Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dab39bd7-85ce-4910-8274-6255cffb5fc9.roa
File:                     dab39bd7-85ce-4910-8274-6255cffb5fc9.roa (raw, json)
Hash identifier:          oANlU2oK4ybDFtXzyu7mlGHtWFrNuc+L7c8LRgp2tlY=
Subject key identifier:   2C:2F:89:68:33:33:DD:58:E6:64:A2:3F:8B:EA:B7:37:B9:55:2E:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       37DDD2EE0075C2ECA430DC912C82EC6B7BA76CFF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dab39bd7-85ce-4910-8274-6255cffb5fc9.roa
Signing time:             Fri 17 Oct 2025 20:10:23 +0000
ROA not before:           Fri 17 Oct 2025 20:10:23 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fff:5000::/40 maxlen: 40
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:dd:d2:ee:00:75:c2:ec:a4:30:dc:91:2c:82:ec:6b:7b:a7:6c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 20:10:23 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=f05529727103335667558e824dcd86bb137e5c40d0d328d6a404a8017f8eb195, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:9c:e2:a2:0b:ed:5c:9c:99:0c:27:c9:f8:5b:
                    47:77:b5:3f:6f:ce:9b:0a:21:24:65:59:0b:cd:cd:
                    f4:c5:94:9b:13:a6:fd:93:88:d7:6e:54:1c:ea:52:
                    b6:07:96:b6:9a:c7:88:78:eb:83:2c:e9:5e:57:b9:
                    5e:33:78:77:46:d7:41:54:13:4a:96:ea:c5:bb:fb:
                    8d:9a:72:a4:93:b0:89:fa:21:a4:fc:fd:99:99:a2:
                    8c:e7:23:62:de:41:0f:51:1e:c7:8b:98:ca:de:18:
                    f3:f7:fc:d5:c0:30:7a:60:e2:df:7c:7c:57:0a:d5:
                    a6:86:47:99:da:a3:c5:25:92:94:eb:7d:d9:ee:8c:
                    cd:a8:13:2f:5c:0f:6e:b3:13:ae:90:92:df:b8:e4:
                    77:a4:a3:4a:fb:68:63:9a:a4:a9:9d:5d:65:d4:d6:
                    25:9f:b1:81:d6:b6:e8:38:c8:55:c1:4b:fa:7f:24:
                    9a:9a:f3:ce:c6:98:77:b0:2b:83:d0:0a:11:dd:f0:
                    6e:0c:5b:b9:e0:d8:f1:91:2c:74:62:db:0a:2e:96:
                    7c:cb:4a:09:ca:45:29:44:09:99:b0:8b:a6:31:32:
                    b0:ff:e0:a8:cf:bd:9d:50:df:58:30:9f:62:1e:1f:
                    f0:10:24:c8:b2:d6:5b:88:f0:b1:64:e4:e3:53:a1:
                    2e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:2F:89:68:33:33:DD:58:E6:64:A2:3F:8B:EA:B7:37:B9:55:2E:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dab39bd7-85ce-4910-8274-6255cffb5fc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fff:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         52:a2:4b:a0:9c:f7:74:59:8e:58:31:5a:35:2a:b3:6f:ae:9e:
         f5:21:e9:73:fb:f4:29:b2:36:9b:8f:24:ba:93:65:e0:25:54:
         fb:41:25:59:d3:3c:12:19:3a:27:27:ac:f0:af:cb:29:63:41:
         56:f2:da:1c:b4:ad:22:ab:13:25:26:ef:fe:d4:4f:f4:74:25:
         11:05:de:a4:21:60:94:cd:88:ed:dd:85:40:4d:6c:85:c6:87:
         b8:26:80:a9:93:4a:45:36:3a:6c:85:43:87:51:d1:41:1a:40:
         83:85:3c:18:65:cb:07:32:64:9d:6e:b2:23:4b:22:b4:8c:27:
         03:fd:ca:0d:97:1b:c6:20:aa:1a:b3:e2:3b:6b:3c:94:02:5e:
         59:f8:f0:d7:3c:34:aa:bc:29:a0:a0:b4:1c:7c:c1:54:d3:ef:
         89:98:d3:41:39:d4:ea:f0:6f:2c:cf:ed:f1:f5:29:07:64:c2:
         c6:62:4f:aa:9d:47:e0:27:98:7e:d3:02:3c:80:39:0b:ea:a2:
         bf:37:77:fa:24:90:8e:d0:1e:ca:c1:6c:90:66:04:a5:fe:77:
         5c:cf:e1:76:24:d1:10:c8:70:86:95:9a:1d:8b:d8:c6:b2:12:
         fb:9e:e6:01:67:20:17:9e:dc:99:2b:43:26:b6:c5:5d:01:a9:
         2b:38:33:d4
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUN93S7gB1wuykMNyRLILsa3unbP8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjAxMDIzWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMDU1Mjk3MjcxMDMzMzU2Njc1NThlODI0ZGNkODZiYjEz
N2U1YzQwZDBkMzI4ZDZhNDA0YTgwMTdmOGViMTk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD3nOKiC+1cnJkMJ8n4W0d3tT9vzpsKISRlWQvNzfTFlJsT
pv2TiNduVBzqUrYHlraax4h464Ms6V5XuV4zeHdG10FUE0qW6sW7+42acqSTsIn6
IaT8/ZmZooznI2LeQQ9RHseLmMreGPP3/NXAMHpg4t98fFcK1aaGR5nao8UlkpTr
fdnujM2oEy9cD26zE66Qkt+45Heko0r7aGOapKmdXWXU1iWfsYHWtug4yFXBS/p/
JJqa887GmHewK4PQChHd8G4MW7ng2PGRLHRi2woulnzLSgnKRSlECZmwi6YxMrD/
4KjPvZ1Q31gwn2IeH/AQJMiy1luI8LFk5ONToS6LAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQULC+JaDMz3VjmZKI/i+q3N7lVLsowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhYjM5YmQ3LTg1Y2UtNDkxMC04Mjc0LTYyNTVjZmZiNWZjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB//UDANBgkqhkiG9w0BAQsFAAOCAQEAUqJLoJz3dFmOWDFaNSqzb66e
9SHpc/v0KbI2m48kupNl4CVU+0ElWdM8Ehk6Jyes8K/LKWNBVvLaHLStIqsTJSbv
/tRP9HQlEQXepCFglM2I7d2FQE1shcaHuCaAqZNKRTY6bIVDh1HRQRpAg4U8GGXL
BzJknW6yI0sitIwnA/3KDZcbxiCqGrPiO2s8lAJeWfjw1zw0qrwpoKC0HHzBVNPv
iZjTQTnU6vBvLM/t8fUpB2TCxmJPqp1H4CeYftMCPIA5C+qivzd3+iSQjtAeysFs
kGYEpf53XM/hdiTREMhwhpWaHYvYxrIS+57mAWcgF57cmStDJrbFXQGpKzgz1A==
-----END CERTIFICATE-----