Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa
File:                     497f0d59-c7e7-4604-a259-3494824b7cae.roa (raw, json)
Hash identifier:          2dXX1y8JAXwoKAVKCcFId6kIYHpjzal7YXAnaaNKSm8=
Subject key identifier:   29:00:B2:34:A5:19:EA:A0:B1:FC:FC:BD:BE:01:76:91:4E:59:3E:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0332056B842A0E7646177D5755347E9BCC86AD30
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa
Signing time:             Tue 11 Nov 2025 01:30:09 +0000
ROA not before:           Tue 11 Nov 2025 01:30:09 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.193.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:32:05:6b:84:2a:0e:76:46:17:7d:57:55:34:7e:9b:cc:86:ad:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:30:09 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=3ca78494d5f8d3f23acb492778d5e854d0339910159d3186e8ee569f4935a791, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:73:0d:7a:24:6b:26:e8:f9:d4:d5:21:09:55:
                    13:c6:58:14:41:d6:41:37:15:f3:d8:5f:42:5d:fc:
                    9a:43:21:4e:ee:81:51:72:c8:fa:83:b1:32:9a:00:
                    66:c2:87:dd:5f:b0:cc:cc:0d:c9:05:58:2c:9b:e5:
                    4d:93:b8:36:30:aa:3f:49:5c:26:f7:c3:22:5d:6e:
                    c2:46:06:4f:c1:3c:12:ec:50:49:43:35:21:0f:b6:
                    fd:2c:18:b8:43:85:fe:3b:49:1a:34:72:2f:ba:a6:
                    e6:28:96:c5:ef:90:e3:be:36:94:92:da:7c:2c:79:
                    87:51:80:ed:41:b6:a8:55:fc:13:c2:9d:33:8a:dd:
                    09:ab:e4:de:9f:f2:95:17:44:96:5a:41:17:f6:45:
                    a7:ae:4d:bb:d1:81:c2:5b:d5:dd:b2:92:ea:34:4d:
                    08:a1:b9:9b:7a:50:bb:2e:06:bb:5a:88:15:d2:7f:
                    13:c3:c5:07:cc:d0:4c:7a:d6:aa:39:44:60:c9:8e:
                    26:8b:24:4c:df:55:70:0d:ed:fb:a1:68:26:42:e4:
                    3b:42:f7:71:1d:68:cd:97:4e:54:4a:44:42:2c:d9:
                    20:59:f1:b5:1a:4b:70:46:8d:d4:41:40:12:c7:0d:
                    44:a2:0c:a8:92:3a:01:e0:8a:c9:4c:56:ac:23:c2:
                    4a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:00:B2:34:A5:19:EA:A0:B1:FC:FC:BD:BE:01:76:91:4E:59:3E:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/497f0d59-c7e7-4604-a259-3494824b7cae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.193.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c5:88:c2:24:03:b1:13:bc:3e:6e:86:c8:d9:49:25:cd:56:9f:
         3c:09:0b:7e:bb:ff:a0:98:90:fe:bc:09:0a:36:ef:70:49:42:
         bc:f2:b1:5c:a9:67:19:d4:fa:90:01:ed:c1:c8:c5:60:30:68:
         4d:8e:5b:d1:9d:42:c0:48:ca:eb:5d:40:ca:d5:bf:01:fa:de:
         d0:14:ad:5c:70:80:b9:d0:26:7d:2d:c8:f7:cb:a1:aa:5c:4a:
         8c:55:30:89:b9:29:4c:5b:bf:28:15:d7:78:e2:18:48:ec:14:
         5a:70:bb:f5:05:94:70:ac:b6:03:23:e4:bd:5c:0a:2d:bb:92:
         82:a0:09:17:5a:e4:1f:ab:6a:4f:a6:a1:4b:40:6e:7a:a1:49:
         ae:d2:9e:23:5f:74:0d:9a:9b:15:e8:dc:f8:19:4e:d4:7a:58:
         94:6c:86:28:0b:dc:70:4f:55:f6:52:a6:45:d7:c1:ff:96:6b:
         39:c9:75:a8:09:2d:f0:cc:8b:9f:b7:9c:3d:dc:fe:8f:c2:c2:
         9b:e4:4e:18:65:69:25:81:93:92:b9:99:69:6e:97:af:7c:0f:
         01:05:86:6d:d7:a1:cb:a2:50:4d:a9:6f:aa:0f:d7:ed:8e:9e:
         ee:01:ea:fe:4d:b5:03:a4:60:68:66:a9:7e:a0:df:e9:24:65:
         b5:5a:f3:04
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAzIFa4QqDnZGF31XVTR+m8yGrTAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEzMDA5WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2E3ODQ5NGQ1ZjhkM2YyM2FjYjQ5Mjc3OGQ1ZTg1NGQw
MzM5OTEwMTU5ZDMxODZlOGVlNTY5ZjQ5MzVhNzkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHcw16JGsm6PnU1SEJVRPGWBRB1kE3FfPYX0Jd/JpDIU7u
gVFyyPqDsTKaAGbCh91fsMzMDckFWCyb5U2TuDYwqj9JXCb3wyJdbsJGBk/BPBLs
UElDNSEPtv0sGLhDhf47SRo0ci+6puYolsXvkOO+NpSS2nwseYdRgO1BtqhV/BPC
nTOK3Qmr5N6f8pUXRJZaQRf2RaeuTbvRgcJb1d2ykuo0TQihuZt6ULsuBrtaiBXS
fxPDxQfM0Ex61qo5RGDJjiaLJEzfVXAN7fuhaCZC5DtC93EdaM2XTlRKREIs2SBZ
8bUaS3BGjdRBQBLHDUSiDKiSOgHgislMVqwjwkqBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKQCyNKUZ6qCx/Py9vgF2kU5ZPuwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5N2YwZDU5LWM3ZTctNDYwNC1hMjU5LTM0OTQ4MjRiN2NhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwChwTANBgkqhkiG9w0BAQsFAAOCAQEAxYjCJAOxE7w+bobI2UklzVafPAkL
frv/oJiQ/rwJCjbvcElCvPKxXKlnGdT6kAHtwcjFYDBoTY5b0Z1CwEjK611AytW/
Afre0BStXHCAudAmfS3I98uhqlxKjFUwibkpTFu/KBXXeOIYSOwUWnC79QWUcKy2
AyPkvVwKLbuSgqAJF1rkH6tqT6ahS0BueqFJrtKeI190DZqbFejc+BlO1HpYlGyG
KAvccE9V9lKmRdfB/5ZrOcl1qAkt8MyLn7ecPdz+j8LCm+ROGGVpJYGTkrmZaW6X
r3wPAQWGbdehy6JQTalvqg/X7Y6e7gHq/k21A6RgaGapfqDf6SRltVrzBA==
-----END CERTIFICATE-----