Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24d921c1-9e96-4ec0-8d95-a45b8c083105.roa
File:                     24d921c1-9e96-4ec0-8d95-a45b8c083105.roa (raw, json)
Hash identifier:          hSQkEeIldvHUY/0z32ycUzHYTy0/i91aEq7JDWFKrwI=
Subject key identifier:   FD:AE:03:4D:00:F5:E9:C1:0B:01:73:3C:38:DD:3F:9F:3D:2A:DD:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       64D80B37DD72D98530D254D5F599B9EC843B29ED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24d921c1-9e96-4ec0-8d95-a45b8c083105.roa
Signing time:             Tue 11 Nov 2025 02:31:11 +0000
ROA not before:           Tue 11 Nov 2025 02:31:11 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        168.242.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:d8:0b:37:dd:72:d9:85:30:d2:54:d5:f5:99:b9:ec:84:3b:29:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:31:11 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=216ba1b671c7740076a4a74bc86da849c866200fd82de9297f2e8382358b2aed, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:1c:16:d2:8a:f9:a7:d6:e7:44:ac:30:ea:e1:
                    4d:61:a6:48:c1:65:15:70:da:75:18:4e:a2:93:40:
                    f8:ca:7d:fe:21:4e:29:9a:19:cf:e5:2e:5b:2a:77:
                    89:90:dc:34:64:ca:68:2c:40:a5:f3:f4:d7:55:97:
                    17:b5:24:5f:0b:52:1f:f1:fe:fb:9c:54:1d:f4:f3:
                    f1:dd:cf:98:da:d1:5a:34:a4:0f:ab:f3:68:46:2f:
                    30:12:c1:9a:16:3f:7c:83:67:59:f3:03:ac:71:c2:
                    84:3c:1c:16:3f:18:25:7f:46:26:81:ee:cb:21:d5:
                    e1:fd:2b:61:72:78:6b:f1:4b:1e:84:9c:d7:cf:ea:
                    3f:58:ce:4b:b4:cb:17:19:de:33:0b:c0:e1:17:ef:
                    e4:8e:56:e5:7d:1b:82:8a:18:a4:c8:d7:8b:b4:66:
                    a7:30:cc:01:70:c8:7d:09:b2:d4:17:ec:35:4d:84:
                    67:0f:a3:ed:eb:7d:5e:31:f7:fb:06:e2:6a:4e:5f:
                    3d:b7:04:50:c3:1a:8c:a8:14:72:74:67:1e:69:85:
                    a3:20:60:01:bc:74:c9:6d:62:f9:81:a3:6c:f4:4e:
                    3a:bf:92:93:91:97:0e:1c:9c:d9:14:70:a2:42:ea:
                    5b:31:8e:a6:c2:f5:36:12:82:ce:bd:e8:43:ba:c9:
                    dc:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:AE:03:4D:00:F5:E9:C1:0B:01:73:3C:38:DD:3F:9F:3D:2A:DD:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24d921c1-9e96-4ec0-8d95-a45b8c083105.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.242.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         41:c3:12:1d:cb:e2:4f:c8:75:c7:f9:29:44:ff:fa:c5:c5:bd:
         6d:5b:0b:65:fb:62:c5:3e:4f:cf:b9:3b:d2:d5:9d:25:5d:e4:
         67:b9:b8:70:48:bc:87:11:73:fd:f0:f5:59:f6:d5:d4:25:83:
         b5:f3:c4:e6:a6:2d:2e:50:a1:cc:0e:f5:a1:ed:f7:d8:b3:72:
         62:38:5e:10:c3:2a:ab:5e:62:e3:3b:a7:1f:aa:2b:b3:73:a6:
         da:12:5c:28:cb:15:04:17:4b:7d:38:da:3a:ea:3a:69:33:27:
         c5:53:ab:6a:bd:dd:da:a8:c0:89:b1:f0:6b:e0:a3:32:a0:87:
         f1:de:ff:8a:fe:e5:d5:40:fd:0b:26:85:f4:d6:bf:6f:c8:53:
         09:fc:b7:1f:e7:5b:5a:8b:ee:45:49:62:d7:c7:20:cd:c8:16:
         f8:89:b1:10:8a:87:80:dc:88:3d:40:51:f1:1d:88:a4:8e:e0:
         3e:7f:0b:fc:e1:37:51:7e:74:ef:2d:08:98:e2:0d:e6:41:af:
         8a:1f:7b:15:dc:dd:ef:59:7c:95:77:02:5f:ef:4e:c9:bc:39:
         02:da:a0:05:58:54:de:23:5c:eb:81:ea:1d:ee:9f:94:2e:e5:
         6d:fc:1d:c7:1b:e1:da:74:55:3e:bc:c0:9e:c8:77:54:c9:81:
         ef:22:b4:c8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZNgLN91y2YUw0lTV9Zm57IQ7Ke0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIzMTExWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTZiYTFiNjcxYzc3NDAwNzZhNGE3NGJjODZkYTg0OWM4
NjYyMDBmZDgyZGU5Mjk3ZjJlODM4MjM1OGIyYWVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQHBbSivmn1udErDDq4U1hpkjBZRVw2nUYTqKTQPjKff4h
TimaGc/lLlsqd4mQ3DRkymgsQKXz9NdVlxe1JF8LUh/x/vucVB308/Hdz5ja0Vo0
pA+r82hGLzASwZoWP3yDZ1nzA6xxwoQ8HBY/GCV/RiaB7ssh1eH9K2FyeGvxSx6E
nNfP6j9Yzku0yxcZ3jMLwOEX7+SOVuV9G4KKGKTI14u0ZqcwzAFwyH0JstQX7DVN
hGcPo+3rfV4x9/sG4mpOXz23BFDDGoyoFHJ0Zx5phaMgYAG8dMltYvmBo2z0Tjq/
kpORlw4cnNkUcKJC6lsxjqbC9TYSgs696EO6ydzDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/a4DTQD16cELAXM8ON0/nz0q3eYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI0ZDkyMWMxLTllOTYtNGVjMC04ZDk1LWE0NWI4YzA4MzEwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCo8jANBgkqhkiG9w0BAQsFAAOCAQEAQcMSHcviT8h1x/kpRP/6xcW9bVsL
ZftixT5Pz7k70tWdJV3kZ7m4cEi8hxFz/fD1WfbV1CWDtfPE5qYtLlChzA71oe33
2LNyYjheEMMqq15i4zunH6ors3Om2hJcKMsVBBdLfTjaOuo6aTMnxVOrar3d2qjA
ibHwa+CjMqCH8d7/iv7l1UD9CyaF9Na/b8hTCfy3H+dbWovuRUli18cgzcgW+Imx
EIqHgNyIPUBR8R2IpI7gPn8L/OE3UX507y0ImOIN5kGvih97Fdzd71l8lXcCX+9O
ybw5AtqgBVhU3iNc64HqHe6flC7lbfwdxxvh2nRVPrzAnsh3VMmB7yK0yA==
-----END CERTIFICATE-----