Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04458f53-1b58-4ea6-b808-1d18094e2918.roa
File:                     04458f53-1b58-4ea6-b808-1d18094e2918.roa (raw, json)
Hash identifier:          8dNBah7DcmAImNu6zPKNl2gcv5Rb47p5OXY3+wngf4c=
Subject key identifier:   96:35:57:FA:1D:48:3F:C1:A3:02:6F:EE:CC:30:4D:C8:1E:0A:2E:11
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3812B468E3AD12A2E9EDA8E3825659173411FB56
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04458f53-1b58-4ea6-b808-1d18094e2918.roa
Signing time:             Wed 12 Nov 2025 00:31:43 +0000
ROA not before:           Wed 12 Nov 2025 00:31:43 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.182.224.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:12:b4:68:e3:ad:12:a2:e9:ed:a8:e3:82:56:59:17:34:11:fb:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:31:43 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=efc895889098a1c66c668a14597c2c5c2e18c8e166a135b5db8a1a0b39b10616, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:96:3e:24:fe:75:a8:0e:62:25:3f:03:8b:20:
                    f6:2d:ef:03:4a:52:3d:2d:58:ef:c2:8c:cc:26:5f:
                    d1:7c:db:ef:27:e2:1f:70:75:1d:9d:8a:5a:42:47:
                    ee:71:f0:aa:05:4b:e8:a8:10:81:bf:75:62:4c:90:
                    33:a3:f9:ec:9f:25:e8:e0:b5:5b:72:89:42:4e:b3:
                    b8:72:27:64:17:40:28:26:2d:0a:6f:0c:88:4a:f6:
                    fd:a9:89:4f:b4:2d:34:24:80:2a:e4:9c:cd:6a:2e:
                    ef:53:88:68:0a:82:4a:a3:b0:61:d6:1d:38:de:e1:
                    7c:93:6c:09:1f:45:22:c8:91:ca:c4:b3:cd:89:68:
                    f5:b4:d8:a3:2b:53:70:00:d9:47:61:96:ae:7a:56:
                    49:37:c8:23:c5:a6:8a:f1:a0:9f:5f:65:7b:84:f0:
                    79:27:c5:c1:08:73:f0:c1:8c:35:35:64:bb:1e:73:
                    96:b3:f8:69:1f:d2:99:a7:e7:b2:ae:3c:de:fd:6d:
                    e0:b1:69:48:e0:68:bb:26:62:a5:9d:02:27:b1:3b:
                    82:2b:6d:d1:e3:27:42:41:16:0b:fc:47:92:dd:35:
                    4c:64:67:3e:d4:e9:1e:a8:29:66:d7:3e:91:56:c2:
                    2d:5e:21:13:ee:13:9b:29:9f:33:45:f5:7a:3b:54:
                    4f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:35:57:FA:1D:48:3F:C1:A3:02:6F:EE:CC:30:4D:C8:1E:0A:2E:11
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04458f53-1b58-4ea6-b808-1d18094e2918.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.182.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0f:2b:b8:66:94:a9:dd:c4:ee:8c:9f:e0:61:a6:5c:5a:d3:71:
         3a:85:63:24:7a:4b:93:a4:cd:04:00:5d:9b:6d:c9:93:e6:7a:
         cc:cf:14:60:02:e1:03:b9:a5:32:9a:f6:65:81:f1:1a:d3:7b:
         6f:d2:46:8f:3f:09:33:fd:ea:fc:0c:0a:03:45:9a:17:ec:a0:
         4c:55:5a:0e:28:30:8e:2b:1b:34:45:ed:73:37:41:16:b4:6b:
         e9:66:6e:79:ce:5f:91:93:c0:02:41:f3:b1:a7:aa:cf:f6:2e:
         b6:1c:5a:c7:25:d3:e3:9c:ea:ce:b4:50:58:62:99:11:14:83:
         62:5f:73:40:d5:a8:e9:e8:d1:30:05:a0:b8:be:05:ac:19:a6:
         d3:74:08:c4:1f:22:70:fc:40:06:1a:28:6f:8b:13:68:d5:a8:
         e7:f9:75:38:cf:06:d2:ba:59:65:c1:1b:00:c4:4a:56:32:d6:
         67:84:2d:34:00:f1:e5:44:9a:31:1b:7b:43:74:3e:19:eb:c6:
         b7:f0:f4:12:be:cf:fa:2c:de:1e:7a:78:5e:67:fd:62:08:f4:
         5c:72:7b:34:6f:df:7a:3e:11:22:b0:02:5a:c5:7a:e8:90:d1:
         2e:b6:75:b2:b1:2c:7b:e9:f1:cb:1a:84:ef:a9:6e:a2:bf:72:
         b4:c6:21:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOBK0aOOtEqLp7ajjglZZFzQR+1YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAzMTQzWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZmM4OTU4ODkwOThhMWM2NmM2NjhhMTQ1OTdjMmM1YzJl
MThjOGUxNjZhMTM1YjVkYjhhMWEwYjM5YjEwNjE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDelj4k/nWoDmIlPwOLIPYt7wNKUj0tWO/CjMwmX9F82+8n
4h9wdR2dilpCR+5x8KoFS+ioEIG/dWJMkDOj+eyfJejgtVtyiUJOs7hyJ2QXQCgm
LQpvDIhK9v2piU+0LTQkgCrknM1qLu9TiGgKgkqjsGHWHTje4XyTbAkfRSLIkcrE
s82JaPW02KMrU3AA2Udhlq56Vkk3yCPFporxoJ9fZXuE8HknxcEIc/DBjDU1ZLse
c5az+Gkf0pmn57KuPN79beCxaUjgaLsmYqWdAiexO4IrbdHjJ0JBFgv8R5LdNUxk
Zz7U6R6oKWbXPpFWwi1eIRPuE5spnzNF9Xo7VE89AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUljVX+h1IP8GjAm/uzDBNyB4KLhEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA0NDU4ZjUzLTFiNTgtNGVhNi1iODA4LTFkMTgwOTRlMjkxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPYtuAwDQYJKoZIhvcNAQELBQADggEBAA8ruGaUqd3E7oyf4GGmXFrTcTqF
YyR6S5OkzQQAXZttyZPmeszPFGAC4QO5pTKa9mWB8RrTe2/SRo8/CTP96vwMCgNF
mhfsoExVWg4oMI4rGzRF7XM3QRa0a+lmbnnOX5GTwAJB87Gnqs/2LrYcWscl0+Oc
6s60UFhimREUg2Jfc0DVqOno0TAFoLi+BawZptN0CMQfInD8QAYaKG+LE2jVqOf5
dTjPBtK6WWXBGwDESlYy1meELTQA8eVEmjEbe0N0Phnrxrfw9BK+z/os3h56eF5n
/WII9FxyezRv33o+ESKwAlrFeuiQ0S62dbKxLHvp8csahO+pbqK/crTGIUU=
-----END CERTIFICATE-----