Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa
File:                     2651bd32-be0e-47db-b5f3-aa5e30add0da.roa (raw, json)
Hash identifier:          kwaWudE5/VfwywgmMGc3OhR/qR7pp2t5V06k4pi+jMg=
Subject key identifier:   21:3C:FA:DE:6D:E5:E5:C4:8D:D0:2E:13:EA:84:CC:78:74:08:46:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       12667E9DEE908DD7B4D6FA21509EAB4BDCA00222
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa
Signing time:             Sun 16 Nov 2025 00:31:17 +0000
ROA not before:           Sun 16 Nov 2025 00:31:17 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.143.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:66:7e:9d:ee:90:8d:d7:b4:d6:fa:21:50:9e:ab:4b:dc:a0:02:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:31:17 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=10dba9af21dbe9aa7d0a52b94961e03be09ba4864b9dcec6dacb0d125dcd1a70, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:04:8e:80:9d:1a:28:c8:a7:71:bc:01:77:d8:
                    5d:68:6d:0f:c5:8b:c3:cf:3f:ce:88:e4:d1:ef:da:
                    8c:6f:b8:b4:f1:de:d0:83:a4:2e:ba:50:59:85:bc:
                    fb:0e:dc:c7:c4:2f:fe:2a:be:a5:c5:0c:38:07:1b:
                    99:ec:da:12:89:7b:02:22:14:6f:58:d2:63:77:cb:
                    27:86:3b:de:90:84:17:c7:9d:23:76:db:65:73:21:
                    aa:16:36:4a:c3:96:1d:65:a7:07:f8:af:be:fd:dd:
                    06:11:c2:df:5e:fc:0c:c1:2d:dd:e6:a3:b6:a2:2a:
                    c2:48:e0:ae:84:db:d4:fe:c3:8a:33:d4:47:22:1a:
                    86:35:19:18:cc:5c:46:c3:9a:15:68:9a:4a:ec:44:
                    f2:32:77:5b:c4:84:43:e9:80:ed:42:67:49:91:82:
                    d9:8e:67:67:5c:b5:7b:6a:2c:15:80:ae:87:90:68:
                    3c:de:0e:8f:df:51:e9:2a:5c:d9:e4:3b:14:1e:c8:
                    6b:f6:8e:29:be:d9:8c:90:a7:4d:40:fd:15:63:27:
                    74:8f:8c:41:fe:ec:97:c4:ac:21:92:6f:5a:eb:8e:
                    46:38:46:b8:77:73:db:a5:a4:4a:b5:f9:1b:90:c6:
                    78:11:95:4b:75:6e:67:2e:62:da:11:4e:e0:2a:b4:
                    d8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3C:FA:DE:6D:E5:E5:C4:8D:D0:2E:13:EA:84:CC:78:74:08:46:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.143.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         03:6b:5b:f8:78:10:e4:27:a5:83:a0:28:73:03:65:26:9a:d5:
         3a:28:e0:46:00:3b:82:15:99:c6:2f:42:5b:14:9f:a8:f3:19:
         01:54:63:c4:37:ae:bc:c7:00:07:d2:b8:94:be:59:36:43:3d:
         d9:26:45:d9:9c:86:3b:ec:1e:99:cf:61:90:20:6f:28:59:77:
         f9:84:32:04:ef:c9:6e:b4:1a:8e:93:63:ab:c9:11:9c:93:65:
         52:71:26:33:7b:c5:a4:58:c9:25:3c:90:c3:9e:98:dc:f3:ab:
         0b:56:4c:49:59:92:48:de:3d:34:94:8b:1f:01:29:02:08:11:
         17:c2:b7:75:e5:77:fd:9f:a7:33:38:70:82:0a:c1:ef:be:30:
         5d:cf:98:5a:c9:c3:e8:66:7e:8c:49:6a:b4:28:d4:7e:53:06:
         01:aa:bf:ea:1f:8e:06:5a:e7:ba:d5:8c:91:d9:06:fc:78:37:
         ff:54:74:c3:f1:1e:cb:f4:45:8c:30:79:1c:9c:28:90:27:62:
         3b:a1:8d:5c:f4:4e:37:ff:60:ed:ad:0d:fa:23:25:2c:21:26:
         dd:82:33:bb:16:0a:cd:89:2d:50:da:29:7c:07:f1:6b:13:cc:
         9f:1c:bb:bb:3a:4c:5b:a3:4e:fb:ac:51:33:36:bd:2a:94:31:
         25:01:04:8a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEmZ+ne6Qjde01vohUJ6rS9ygAiIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMTE3WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMGRiYTlhZjIxZGJlOWFhN2QwYTUyYjk0OTYxZTAzYmUw
OWJhNDg2NGI5ZGNlYzZkYWNiMGQxMjVkY2QxYTcwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxBI6AnRooyKdxvAF32F1obQ/Fi8PPP86I5NHv2oxvuLTx
3tCDpC66UFmFvPsO3MfEL/4qvqXFDDgHG5ns2hKJewIiFG9Y0mN3yyeGO96QhBfH
nSN222VzIaoWNkrDlh1lpwf4r7793QYRwt9e/AzBLd3mo7aiKsJI4K6E29T+w4oz
1EciGoY1GRjMXEbDmhVomkrsRPIyd1vEhEPpgO1CZ0mRgtmOZ2dctXtqLBWAroeQ
aDzeDo/fUekqXNnkOxQeyGv2jim+2YyQp01A/RVjJ3SPjEH+7JfErCGSb1rrjkY4
Rrh3c9ulpEq1+RuQxngRlUt1bmcuYtoRTuAqtNijAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUITz63m3l5cSN0C4T6oTMeHQIRpAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI2NTFiZDMyLWJlMGUtNDdkYi1iNWYzLWFhNWUzMGFkZDBkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeIjwAwDQYJKoZIhvcNAQELBQADggEBAANrW/h4EOQnpYOgKHMDZSaa1Too
4EYAO4IVmcYvQlsUn6jzGQFUY8Q3rrzHAAfSuJS+WTZDPdkmRdmchjvsHpnPYZAg
byhZd/mEMgTvyW60Go6TY6vJEZyTZVJxJjN7xaRYySU8kMOemNzzqwtWTElZkkje
PTSUix8BKQIIERfCt3Xld/2fpzM4cIIKwe++MF3PmFrJw+hmfoxJarQo1H5TBgGq
v+ofjgZa57rVjJHZBvx4N/9UdMPxHsv0RYwweRycKJAnYjuhjVz0Tjf/YO2tDfoj
JSwhJt2CM7sWCs2JLVDaKXwH8WsTzJ8cu7s6TFujTvusUTM2vSqUMSUBBIo=
-----END CERTIFICATE-----