Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28e99bad-a528-4237-a91b-521965de6b64.roa
File:                     28e99bad-a528-4237-a91b-521965de6b64.roa (raw, json)
Hash identifier:          MYtbcl/VB8PvuzXXJrfsQKJgQRb6nRRdm0MtyxQlEEc=
Subject key identifier:   2D:43:C8:8D:0B:4A:A7:1A:19:4F:8F:C8:B9:3F:F7:A0:19:CF:48:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1866722F21AC89F64288919CA41D924B4C3B0372
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28e99bad-a528-4237-a91b-521965de6b64.roa
Signing time:             Sun 16 Nov 2025 00:31:45 +0000
ROA not before:           Sun 16 Nov 2025 00:31:45 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        168.191.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:66:72:2f:21:ac:89:f6:42:88:91:9c:a4:1d:92:4b:4c:3b:03:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:31:45 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=5bd86da9b2a6fd74d063f334be97c1185c996bfb89d49c3b0c06ad23eea40a35, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5b:ca:9c:bd:d3:20:40:45:83:e3:40:4d:f4:
                    35:68:ae:f1:33:8d:a2:26:38:a0:5a:af:04:ae:c5:
                    18:c2:d6:9b:24:85:ed:27:f1:35:59:fe:f9:25:ae:
                    7f:8f:e5:d0:39:1a:bd:b5:42:a4:e0:29:ee:35:33:
                    03:13:bb:fa:d4:81:a2:dc:8d:49:33:fd:be:27:94:
                    d9:4d:b2:10:69:6f:45:c1:82:13:55:34:8f:14:c9:
                    80:7d:b5:25:e2:91:93:03:5d:3c:bc:fa:ee:fa:b1:
                    3a:8c:99:fb:28:e8:1c:33:ea:7b:22:3f:2f:00:d5:
                    b4:a5:c9:f7:84:7c:a3:2f:2c:18:46:6b:31:fc:76:
                    ef:e4:0d:f2:75:6e:fc:60:4f:d4:cd:47:bf:36:b6:
                    35:3b:f8:46:0c:30:dc:c1:aa:a3:6c:6a:6a:7b:bf:
                    e1:37:03:b8:0c:ce:58:94:9b:d2:ce:fd:af:6c:c7:
                    08:f9:7b:aa:b0:42:51:91:62:38:32:83:c0:f1:06:
                    c4:e8:2d:1a:9b:d6:ff:9d:4b:88:86:20:ed:99:40:
                    18:64:6b:f5:cb:05:70:c4:e7:be:23:df:fd:d6:b3:
                    28:17:be:6d:42:40:d0:e3:1c:cd:89:16:01:95:1d:
                    33:2a:73:f2:af:1d:89:83:78:3d:28:d9:00:d3:9a:
                    62:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:43:C8:8D:0B:4A:A7:1A:19:4F:8F:C8:B9:3F:F7:A0:19:CF:48:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28e99bad-a528-4237-a91b-521965de6b64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.191.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d4:78:6c:2d:cb:fe:17:cb:cf:cd:18:06:d3:32:c2:49:4f:27:
         e1:69:8b:36:5d:77:d5:b2:4f:b1:0e:f7:23:50:7d:49:13:b3:
         cf:e4:26:e2:3e:55:29:fe:c0:db:e5:bc:2e:4d:47:8d:42:cd:
         92:41:d2:76:d6:d5:b0:4e:ed:63:ac:16:c5:52:cd:f5:4d:83:
         18:23:99:c0:f0:b4:c2:86:03:8a:ee:e9:11:ba:06:a1:bc:4c:
         ad:cd:55:34:d5:71:83:3d:71:d9:bb:20:19:27:81:fb:2e:f6:
         b4:45:f4:d1:09:14:bd:1a:c0:13:c4:06:63:3b:e2:88:6c:21:
         ce:1a:64:42:29:9b:0b:87:04:07:8d:f6:90:47:3f:25:bf:ec:
         85:f4:77:55:80:6a:27:83:76:d6:b0:e3:d2:e9:a4:9f:32:00:
         28:4a:39:d7:0a:e3:6e:50:23:d3:77:8b:05:e4:c2:eb:bb:c8:
         77:73:d4:6b:4a:9d:28:db:bb:5a:23:2d:0b:34:ee:71:bf:42:
         88:b0:2b:aa:32:65:62:ee:22:8a:d1:81:cb:50:5f:7c:78:89:
         bc:3e:62:39:99:75:75:06:b4:2b:f8:44:54:e9:97:1e:98:41:
         32:fc:3c:02:da:bc:f9:ee:19:b1:90:34:24:d9:24:6a:05:98:
         c6:79:c6:fb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGGZyLyGsifZCiJGcpB2SS0w7A3IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMTQ1WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YmQ4NmRhOWIyYTZmZDc0ZDA2M2YzMzRiZTk3YzExODVj
OTk2YmZiODlkNDljM2IwYzA2YWQyM2VlYTQwYTM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJW8qcvdMgQEWD40BN9DVorvEzjaImOKBarwSuxRjC1psk
he0n8TVZ/vklrn+P5dA5Gr21QqTgKe41MwMTu/rUgaLcjUkz/b4nlNlNshBpb0XB
ghNVNI8UyYB9tSXikZMDXTy8+u76sTqMmfso6Bwz6nsiPy8A1bSlyfeEfKMvLBhG
azH8du/kDfJ1bvxgT9TNR782tjU7+EYMMNzBqqNsamp7v+E3A7gMzliUm9LO/a9s
xwj5e6qwQlGRYjgyg8DxBsToLRqb1v+dS4iGIO2ZQBhka/XLBXDE574j3/3WsygX
vm1CQNDjHM2JFgGVHTMqc/KvHYmDeD0o2QDTmmLzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULUPIjQtKpxoZT4/IuT/3oBnPSNcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4ZTk5YmFkLWE1MjgtNDIzNy1hOTFiLTUyMTk2NWRlNmI2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCovzANBgkqhkiG9w0BAQsFAAOCAQEA1HhsLcv+F8vPzRgG0zLCSU8n4WmL
Nl131bJPsQ73I1B9SROzz+Qm4j5VKf7A2+W8Lk1HjULNkkHSdtbVsE7tY6wWxVLN
9U2DGCOZwPC0woYDiu7pEboGobxMrc1VNNVxgz1x2bsgGSeB+y72tEX00QkUvRrA
E8QGYzviiGwhzhpkQimbC4cEB432kEc/Jb/shfR3VYBqJ4N21rDj0umknzIAKEo5
1wrjblAj03eLBeTC67vId3PUa0qdKNu7WiMtCzTucb9CiLArqjJlYu4iitGBy1Bf
fHiJvD5iOZl1dQa0K/hEVOmXHphBMvw8Atq8+e4ZsZA0JNkkagWYxnnG+w==
-----END CERTIFICATE-----