Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03dd229f-85c7-4158-82b5-da756c839c84.roa
File:                     03dd229f-85c7-4158-82b5-da756c839c84.roa (raw, json)
Hash identifier:          6HaFJqoQiG29mxDlVz1cUNjrWL+f8LEI7C+Bf4MG2gw=
Subject key identifier:   91:90:3A:F4:92:6E:82:B8:F1:A9:DA:29:3B:A5:C5:86:A2:08:64:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3F4362A011072F15967402FDDEE57205432C4D17
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03dd229f-85c7-4158-82b5-da756c839c84.roa
Signing time:             Sat 15 Nov 2025 00:10:38 +0000
ROA not before:           Sat 15 Nov 2025 00:10:38 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.249.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:43:62:a0:11:07:2f:15:96:74:02:fd:de:e5:72:05:43:2c:4d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:10:38 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=46bddd41cb726de7bd3830309e9f330507ba4dc771cb883402b9448dcf28fd89, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:99:c9:91:ae:4f:13:ba:4d:4e:98:c2:12:4e:
                    5c:d0:be:16:fa:55:0d:5e:90:0f:d9:07:8a:ed:8e:
                    91:ee:00:0f:8e:56:5c:a0:7c:7c:a0:7a:aa:19:8c:
                    7b:99:f9:29:f8:40:44:81:16:1b:a2:c9:04:c8:a9:
                    4a:2b:7c:24:8f:25:09:86:2f:ab:73:90:8f:04:9d:
                    bc:cb:ed:af:b9:7a:fe:33:ae:1c:17:ca:77:f1:1e:
                    8c:3e:39:45:4a:b6:e4:8d:2e:65:4f:7c:d9:4d:a6:
                    69:ee:ee:ab:28:1d:25:d6:0b:73:5c:c6:2e:fb:7e:
                    c6:5a:99:8b:76:52:06:bf:dc:05:65:a9:ec:ce:b7:
                    77:61:82:6d:34:3d:d7:22:ad:17:60:b7:cf:d8:d7:
                    05:fa:2f:83:a6:84:17:8c:86:7a:b4:1c:3e:55:44:
                    58:79:63:a5:26:ae:cf:37:c5:72:25:88:77:c5:b3:
                    c4:7f:32:27:4f:9c:be:9b:ba:16:39:9b:7d:36:7e:
                    56:33:0d:a4:99:fe:68:09:8a:ec:1a:24:6a:e2:d1:
                    3c:b9:f9:d7:1e:b4:d2:b8:81:47:f7:e7:8a:f1:04:
                    bd:f2:bd:46:4c:ce:b2:3f:0b:55:8c:0f:c2:90:f2:
                    cc:a1:eb:9b:08:6d:b4:d7:03:a4:39:8d:8a:eb:7c:
                    88:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:90:3A:F4:92:6E:82:B8:F1:A9:DA:29:3B:A5:C5:86:A2:08:64:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03dd229f-85c7-4158-82b5-da756c839c84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.249.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:93:3c:3a:73:17:68:40:fe:a9:53:9e:11:05:f9:de:b5:d2:
         43:6c:8d:f3:38:b1:10:2a:4c:9f:9a:e8:76:45:6c:64:f1:c7:
         dc:c7:40:8e:c4:d9:b6:8d:5e:03:93:7c:60:80:e8:b5:71:97:
         60:87:f8:8d:25:ee:cc:09:9b:f7:bc:40:88:a5:d3:50:92:0e:
         fe:05:9a:1f:e7:90:3d:af:ef:c6:c5:b9:ee:a9:9a:92:2d:84:
         d8:d1:e4:3f:24:f0:1d:23:79:d5:89:aa:b7:fa:fe:01:53:d5:
         01:31:e5:d0:9c:aa:22:54:32:43:21:d9:1b:a9:6f:b5:68:cf:
         4f:03:4a:53:12:ec:94:e4:f7:a9:a2:62:05:bc:75:02:3c:1d:
         4c:31:0a:a8:3d:8e:6f:a5:7c:3d:16:b3:ea:35:5c:34:82:fc:
         b6:57:54:95:a0:30:29:fa:e8:a3:aa:ef:3f:c3:b4:dd:93:23:
         07:b0:6e:74:9a:c3:7e:e1:fc:5f:b5:2e:14:51:8a:ec:44:8f:
         0c:01:21:a1:8c:61:f6:68:26:38:16:07:1a:2c:e3:91:47:21:
         12:ed:7a:47:00:57:c3:bf:70:44:97:a7:51:55:9e:07:64:2d:
         94:53:04:47:f3:b7:47:a5:d6:1c:56:26:b0:19:21:cf:55:cb:
         4e:ba:58:a7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUP0NioBEHLxWWdAL93uVyBUMsTRcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDAxMDM4WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NmJkZGQ0MWNiNzI2ZGU3YmQzODMwMzA5ZTlmMzMwNTA3
YmE0ZGM3NzFjYjg4MzQwMmI5NDQ4ZGNmMjhmZDg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTmcmRrk8Tuk1OmMISTlzQvhb6VQ1ekA/ZB4rtjpHuAA+O
VlygfHygeqoZjHuZ+Sn4QESBFhuiyQTIqUorfCSPJQmGL6tzkI8EnbzL7a+5ev4z
rhwXynfxHow+OUVKtuSNLmVPfNlNpmnu7qsoHSXWC3Ncxi77fsZamYt2Uga/3AVl
qezOt3dhgm00PdcirRdgt8/Y1wX6L4OmhBeMhnq0HD5VRFh5Y6Umrs83xXIliHfF
s8R/MidPnL6buhY5m302flYzDaSZ/mgJiuwaJGri0Ty5+dcetNK4gUf354rxBL3y
vUZMzrI/C1WMD8KQ8syh65sIbbTXA6Q5jYrrfIjJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkZA69JJugrjxqdopO6XFhqIIZEMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzZGQyMjlmLTg1YzctNDE1OC04MmI1LWRhNzU2YzgzOWM4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP+TANBgkqhkiG9w0BAQsFAAOCAQEApJM8OnMXaED+qVOeEQX53rXSQ2yN
8zixECpMn5rodkVsZPHH3MdAjsTZto1eA5N8YIDotXGXYIf4jSXuzAmb97xAiKXT
UJIO/gWaH+eQPa/vxsW57qmaki2E2NHkPyTwHSN51Ymqt/r+AVPVATHl0JyqIlQy
QyHZG6lvtWjPTwNKUxLslOT3qaJiBbx1AjwdTDEKqD2Ob6V8PRaz6jVcNIL8tldU
laAwKfroo6rvP8O03ZMjB7BudJrDfuH8X7UuFFGK7ESPDAEhoYxh9mgmOBYHGizj
kUchEu16RwBXw79wRJenUVWeB2QtlFMER/O3R6XWHFYmsBkhz1XLTrpYpw==
-----END CERTIFICATE-----