Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa
File:                     436af8e8-480b-485b-a232-f1503410322c.roa (raw, json)
Hash identifier:          K84PIjXnhmAgNgfHdp3Xeo7FP+9FHFu3f487gx01Zxc=
Subject key identifier:   A9:44:97:51:D2:AB:9C:DB:24:2A:61:81:92:60:B0:E2:3D:07:86:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04F67947C9AEFFDE3593F1A937DE175E2BF0FC06
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa
Signing time:             Tue 11 Nov 2025 01:10:11 +0000
ROA not before:           Tue 11 Nov 2025 01:10:11 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.20.128.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f6:79:47:c9:ae:ff:de:35:93:f1:a9:37:de:17:5e:2b:f0:fc:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:10:11 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=a3ce98d1be2b98f1d19ac6983a1938a626f225eee48eb1f00eb6eccc494ed38c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d6:e1:31:ad:19:a7:2c:c6:a9:bc:5b:e6:a7:
                    ef:c8:52:73:b8:64:ed:29:85:8e:ab:80:a7:2b:55:
                    e9:85:77:86:d4:e5:34:65:0c:96:51:ae:3d:3e:b7:
                    3b:9b:30:52:1f:62:b2:18:66:be:ce:89:2d:e7:83:
                    f8:f4:e3:69:72:1c:5a:54:db:91:3f:1a:1c:9b:05:
                    ed:2f:b5:55:3f:c9:3c:68:34:99:d8:af:37:7c:d9:
                    28:cf:af:42:4e:c1:43:27:db:11:96:c0:b5:ef:99:
                    9d:b2:f3:a1:60:4c:23:31:76:d9:4a:53:66:5e:34:
                    e9:e1:c4:24:36:24:2e:14:50:fa:e5:23:72:28:88:
                    28:ee:37:3a:07:0b:8e:ba:a2:5a:73:9f:ce:62:8c:
                    ea:0f:06:68:78:f4:a5:6c:48:21:61:33:10:da:61:
                    4d:b1:ce:d5:34:db:cf:fd:4d:df:f9:52:96:18:21:
                    2a:be:3a:05:d1:c6:7a:48:6b:fc:17:ab:b7:05:ff:
                    c2:b5:af:65:44:d3:4e:6d:c9:cc:b2:2e:91:09:ec:
                    fa:d0:1b:f0:e8:59:a0:92:cd:ce:8e:05:44:e2:27:
                    c1:ea:7b:27:6e:65:86:c6:38:97:c0:1d:1d:25:46:
                    9f:4c:22:28:fa:05:92:d3:68:76:e1:cc:d9:67:9e:
                    3d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:44:97:51:D2:AB:9C:DB:24:2A:61:81:92:60:B0:E2:3D:07:86:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.20.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:ed:89:e7:9b:7c:be:0c:ae:d7:98:5e:33:45:8f:39:54:82:
         70:f0:8d:d6:6e:10:7c:4a:a8:28:08:8f:2d:dd:e2:7e:7a:3d:
         a6:c8:6d:37:33:34:dc:d8:26:42:23:75:ea:62:69:5e:f0:33:
         cf:fe:0b:fd:4e:35:a5:57:17:a7:3d:7d:53:7b:44:2c:78:0b:
         7f:19:04:0e:4d:12:b8:05:92:68:5b:3b:f1:3d:91:0e:d8:34:
         86:bb:97:86:ad:26:d6:70:ab:87:7b:19:21:34:25:1e:c9:e3:
         f8:ec:43:9d:59:00:fc:31:92:c4:7d:9c:a0:60:87:50:ca:2b:
         a0:47:b9:68:1b:11:6a:76:a7:b7:6e:b5:90:69:f6:28:94:aa:
         60:ea:10:1e:21:10:8f:08:14:3f:cb:e8:bb:f8:08:75:cc:34:
         bc:0e:e0:d5:55:6e:fd:90:cd:38:ae:f2:3b:47:d7:5e:2e:44:
         70:f4:dc:99:f1:b0:54:38:a9:8b:af:7d:e8:dc:5f:a7:da:3b:
         e2:c7:50:fb:d6:c0:77:64:54:31:c9:b4:bb:ef:1f:9d:cf:51:
         ae:48:56:f6:8d:89:9e:5a:05:16:c8:cf:a7:df:59:c2:cb:3a:
         fe:e3:62:bf:7e:62:a0:2f:02:4a:8b:10:37:04:b3:24:e7:45:
         a8:0a:46:8c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBPZ5R8mu/941k/GpN94XXivw/AYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDExMDExWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2NlOThkMWJlMmI5OGYxZDE5YWM2OTgzYTE5MzhhNjI2
ZjIyNWVlZTQ4ZWIxZjAwZWI2ZWNjYzQ5NGVkMzhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE1uExrRmnLMapvFvmp+/IUnO4ZO0phY6rgKcrVemFd4bU
5TRlDJZRrj0+tzubMFIfYrIYZr7OiS3ng/j042lyHFpU25E/GhybBe0vtVU/yTxo
NJnYrzd82SjPr0JOwUMn2xGWwLXvmZ2y86FgTCMxdtlKU2ZeNOnhxCQ2JC4UUPrl
I3IoiCjuNzoHC466olpzn85ijOoPBmh49KVsSCFhMxDaYU2xztU028/9Td/5UpYY
ISq+OgXRxnpIa/wXq7cF/8K1r2VE005tycyyLpEJ7PrQG/DoWaCSzc6OBUTiJ8Hq
eyduZYbGOJfAHR0lRp9MIij6BZLTaHbhzNlnnj39AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqUSXUdKrnNskKmGBkmCw4j0HhoYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNmFmOGU4LTQ4MGItNDg1Yi1hMjMyLWYxNTAzNDEwMzIyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFIAwDQYJKoZIhvcNAQELBQADggEBADjtieebfL4MrteYXjNFjzlUgnDw
jdZuEHxKqCgIjy3d4n56PabIbTczNNzYJkIjdepiaV7wM8/+C/1ONaVXF6c9fVN7
RCx4C38ZBA5NErgFkmhbO/E9kQ7YNIa7l4atJtZwq4d7GSE0JR7J4/jsQ51ZAPwx
ksR9nKBgh1DKK6BHuWgbEWp2p7dutZBp9iiUqmDqEB4hEI8IFD/L6Lv4CHXMNLwO
4NVVbv2QzTiu8jtH114uRHD03JnxsFQ4qYuvfejcX6faO+LHUPvWwHdkVDHJtLvv
H53PUa5IVvaNiZ5aBRbIz6ffWcLLOv7jYr9+YqAvAkqLEDcEsyTnRagKRow=
-----END CERTIFICATE-----