Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9df526d6-2843-463e-9ea7-c558b6deb39e.roa
File:                     9df526d6-2843-463e-9ea7-c558b6deb39e.roa (raw, json)
Hash identifier:          /RJk8neWE18X4/e0iimUi02ZFAwXw5DNE3RqlmpZPBo=
Subject key identifier:   8C:3F:AE:B4:94:29:62:0A:D7:3A:33:B6:2A:9B:DC:A1:13:37:96:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63410E2246EFCB649AF97FEE1665D0D0AC0CBCE3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9df526d6-2843-463e-9ea7-c558b6deb39e.roa
Signing time:             Sat 18 Oct 2025 02:00:03 +0000
ROA not before:           Sat 18 Oct 2025 02:00:03 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:4000::/39 maxlen: 39
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:41:0e:22:46:ef:cb:64:9a:f9:7f:ee:16:65:d0:d0:ac:0c:bc:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:00:03 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=10e8a122ade9c0b1097aeaf2aa0a52d225989aff794257152af7a53965b240b3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:84:2a:14:86:54:79:56:58:fd:77:9e:84:9d:
                    c8:9f:f7:af:02:57:e6:cd:dd:af:f7:18:25:08:1c:
                    41:ff:97:1c:a5:05:46:7e:6d:01:41:63:b9:34:1a:
                    25:7a:22:01:92:81:f5:1c:f4:12:f6:ed:94:51:b9:
                    eb:c9:e6:07:1e:f9:11:eb:e4:86:91:93:27:54:c3:
                    d0:58:ff:56:6d:c0:79:26:80:8c:74:f3:fe:8e:9c:
                    60:09:ce:a3:dc:18:91:9b:e5:4f:6c:c1:66:40:30:
                    e8:8e:d5:2c:14:65:81:4b:5b:c0:bf:f8:d4:ca:1c:
                    55:ed:49:20:20:70:50:58:26:5e:c2:fc:32:48:64:
                    63:25:1f:47:21:9a:63:f5:f5:53:e8:51:9a:b7:29:
                    21:44:83:80:fb:dd:48:d2:e3:3e:58:6f:60:c1:32:
                    23:1a:46:84:a7:c3:4f:70:a8:9b:58:64:9d:e6:cb:
                    3d:99:41:bb:92:d3:58:e1:5a:5a:05:80:8f:af:8a:
                    34:61:05:03:af:16:54:24:67:80:ac:bc:45:9b:bb:
                    40:a8:09:73:3e:63:c6:ce:d0:5c:0f:0d:2f:7c:cb:
                    2b:29:6e:5d:df:29:f2:9d:fa:20:e2:43:5b:b3:c7:
                    4f:a4:6c:07:1c:1b:6b:29:61:07:f2:d6:c4:7a:5e:
                    d8:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:3F:AE:B4:94:29:62:0A:D7:3A:33:B6:2A:9B:DC:A1:13:37:96:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9df526d6-2843-463e-9ea7-c558b6deb39e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         cb:04:88:e3:c4:2a:a2:e3:f0:1e:d1:6d:b5:05:35:60:4c:aa:
         a0:11:33:2a:e2:11:04:46:e1:8f:61:3f:a8:e2:f1:96:15:39:
         b9:80:90:c5:4c:d5:00:aa:f6:e3:83:d8:8c:f7:69:b9:04:22:
         ac:bc:84:7d:1e:39:b4:2d:4d:08:d5:fa:ef:60:13:72:ac:18:
         a6:77:e1:5c:c4:2b:04:28:4f:b8:5b:a8:97:28:1c:63:d7:a2:
         b0:7f:be:16:74:01:8b:db:10:54:7d:a8:ab:e6:39:13:c3:4b:
         0e:03:41:e9:2c:e0:a3:fb:bc:a2:69:2c:7e:51:90:00:20:2b:
         6b:27:68:8b:0d:e3:f2:9c:41:c1:4f:f2:2a:d5:29:9b:1a:0d:
         1a:2b:7f:88:29:af:cb:fa:dd:5d:47:3b:ce:d0:e7:06:35:84:
         0e:dc:15:58:db:8a:3e:c0:52:0f:9f:55:fb:6d:54:5f:8f:2d:
         52:a0:5b:90:33:5f:d2:02:f3:9d:c3:1e:c5:1d:53:07:17:aa:
         e6:0c:b1:03:72:e2:80:63:fa:2c:12:14:0a:e2:e5:a1:bd:aa:
         57:d9:f6:3a:28:82:ca:36:01:c9:97:2a:17:d3:7c:11:93:64:
         41:28:e4:e0:6d:1b:fe:65:d3:7a:5b:c0:8c:6e:da:bc:40:03:
         70:dc:c5:e0
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUY0EOIkbvy2Sa+X/uFmXQ0KwMvOMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIwMDAzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMGU4YTEyMmFkZTljMGIxMDk3YWVhZjJhYTBhNTJkMjI1
OTg5YWZmNzk0MjU3MTUyYWY3YTUzOTY1YjI0MGIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOhCoUhlR5Vlj9d56Encif968CV+bN3a/3GCUIHEH/lxyl
BUZ+bQFBY7k0GiV6IgGSgfUc9BL27ZRRuevJ5gce+RHr5IaRkydUw9BY/1ZtwHkm
gIx08/6OnGAJzqPcGJGb5U9swWZAMOiO1SwUZYFLW8C/+NTKHFXtSSAgcFBYJl7C
/DJIZGMlH0chmmP19VPoUZq3KSFEg4D73UjS4z5Yb2DBMiMaRoSnw09wqJtYZJ3m
yz2ZQbuS01jhWloFgI+vijRhBQOvFlQkZ4CsvEWbu0CoCXM+Y8bO0FwPDS98yysp
bl3fKfKd+iDiQ1uzx0+kbAccG2spYQfy1sR6XtjVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUjD+utJQpYgrXOjO2KpvcoRM3lgMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkZjUyNmQ2LTI4NDMtNDYzZS05ZWE3LWM1NThiNmRlYjM5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB84QDANBgkqhkiG9w0BAQsFAAOCAQEAywSI48QqouPwHtFttQU1YEyq
oBEzKuIRBEbhj2E/qOLxlhU5uYCQxUzVAKr244PYjPdpuQQirLyEfR45tC1NCNX6
72ATcqwYpnfhXMQrBChPuFuolygcY9eisH++FnQBi9sQVH2oq+Y5E8NLDgNB6Szg
o/u8omksflGQACAraydoiw3j8pxBwU/yKtUpmxoNGit/iCmvy/rdXUc7ztDnBjWE
DtwVWNuKPsBSD59V+21UX48tUqBbkDNf0gLzncMexR1TBxeq5gyxA3LigGP6LBIU
CuLlob2qV9n2OiiCyjYByZcqF9N8EZNkQSjk4G0b/mXTelvAjG7avEADcNzF4A==
-----END CERTIFICATE-----