzWt42MKA/hEJsPgSSMNAuwXC2YdkUrBqE5c9KSUVNqnvba7FSst3/q
wxUFe2AeAtcW00XKq5pKT/qd1qV2yMTFKVSfwVuphGq3k+/Ztj23+3YDP2fX97+W
MWRyH+XTkTSI/rgLWyLcvU2iWZ1bu3FJnH8RI4ovtToUvp1+dGRa+PsGhSYrie0=
-----END CERTIFICATE-----