Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/033647ee-1115-4c6e-8a12-56cae6ea01f5.roa
File:                     033647ee-1115-4c6e-8a12-56cae6ea01f5.roa (raw, json)
Hash identifier:          nlPtJIJ2ZgPOxpv0/+r6uZLlB0s669MR4QNIMUxzmYk=
Subject key identifier:   D4:F1:96:77:F5:67:43:7D:DB:33:D9:F7:14:3F:91:36:86:FF:74:F7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       86AD9ADB7E559307BD128290D4BDD351EF3F1C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/033647ee-1115-4c6e-8a12-56cae6ea01f5.roa
Signing time:             Sun 16 Nov 2025 00:31:16 +0000
ROA not before:           Sun 16 Nov 2025 00:31:16 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.128.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            86:ad:9a:db:7e:55:93:07:bd:12:82:90:d4:bd:d3:51:ef:3f:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:31:16 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=e927a1d3d317f6fe09e3067503ee64563d638cbc2b055e650da2492437db1bee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ea:ef:1d:79:6c:0c:1e:1b:c9:de:3b:67:f8:
                    7c:78:f8:c0:66:5a:e8:07:11:93:d8:7a:ee:6e:a0:
                    d9:37:df:62:1c:f8:e6:e2:e6:18:ed:8b:08:e1:30:
                    62:03:6f:42:56:92:39:59:9b:9a:97:66:46:29:73:
                    e7:0e:24:a7:1b:19:12:28:f0:79:9e:a5:df:88:fc:
                    c3:6a:5f:60:38:fa:3b:81:fd:ac:45:cc:82:d5:30:
                    de:45:20:70:49:1a:6c:54:ee:40:dd:e6:e9:f0:d5:
                    4c:86:7e:84:e4:36:99:df:18:fb:e2:db:cd:75:29:
                    a7:8a:2c:9b:5d:6b:4b:3a:b4:de:36:91:60:6d:77:
                    b0:3a:00:15:9f:d3:b1:25:f2:6a:57:24:dd:a8:af:
                    e7:03:2f:60:18:8e:72:aa:59:17:5a:2d:22:ac:e1:
                    8e:e3:bf:32:30:cf:26:a8:ec:c2:bb:69:f4:45:97:
                    2c:a6:52:eb:c4:4b:3b:51:9f:39:76:ea:22:e4:af:
                    b7:16:e6:01:c4:5a:79:a0:c6:07:b9:7f:7f:3d:79:
                    70:0b:f9:75:94:69:fa:0a:60:84:3d:c3:e5:62:ff:
                    43:8b:60:1c:05:52:3d:1c:77:fa:15:85:be:52:55:
                    1c:8f:b2:08:b6:eb:1d:26:44:82:95:d5:81:ac:28:
                    a8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F1:96:77:F5:67:43:7D:DB:33:D9:F7:14:3F:91:36:86:FF:74:F7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/033647ee-1115-4c6e-8a12-56cae6ea01f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.128.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d6:23:49:a9:f8:ff:31:13:2c:8e:9f:ed:5e:ca:2b:12:c8:d4:
         79:9a:a0:46:69:8c:4d:97:ea:21:27:d2:89:e0:11:3e:0b:88:
         74:db:73:26:8b:5b:21:ec:3b:44:48:46:11:d7:c7:ea:22:ad:
         17:2f:72:ca:a7:10:45:0c:34:52:10:13:ad:ae:9a:30:fb:2a:
         9f:b2:d4:f7:ae:a0:77:f6:41:51:5c:f0:10:be:28:b7:f4:03:
         b0:24:da:b0:56:3a:1e:0e:58:47:cc:c1:1b:b2:32:7f:ca:4e:
         d8:ab:44:f6:eb:38:34:39:b3:de:c3:9c:f4:da:f2:b2:c6:d1:
         e2:38:0c:62:91:c2:cb:2c:33:89:8a:13:5d:df:f0:3d:56:60:
         62:78:b3:3b:c6:c6:77:48:2c:0f:27:1e:dc:7f:24:f4:e1:5a:
         1d:22:a3:e3:1f:a0:47:80:68:5f:1c:aa:6a:2e:a2:52:81:5a:
         0a:ca:8f:e7:de:79:8d:1e:57:18:18:76:a0:c8:b4:b2:81:a2:
         33:50:ff:7d:40:13:46:7d:00:de:fe:5f:25:12:dd:ce:eb:ba:
         a7:30:0c:a7:71:b3:b7:de:53:07:12:aa:55:ba:00:0a:5c:a6:
         09:02:77:e4:4c:80:e4:ff:a7:78:16:fd:14:64:95:56:c0:a6:
         bf:d9:1e:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAIatmtt+VZMHvRKCkNS901HvPxwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMTE2WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTI3YTFkM2QzMTdmNmZlMDllMzA2NzUwM2VlNjQ1NjNk
NjM4Y2JjMmIwNTVlNjUwZGEyNDkyNDM3ZGIxYmVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC26u8deWwMHhvJ3jtn+Hx4+MBmWugHEZPYeu5uoNk332Ic
+Obi5hjtiwjhMGIDb0JWkjlZm5qXZkYpc+cOJKcbGRIo8Hmepd+I/MNqX2A4+juB
/axFzILVMN5FIHBJGmxU7kDd5unw1UyGfoTkNpnfGPvi2811KaeKLJtda0s6tN42
kWBtd7A6ABWf07El8mpXJN2or+cDL2AYjnKqWRdaLSKs4Y7jvzIwzyao7MK7afRF
lyymUuvESztRnzl26iLkr7cW5gHEWnmgxge5f389eXAL+XWUafoKYIQ9w+Vi/0OL
YBwFUj0cd/oVhb5SVRyPsgi26x0mRIKV1YGsKKgbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1PGWd/VnQ33bM9n3FD+RNob/dPcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzMzY0N2VlLTExMTUtNGM2ZS04YTEyLTU2Y2FlNmVhMDFmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYjgIAwDQYJKoZIhvcNAQELBQADggEBANYjSan4/zETLI6f7V7KKxLI1Hma
oEZpjE2X6iEn0ongET4LiHTbcyaLWyHsO0RIRhHXx+oirRcvcsqnEEUMNFIQE62u
mjD7Kp+y1PeuoHf2QVFc8BC+KLf0A7Ak2rBWOh4OWEfMwRuyMn/KTtirRPbrODQ5
s97DnPTa8rLG0eI4DGKRwsssM4mKE13f8D1WYGJ4szvGxndILA8nHtx/JPThWh0i
o+MfoEeAaF8cqmouolKBWgrKj+feeY0eVxgYdqDItLKBojNQ/31AE0Z9AN7+XyUS
3c7ruqcwDKdxs7feUwcSqlW6AApcpgkCd+RMgOT/p3gW/RRklVbApr/ZHgs=
-----END CERTIFICATE-----