Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03353232-f773-4ecd-a8d3-0b9aa5dcc857.roa
File:                     03353232-f773-4ecd-a8d3-0b9aa5dcc857.roa (raw, json)
Hash identifier:          kLqV5v3Co1CSenR4bCLOgeRpKmzhvQfAY1K/gsq+8Ws=
Subject key identifier:   6E:DD:98:E4:15:3D:A0:1E:9E:CC:5B:81:DF:B0:48:13:C2:62:0C:63
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53C0D0C21BC728A224817CE5F3605AD96DDA23E2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03353232-f773-4ecd-a8d3-0b9aa5dcc857.roa
Signing time:             Thu 13 Nov 2025 00:31:26 +0000
ROA not before:           Thu 13 Nov 2025 00:31:26 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.101.128.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:c0:d0:c2:1b:c7:28:a2:24:81:7c:e5:f3:60:5a:d9:6d:da:23:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:31:26 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=6a9ba4235ed94ce867356de81be4242b25a02d4d0740d95e6b3ee2f015040a52, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:91:61:a3:0a:f6:38:a5:72:5e:75:72:a4:8c:
                    1b:bf:ca:49:78:f3:f1:22:76:76:22:f9:60:e8:62:
                    92:0c:8b:6f:e1:f5:7d:61:de:bd:6c:83:2e:b7:6c:
                    22:ec:9d:0e:02:9c:ba:ce:d4:52:60:d1:fa:f5:a8:
                    2c:a3:52:4b:5a:f8:44:2f:f1:34:bb:38:08:da:3b:
                    2b:20:8b:4a:5b:59:e6:31:2a:3d:87:60:d1:fe:d7:
                    28:8f:01:e5:ba:1b:6a:38:30:ee:ee:07:0b:33:ba:
                    1f:c5:57:a8:d5:61:d8:34:77:65:0a:1e:91:33:e8:
                    db:95:96:a5:39:68:b3:21:18:11:d0:8d:e0:a7:29:
                    91:5d:3b:ed:b4:04:60:ac:b6:f2:ba:7d:d6:86:38:
                    7c:bf:94:29:67:d7:7e:4f:f1:d6:98:01:4b:99:5c:
                    a5:1a:bc:e0:33:41:ff:51:ac:36:1f:99:46:ec:14:
                    24:00:ce:9f:ca:4b:ca:9c:9e:d3:1d:c1:25:3e:12:
                    71:25:9f:24:ef:d1:90:7e:7d:55:19:b3:6f:9c:11:
                    6c:0e:40:b7:0d:e5:6e:d4:3d:e6:01:b4:73:61:18:
                    ce:c9:29:23:ae:0f:b8:da:18:15:e9:b1:e5:b2:81:
                    a0:cb:d3:5b:53:8e:30:a4:f9:d8:0b:14:83:70:c5:
                    e8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:DD:98:E4:15:3D:A0:1E:9E:CC:5B:81:DF:B0:48:13:C2:62:0C:63
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03353232-f773-4ecd-a8d3-0b9aa5dcc857.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.101.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         81:f5:20:30:a5:7f:62:de:22:94:bd:7a:0b:41:ff:86:3e:53:
         8b:7f:8d:ff:fb:53:fb:fb:0f:1c:1f:fb:0e:2a:84:3e:22:9f:
         cc:92:db:7a:07:1f:4c:4e:93:08:84:e3:b4:08:94:f8:d0:71:
         70:59:ac:ea:42:a0:83:8a:ce:24:a9:4c:da:3a:30:e6:58:eb:
         09:f7:62:d7:a8:af:f6:7b:0a:98:8c:39:92:3d:3a:b7:b6:9e:
         60:a2:88:18:fb:2d:ae:4d:16:c8:8d:6f:8f:28:c7:ff:55:93:
         14:3a:33:05:7d:99:a2:5b:71:b2:31:a7:5a:00:32:02:2e:76:
         ec:0d:e4:14:a1:b7:9e:8c:8c:87:aa:5b:1b:5d:ec:78:bf:a9:
         b9:0c:76:11:3e:de:2f:08:77:e8:83:3f:8b:37:b2:4b:dd:5e:
         0e:64:57:e1:56:40:d4:4f:25:8e:b0:ce:00:b7:de:bd:8e:9f:
         f9:23:a1:d0:16:09:7e:a2:86:9f:6a:bb:b1:28:ff:0e:28:e7:
         b4:19:3a:32:52:62:ee:9a:e6:29:20:13:fd:10:ae:5c:58:14:
         95:44:28:3b:e3:9b:a6:39:91:b7:ab:0b:41:e3:b8:1b:c1:2d:
         44:4b:d1:3c:bb:2b:9e:c6:19:23:46:09:5b:c4:af:73:ed:d8:
         c6:b9:67:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU8DQwhvHKKIkgXzl82Ba2W3aI+IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAzMTI2WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTliYTQyMzVlZDk0Y2U4NjczNTZkZTgxYmU0MjQyYjI1
YTAyZDRkMDc0MGQ5NWU2YjNlZTJmMDE1MDQwYTUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCDkWGjCvY4pXJedXKkjBu/ykl48/EidnYi+WDoYpIMi2/h
9X1h3r1sgy63bCLsnQ4CnLrO1FJg0fr1qCyjUkta+EQv8TS7OAjaOysgi0pbWeYx
Kj2HYNH+1yiPAeW6G2o4MO7uBwszuh/FV6jVYdg0d2UKHpEz6NuVlqU5aLMhGBHQ
jeCnKZFdO+20BGCstvK6fdaGOHy/lCln135P8daYAUuZXKUavOAzQf9RrDYfmUbs
FCQAzp/KS8qcntMdwSU+EnElnyTv0ZB+fVUZs2+cEWwOQLcN5W7UPeYBtHNhGM7J
KSOuD7jaGBXpseWygaDL01tTjjCk+dgLFINwxeitAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbt2Y5BU9oB6ezFuB37BIE8JiDGMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzMzUzMjMyLWY3NzMtNGVjZC1hOGQzLTBiOWFhNWRjYzg1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdLZYAwDQYJKoZIhvcNAQELBQADggEBAIH1IDClf2LeIpS9egtB/4Y+U4t/
jf/7U/v7Dxwf+w4qhD4in8yS23oHH0xOkwiE47QIlPjQcXBZrOpCoIOKziSpTNo6
MOZY6wn3Yteor/Z7CpiMOZI9Ore2nmCiiBj7La5NFsiNb48ox/9VkxQ6MwV9maJb
cbIxp1oAMgIuduwN5BSht56MjIeqWxtd7Hi/qbkMdhE+3i8Id+iDP4s3skvdXg5k
V+FWQNRPJY6wzgC33r2On/kjodAWCX6ihp9qu7Eo/w4o57QZOjJSYu6a5ikgE/0Q
rlxYFJVEKDvjm6Y5kberC0HjuBvBLURL0Ty7K57GGSNGCVvEr3Pt2Ma5ZzE=
-----END CERTIFICATE-----