Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba1287aa-91c5-4550-bf04-c7c8d393b8f2.roa
File:                     ba1287aa-91c5-4550-bf04-c7c8d393b8f2.roa (raw, json)
Hash identifier:          1tS/lmBA6fSZ2yvusX2uzYbd9FKhoATYr7/U2LES7XU=
Subject key identifier:   20:C5:92:43:69:FC:01:1D:84:2C:18:53:BC:79:6F:AF:1B:F3:02:9A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5D51AD452F768A74B6C08CEFA40B5425982DC765
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba1287aa-91c5-4550-bf04-c7c8d393b8f2.roa
Signing time:             Fri 17 Oct 2025 21:20:18 +0000
ROA not before:           Fri 17 Oct 2025 21:20:18 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:4070::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:51:ad:45:2f:76:8a:74:b6:c0:8c:ef:a4:0b:54:25:98:2d:c7:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 21:20:18 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=413604f0dc1d3b41649239ce674f5f7ad9591839907de8e42c9dab619972fc24, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f1:38:7d:cd:f9:e8:a2:67:da:71:b0:33:89:
                    4b:a9:e3:1b:03:3c:08:b6:c8:66:81:47:4e:08:7d:
                    e9:f1:de:a1:9f:f9:74:90:ad:5d:05:d8:89:8a:91:
                    22:34:00:b1:4c:e1:4e:04:4c:1b:d1:05:f4:37:a6:
                    e5:d8:ae:b6:e4:a4:5b:f1:61:c5:ce:85:28:ac:db:
                    86:61:62:50:8f:30:8d:e4:e6:ab:e2:91:98:0d:e2:
                    ee:6b:c1:02:3e:49:17:48:e9:4e:83:a6:fc:70:cd:
                    fa:66:e0:36:b0:51:87:bb:ef:b4:e0:62:7e:8e:3f:
                    7c:75:70:05:92:49:2d:6c:25:0a:fc:81:19:69:7f:
                    64:8e:96:3d:7a:f5:cf:90:4f:24:55:7e:52:7e:23:
                    1f:d3:0d:c1:b9:16:d3:b1:28:0d:77:d6:32:58:92:
                    a0:18:ab:c6:ae:cf:82:68:43:58:20:6a:d4:cf:5b:
                    e3:d6:fa:26:b1:46:fd:3c:f8:59:17:ba:90:49:7e:
                    a3:77:ea:95:b0:df:08:76:ef:86:42:97:f4:c8:dd:
                    fa:74:4c:8e:0d:1e:33:49:cf:5c:fe:a2:fa:b3:d0:
                    7b:eb:33:49:cb:ba:5f:11:71:ba:7e:f4:56:14:a5:
                    43:71:2a:2f:50:96:d3:67:00:35:2e:5e:c4:de:80:
                    e5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C5:92:43:69:FC:01:1D:84:2C:18:53:BC:79:6F:AF:1B:F3:02:9A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba1287aa-91c5-4550-bf04-c7c8d393b8f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:4070::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:b5:2c:4a:68:ed:cf:5e:14:9b:e5:8b:b2:9d:cd:04:3e:74:
         a2:25:e4:27:5c:63:c5:5c:fc:11:e7:75:7c:1a:91:16:41:84:
         f5:3a:79:57:6c:e9:05:3d:f4:fa:23:16:e0:77:37:5e:d9:06:
         12:09:8d:9c:5b:e6:be:a8:e9:61:83:bc:4b:05:ed:4f:7c:b2:
         aa:a9:75:b3:ff:44:41:88:8f:2c:ad:48:13:46:b6:d3:1f:a2:
         5f:ad:20:02:eb:03:6b:37:cf:0c:32:25:d6:c6:7f:bb:d1:9a:
         27:db:31:0a:26:29:98:5d:2e:8e:7b:26:58:17:8a:42:b8:7a:
         b9:fd:48:e9:fe:f5:08:e7:3f:93:7a:09:e4:99:a6:cf:2e:22:
         13:89:c9:9d:3c:ce:82:06:01:98:57:fe:12:af:c9:22:64:99:
         6d:4b:c0:11:6f:53:b1:ff:0f:b6:72:fc:74:09:38:71:d3:9e:
         17:bc:30:2f:90:1a:2f:23:0a:b4:e2:93:70:aa:e0:1b:98:90:
         21:a0:f0:7b:fe:dd:93:ac:86:72:bd:f6:08:da:fd:a8:3c:36:
         96:10:be:b2:2f:30:94:49:8d:78:e9:06:c6:2a:02:a1:d6:74:
         f4:af:83:01:58:6a:75:26:d3:43:28:40:ed:31:62:3d:46:7c:
         54:7d:6c:be
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUXVGtRS92inS2wIzvpAtUJZgtx2UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjEyMDE4WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTM2MDRmMGRjMWQzYjQxNjQ5MjM5Y2U2NzRmNWY3YWQ5
NTkxODM5OTA3ZGU4ZTQyYzlkYWI2MTk5NzJmYzI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp8Th9zfnoomfacbAziUup4xsDPAi2yGaBR04Ifenx3qGf
+XSQrV0F2ImKkSI0ALFM4U4ETBvRBfQ3puXYrrbkpFvxYcXOhSis24ZhYlCPMI3k
5qvikZgN4u5rwQI+SRdI6U6Dpvxwzfpm4DawUYe777TgYn6OP3x1cAWSSS1sJQr8
gRlpf2SOlj169c+QTyRVflJ+Ix/TDcG5FtOxKA131jJYkqAYq8auz4JoQ1ggatTP
W+PW+iaxRv08+FkXupBJfqN36pWw3wh274ZCl/TI3fp0TI4NHjNJz1z+ovqz0Hvr
M0nLul8Rcbp+9FYUpUNxKi9QltNnADUuXsTegOVBAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUIMWSQ2n8AR2ELBhTvHlvrxvzApowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhMTI4N2FhLTkxYzUtNDU1MC1iZjA0LWM3YzhkMzkzYjhmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB//QHAwDQYJKoZIhvcNAQELBQADggEBAFW1LEpo7c9eFJvli7KdzQQ+
dKIl5CdcY8Vc/BHndXwakRZBhPU6eVds6QU99PojFuB3N17ZBhIJjZxb5r6o6WGD
vEsF7U98sqqpdbP/REGIjyytSBNGttMfol+tIALrA2s3zwwyJdbGf7vRmifbMQom
KZhdLo57JlgXikK4ern9SOn+9QjnP5N6CeSZps8uIhOJyZ08zoIGAZhX/hKvySJk
mW1LwBFvU7H/D7Zy/HQJOHHTnhe8MC+QGi8jCrTik3Cq4BuYkCGg8Hv+3ZOshnK9
9gja/ag8NpYQvrIvMJRJjXjpBsYqAqHWdPSvgwFYanUm00MoQO0xYj1GfFR9bL4=
-----END CERTIFICATE-----