Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/37621c40-d9ed-4041-a8bb-b981309da27f.roa
File:                     37621c40-d9ed-4041-a8bb-b981309da27f.roa (raw, json)
Hash identifier:          8iC/0iG1c2BBwwRRpgU7fVQAvLNjtcpbzwdwKl4d2TQ=
Subject key identifier:   60:16:82:1B:0C:A8:EA:51:25:85:55:5D:00:EA:49:AF:F1:35:89:5A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01FE1EF127FDAA009ED35C8DB61AF731EDFC5989
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/37621c40-d9ed-4041-a8bb-b981309da27f.roa
Signing time:             Tue 11 Nov 2025 00:30:14 +0000
ROA not before:           Tue 11 Nov 2025 00:30:14 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.20.0.0/14 maxlen: 14
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:fe:1e:f1:27:fd:aa:00:9e:d3:5c:8d:b6:1a:f7:31:ed:fc:59:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:30:14 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=aedbbee5767ff4768f920eacc3eedd24df46f98735ed6db2f4ba46b9b42bf573, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2f:58:e9:30:c7:f4:49:56:a5:1d:03:a0:68:
                    03:4a:1c:7c:ae:42:c1:36:28:81:b8:3b:97:f7:5f:
                    2b:b5:0f:44:c2:f6:2b:a7:3e:7a:1b:89:73:99:ed:
                    bc:5f:b2:12:11:2e:3a:4e:75:62:c2:1d:fa:ec:5c:
                    d9:61:34:15:a6:ef:80:77:39:01:29:5c:52:eb:8e:
                    02:06:38:89:ea:a9:7a:8c:04:bb:9b:59:d9:bd:ca:
                    a7:b0:ed:96:f8:03:0e:0b:33:33:1e:1c:c5:e6:7c:
                    e2:3f:ab:5d:3e:37:8e:48:90:b7:da:95:61:fc:fb:
                    e6:95:ce:38:0b:b5:29:a7:50:4a:1f:22:ef:d0:08:
                    0c:b9:06:06:a9:ea:e2:e7:08:3f:01:43:97:a5:7b:
                    b1:70:28:c2:7f:70:b6:6e:28:14:f7:87:60:7b:36:
                    b7:2b:6d:13:1d:ac:75:1c:97:26:64:de:4f:50:00:
                    af:df:c8:34:90:ea:fb:1b:db:d5:e0:e5:1e:16:b4:
                    89:f1:85:06:62:49:07:94:fa:e0:9b:98:9a:06:a7:
                    6c:31:a8:f1:d4:43:9f:0f:af:d3:35:32:fc:6d:32:
                    fa:d5:7b:c7:b4:bf:cc:4f:bd:67:71:0c:df:10:ab:
                    90:96:9e:5b:37:3a:a2:9f:8a:45:c1:5c:14:b0:cc:
                    fe:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:16:82:1B:0C:A8:EA:51:25:85:55:5D:00:EA:49:AF:F1:35:89:5A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/37621c40-d9ed-4041-a8bb-b981309da27f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.20.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         21:c5:16:c1:4b:cf:2e:df:38:0b:dc:8b:0f:c9:a7:70:a6:78:
         09:9f:c1:f9:39:f7:2d:de:e4:dd:f7:7e:4c:58:9f:f1:b4:c0:
         73:f7:bf:2c:c6:7c:a9:fe:ac:a2:9b:5f:49:fd:b2:ef:a8:3c:
         4e:d4:1d:0a:e9:9a:6a:e0:fc:a5:41:b4:f5:d5:10:ac:96:25:
         f1:93:5d:f4:b2:1f:3f:a9:15:38:32:13:11:58:0f:3e:c9:ba:
         f1:6f:00:53:46:0b:e8:f4:eb:e1:58:5d:2b:39:55:52:c5:d1:
         24:76:01:40:c1:d7:a5:e2:b2:72:d9:a8:30:17:48:b6:f1:87:
         56:34:c9:8a:62:3a:03:c1:eb:e9:7d:52:7e:e2:50:a7:d3:8b:
         77:d3:83:6c:5b:7c:dc:97:c1:41:51:0e:96:60:32:be:37:6c:
         2a:9c:18:0b:ae:a5:34:1d:84:3e:cf:49:4a:25:d6:5f:ee:73:
         5d:1e:1f:c2:81:ac:89:2a:52:e1:fb:0c:30:b4:09:a7:70:35:
         5c:d2:83:fe:3b:ed:cf:99:74:50:56:ce:ca:35:24:1b:bb:02:
         98:01:06:21:63:7d:74:ec:49:1c:bb:bd:be:e7:74:c5:b3:3d:
         ff:99:43:02:16:8d:30:fd:59:ee:bf:15:a8:21:d9:45:de:9e:
         bc:82:d4:f8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAf4e8Sf9qgCe01yNthr3Me38WYkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDAzMDE0WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZWRiYmVlNTc2N2ZmNDc2OGY5MjBlYWNjM2VlZGQyNGRm
NDZmOTg3MzVlZDZkYjJmNGJhNDZiOWI0MmJmNTczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaL1jpMMf0SValHQOgaANKHHyuQsE2KIG4O5f3Xyu1D0TC
9iunPnobiXOZ7bxfshIRLjpOdWLCHfrsXNlhNBWm74B3OQEpXFLrjgIGOInqqXqM
BLubWdm9yqew7Zb4Aw4LMzMeHMXmfOI/q10+N45IkLfalWH8++aVzjgLtSmnUEof
Iu/QCAy5Bgap6uLnCD8BQ5ele7FwKMJ/cLZuKBT3h2B7NrcrbRMdrHUclyZk3k9Q
AK/fyDSQ6vsb29Xg5R4WtInxhQZiSQeU+uCbmJoGp2wxqPHUQ58Pr9M1MvxtMvrV
e8e0v8xPvWdxDN8Qq5CWnls3OqKfikXBXBSwzP5RAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYBaCGwyo6lElhVVdAOpJr/E1iVowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM3NjIxYzQwLWQ5ZWQtNDA0MS1hOGJiLWI5ODEzMDlkYTI3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwJrFDANBgkqhkiG9w0BAQsFAAOCAQEAIcUWwUvPLt84C9yLD8mncKZ4CZ/B
+Tn3Ld7k3fd+TFif8bTAc/e/LMZ8qf6soptfSf2y76g8TtQdCumaauD8pUG09dUQ
rJYl8ZNd9LIfP6kVODITEVgPPsm68W8AU0YL6PTr4VhdKzlVUsXRJHYBQMHXpeKy
ctmoMBdItvGHVjTJimI6A8Hr6X1SfuJQp9OLd9ODbFt83JfBQVEOlmAyvjdsKpwY
C66lNB2EPs9JSiXWX+5zXR4fwoGsiSpS4fsMMLQJp3A1XNKD/jvtz5l0UFbOyjUk
G7sCmAEGIWN9dOxJHLu9vud0xbM9/5lDAhaNMP1Z7r8VqCHZRd6evILU+A==
-----END CERTIFICATE-----