Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af499eea-e6b5-4a3f-92db-69be5753668f.roa
File:                     af499eea-e6b5-4a3f-92db-69be5753668f.roa (raw, json)
Hash identifier:          OJHjOjDdRB12neRZ0drbG+7KiLZ7dZOWYsMLddOFpdI=
Subject key identifier:   EF:9B:0D:EE:E9:53:C0:77:24:55:E1:EF:1A:E7:88:20:6B:DB:06:E3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0769AE68BB2E25D12E3F357EC81551C5DF427075
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af499eea-e6b5-4a3f-92db-69be5753668f.roa
Signing time:             Tue 07 Oct 2025 00:42:07 +0000
ROA not before:           Tue 07 Oct 2025 00:42:07 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1fbb:5000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:69:ae:68:bb:2e:25:d1:2e:3f:35:7e:c8:15:51:c5:df:42:70:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:42:07 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=4fe11fcfd679078bd7f9d5dd9c6c473a7fee22449290ef5adc9ffe23a1652e53, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b5:1a:1c:14:21:10:ea:b9:cb:f1:00:ce:13:
                    47:af:e9:74:2d:6c:0e:86:8e:11:34:5a:b7:02:38:
                    4f:b3:3c:ab:ae:60:cf:2c:9e:fc:10:f0:f2:c1:95:
                    13:d8:8a:43:7b:46:c7:56:b1:77:03:d9:c3:90:05:
                    b4:67:85:14:22:31:ea:0b:46:80:0c:5c:2c:1c:8b:
                    32:ea:0e:b3:2b:ad:dd:b1:91:2e:a3:bb:fc:fc:fa:
                    3e:08:88:54:8d:8f:ef:af:4d:b3:3e:7e:ad:1d:35:
                    6c:3c:de:28:2b:64:12:b0:11:1e:8f:db:f4:f1:da:
                    1b:88:37:43:c4:58:a7:0a:71:19:7d:74:5d:59:ea:
                    ee:45:96:c9:08:17:a4:1c:6c:36:cd:8b:27:f6:ea:
                    34:83:e7:4c:27:80:37:8f:aa:79:3e:b6:f2:f3:c9:
                    ad:06:a3:8d:ca:3b:66:3d:7d:98:f2:57:69:a1:7f:
                    a5:1b:02:06:19:dc:18:e3:d8:59:93:3e:03:fb:cc:
                    78:3b:82:f1:f0:10:c7:c2:0f:87:37:97:54:55:62:
                    af:c8:62:1c:34:75:ba:17:ee:09:14:ee:df:d4:b2:
                    f3:7f:0c:2e:2d:81:95:2c:79:7b:ec:b5:d0:e0:94:
                    45:f3:3a:a4:d4:53:8d:49:29:13:3d:c0:1a:1e:8d:
                    cf:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:9B:0D:EE:E9:53:C0:77:24:55:E1:EF:1A:E7:88:20:6B:DB:06:E3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af499eea-e6b5-4a3f-92db-69be5753668f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fbb:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9a:3e:d1:f6:41:09:b6:93:a7:9f:86:1a:ce:1d:ba:7d:77:45:
         4b:70:98:6f:db:e7:5c:f8:39:c0:8c:c2:c3:b8:eb:95:57:31:
         3f:7d:c4:6c:73:26:66:fd:a7:50:25:03:56:f7:eb:5b:2e:c5:
         bc:6a:e7:bf:ab:a4:d2:75:24:c7:88:99:c1:50:71:ac:e4:49:
         c1:5b:b0:b7:11:0b:23:00:90:7c:d4:51:17:c0:6e:c2:32:20:
         cc:01:b0:47:7e:59:9c:b0:bf:d4:84:01:5f:49:ff:3b:15:54:
         8d:2e:f6:44:da:29:c7:43:40:31:23:44:87:b5:e2:35:7b:33:
         20:0a:5c:0a:a5:32:80:98:82:2f:19:77:94:1f:db:66:23:55:
         45:2a:a4:21:f8:5a:c1:f7:5f:d3:d9:11:87:12:3d:56:42:37:
         63:44:f5:4a:b5:44:4a:bc:78:ce:ab:ef:15:28:71:1c:5c:7f:
         92:9b:96:34:9b:7b:dc:4e:f0:44:f8:8b:d4:b0:21:a9:73:f2:
         31:9b:d8:fd:24:15:f0:97:4e:ba:60:88:5e:43:6c:ca:e4:3b:
         40:c1:7a:9f:b9:40:58:6f:4a:e8:a9:3e:2b:5f:5a:fb:95:23:
         87:c3:98:b5:80:df:a4:b8:c8:45:b5:4f:31:54:24:97:ee:76:
         6d:72:c9:e9
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUB2muaLsuJdEuPzV+yBVRxd9CcHUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MjA3WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmUxMWZjZmQ2NzkwNzhiZDdmOWQ1ZGQ5YzZjNDczYTdm
ZWUyMjQ0OTI5MGVmNWFkYzlmZmUyM2ExNjUyZTUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXtRocFCEQ6rnL8QDOE0ev6XQtbA6GjhE0WrcCOE+zPKuu
YM8snvwQ8PLBlRPYikN7RsdWsXcD2cOQBbRnhRQiMeoLRoAMXCwcizLqDrMrrd2x
kS6ju/z8+j4IiFSNj++vTbM+fq0dNWw83igrZBKwER6P2/Tx2huIN0PEWKcKcRl9
dF1Z6u5FlskIF6QcbDbNiyf26jSD50wngDePqnk+tvLzya0Go43KO2Y9fZjyV2mh
f6UbAgYZ3Bjj2FmTPgP7zHg7gvHwEMfCD4c3l1RVYq/IYhw0dboX7gkU7t/UsvN/
DC4tgZUseXvstdDglEXzOqTUU41JKRM9wBoejc9tAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU75sN7ulTwHckVeHvGueIIGvbBuMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmNDk5ZWVhLWU2YjUtNGEzZi05MmRiLTY5YmU1NzUzNjY4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+7UDANBgkqhkiG9w0BAQsFAAOCAQEAmj7R9kEJtpOnn4Yazh26fXdF
S3CYb9vnXPg5wIzCw7jrlVcxP33EbHMmZv2nUCUDVvfrWy7FvGrnv6uk0nUkx4iZ
wVBxrORJwVuwtxELIwCQfNRRF8BuwjIgzAGwR35ZnLC/1IQBX0n/OxVUjS72RNop
x0NAMSNEh7XiNXszIApcCqUygJiCLxl3lB/bZiNVRSqkIfhawfdf09kRhxI9VkI3
Y0T1SrVESrx4zqvvFShxHFx/kpuWNJt73E7wRPiL1LAhqXPyMZvY/SQV8JdOumCI
XkNsyuQ7QMF6n7lAWG9K6Kk+K19a+5Ujh8OYtYDfpLjIRbVPMVQkl+52bXLJ6Q==
-----END CERTIFICATE-----