Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49d51f42-2ffc-4217-9e32-f46cec71a85a.roa
File:                     49d51f42-2ffc-4217-9e32-f46cec71a85a.roa (raw, json)
Hash identifier:          bzdO03im6NPcXcKM5Lx3QCZX++7ALDmXSMUs7Q4h8P0=
Subject key identifier:   60:32:44:9C:84:F1:5A:84:FA:42:B0:30:C9:72:09:16:50:80:6C:DD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       700C8A7A54CFE04BA189A7A56F60569482D26A2F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49d51f42-2ffc-4217-9e32-f46cec71a85a.roa
Signing time:             Sun 16 Nov 2025 00:31:12 +0000
ROA not before:           Sun 16 Nov 2025 00:31:12 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.35.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:0c:8a:7a:54:cf:e0:4b:a1:89:a7:a5:6f:60:56:94:82:d2:6a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:31:12 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=08d4fd894f45f63353d81446aa37ce4a6e67b00d30b2af13d837e5e4a48df740, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:19:1c:81:1b:3d:7e:68:48:44:d7:86:85:90:
                    82:aa:1d:7f:6c:8c:26:24:75:60:4e:7a:0d:ba:01:
                    6b:86:fe:9b:06:80:76:e9:bc:06:02:52:86:83:a5:
                    ff:c0:47:47:e1:d8:c9:62:ad:85:96:36:2f:f2:a0:
                    49:db:2f:36:a3:b2:0a:c9:af:f0:46:6a:21:0f:78:
                    5e:82:01:28:0d:b2:b3:54:65:88:d3:9b:7e:5f:33:
                    f9:f7:00:7d:12:fd:52:43:91:b0:76:45:ab:e3:50:
                    53:74:28:3a:59:5f:d3:76:3a:ab:57:b1:15:41:ed:
                    80:df:49:8f:d9:9b:cb:9f:05:19:13:2b:d2:d9:70:
                    a2:b9:50:8c:18:b7:03:94:47:7f:44:2c:43:db:2d:
                    86:17:87:eb:dc:38:21:4d:1f:f2:6e:3c:59:8a:2e:
                    c9:ac:f9:82:bb:49:89:5c:49:54:7c:1c:93:2a:8c:
                    f4:ce:dd:1a:89:ec:71:a6:de:09:4d:05:d4:ac:bf:
                    46:ed:33:45:92:22:d8:c7:3c:c3:fd:b0:fd:97:51:
                    7b:4a:83:63:b7:7e:79:95:70:fa:32:46:c5:5d:84:
                    2b:81:41:38:19:2c:58:19:90:60:40:1b:94:c8:0c:
                    31:8c:45:b9:4d:09:8f:da:c6:58:e5:20:ba:5f:a8:
                    1c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:32:44:9C:84:F1:5A:84:FA:42:B0:30:C9:72:09:16:50:80:6C:DD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49d51f42-2ffc-4217-9e32-f46cec71a85a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3a:38:e8:ff:3e:d3:cc:cb:7c:2f:de:9d:de:ec:dc:96:16:b1:
         6c:1b:33:b6:16:cb:cb:88:05:e8:c5:79:81:43:12:e8:bc:08:
         02:77:ff:69:18:9e:7d:85:11:9f:d5:37:ae:0a:b7:94:32:23:
         a3:31:78:e4:0f:b3:12:24:bb:1d:74:f8:9f:d4:6a:d9:67:f3:
         92:79:b3:0c:ff:37:67:92:0e:39:63:03:36:5f:d7:4d:5d:fc:
         ac:90:be:df:aa:51:9e:a9:62:d1:5c:3d:b6:60:eb:71:83:a8:
         b3:8d:7f:dd:15:10:a2:ee:da:63:af:f5:e5:d7:4b:8f:ea:cc:
         fe:0f:6c:2b:12:1d:0a:9d:c3:ca:4a:14:90:81:1a:99:7e:05:
         ab:3c:ad:c4:a7:99:49:2b:bd:d1:fa:86:af:7f:81:db:12:46:
         d2:bf:6c:7a:fc:d7:b5:be:5c:0b:95:c3:3e:51:a9:c2:31:e8:
         8e:21:3b:4d:2d:a8:bf:be:e0:27:72:e4:2e:40:02:d0:85:02:
         ec:17:65:d8:de:0b:46:66:bb:4a:f6:f0:a6:42:cd:b6:e0:fd:
         c0:79:83:66:91:02:95:d8:bb:2f:49:6e:06:75:1f:59:16:0d:
         70:23:c2:09:56:e3:2f:f7:84:b1:54:89:69:c0:a4:f8:c6:9c:
         bf:2f:09:23
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcAyKelTP4Euhiaelb2BWlILSai8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMTEyWhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwOGQ0ZmQ4OTRmNDVmNjMzNTNkODE0NDZhYTM3Y2U0YTZl
NjdiMDBkMzBiMmFmMTNkODM3ZTVlNGE0OGRmNzQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1GRyBGz1+aEhE14aFkIKqHX9sjCYkdWBOeg26AWuG/psG
gHbpvAYCUoaDpf/AR0fh2MlirYWWNi/yoEnbLzajsgrJr/BGaiEPeF6CASgNsrNU
ZYjTm35fM/n3AH0S/VJDkbB2RavjUFN0KDpZX9N2OqtXsRVB7YDfSY/Zm8ufBRkT
K9LZcKK5UIwYtwOUR39ELEPbLYYXh+vcOCFNH/JuPFmKLsms+YK7SYlcSVR8HJMq
jPTO3RqJ7HGm3glNBdSsv0btM0WSItjHPMP9sP2XUXtKg2O3fnmVcPoyRsVdhCuB
QTgZLFgZkGBAG5TIDDGMRblNCY/axljlILpfqBxjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYDJEnITxWoT6QrAwyXIJFlCAbN0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5ZDUxZjQyLTJmZmMtNDIxNy05ZTMyLWY0NmNlYzcxYTg1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjIzANBgkqhkiG9w0BAQsFAAOCAQEAOjjo/z7TzMt8L96d3uzclhaxbBsz
thbLy4gF6MV5gUMS6LwIAnf/aRiefYURn9U3rgq3lDIjozF45A+zEiS7HXT4n9Rq
2WfzknmzDP83Z5IOOWMDNl/XTV38rJC+36pRnqli0Vw9tmDrcYOos41/3RUQou7a
Y6/15ddLj+rM/g9sKxIdCp3DykoUkIEamX4FqzytxKeZSSu90fqGr3+B2xJG0r9s
evzXtb5cC5XDPlGpwjHojiE7TS2ov77gJ3LkLkAC0IUC7Bdl2N4LRma7SvbwpkLN
tuD9wHmDZpECldi7L0luBnUfWRYNcCPCCVbjL/eEsVSJacCk+Macvy8JIw==
-----END CERTIFICATE-----