Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54dba2ae-fa55-448d-8286-0b2647236884.roa
File:                     54dba2ae-fa55-448d-8286-0b2647236884.roa (raw, json)
Hash identifier:          oA3+D8mjyYDNeqszz+JOaYpSrOR3aQeZyzXXVAojgMI=
Subject key identifier:   D9:6A:60:4F:88:A7:3D:06:9D:F6:A3:73:B3:C3:8B:8A:9B:68:E2:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B58DC18B9C8C966CEF698243873978F3BEF5D1F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54dba2ae-fa55-448d-8286-0b2647236884.roa
Signing time:             Tue 11 Nov 2025 02:20:48 +0000
ROA not before:           Tue 11 Nov 2025 02:20:48 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        164.152.168.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:58:dc:18:b9:c8:c9:66:ce:f6:98:24:38:73:97:8f:3b:ef:5d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:20:48 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=91f5ce4d6693509051c391a0f58114d4cb390d979cd46b4cbc47bb025e6e2d97, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4b:ba:2a:ab:76:d8:5b:77:b2:4d:dd:de:8d:
                    96:b3:77:af:97:e0:1d:e3:2c:85:e6:8f:fa:e6:ae:
                    9e:39:f9:11:5a:2a:48:42:24:b3:32:9e:58:1f:29:
                    9d:d7:fd:cf:c7:0d:01:22:ef:7a:5c:ee:1a:7f:69:
                    66:3e:4a:c8:3c:62:62:3c:cc:dd:3d:11:28:97:05:
                    3b:ef:50:6d:aa:a2:3c:5c:d5:17:e6:ce:4a:94:fd:
                    06:e0:0e:45:a6:54:87:ee:a4:1f:d4:b6:a7:0c:ba:
                    c8:1c:be:af:45:de:3a:91:29:4e:e6:08:3b:66:c2:
                    94:97:13:f0:04:21:77:0e:51:c2:fe:be:88:15:58:
                    6c:0a:1a:1a:27:56:b2:28:05:ed:5f:88:1e:a9:1d:
                    8b:62:eb:10:2b:a2:ca:21:b1:57:97:c2:66:27:ff:
                    77:87:36:f4:54:8a:5a:ad:ca:17:52:e3:5a:f4:66:
                    0c:9f:4e:62:39:00:3e:4d:17:6f:ba:d2:36:28:6a:
                    bd:d6:3e:cf:5c:86:f6:e3:ab:61:8c:f1:6a:50:09:
                    18:c0:e2:d8:85:b9:a5:d2:d6:aa:4d:e1:c5:bd:91:
                    cf:4e:81:80:5e:b9:75:82:15:1c:9c:54:51:d2:f4:
                    c4:a8:8c:0b:2c:73:89:12:5c:66:9e:ad:82:2e:6d:
                    c2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:6A:60:4F:88:A7:3D:06:9D:F6:A3:73:B3:C3:8B:8A:9B:68:E2:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54dba2ae-fa55-448d-8286-0b2647236884.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d0:1e:9a:1b:91:9c:92:03:03:63:7f:c1:69:d9:36:8b:64:df:
         01:47:c0:5d:d8:b6:51:f2:c7:6e:6d:05:1a:27:22:33:2c:8e:
         65:75:6b:6b:ad:78:33:15:49:17:10:39:ce:b0:7b:19:a7:47:
         33:41:55:1d:b3:6b:bd:44:f4:1f:52:9d:9c:87:d8:75:31:c6:
         5e:7f:11:94:86:0c:ca:53:7b:96:a0:ea:5d:2c:c1:d1:28:7b:
         73:33:c6:44:14:a7:67:58:7b:d5:b3:a5:69:99:bb:2e:a3:c3:
         0d:2a:ea:ff:79:0e:46:ea:a2:6b:3a:08:af:53:92:1b:2b:f8:
         5e:da:3e:13:49:be:bf:91:0e:4e:f5:c8:ea:19:e8:bd:f1:4f:
         d5:ab:9b:a2:af:d7:0c:81:5b:10:37:80:89:dd:c3:fd:29:88:
         ea:9a:3c:ef:9e:cf:be:76:c4:4b:ef:b6:ea:08:57:30:04:18:
         bd:99:0a:bb:4b:a6:3d:f9:16:e0:86:db:11:57:df:18:2b:71:
         4a:0e:cb:97:51:95:59:7a:53:78:25:78:66:1b:aa:a9:d4:05:
         f2:60:0e:aa:be:cb:5e:b6:92:8d:f7:8a:a0:7b:30:83:81:ee:
         27:77:09:ab:bc:26:ba:d7:46:67:ce:43:d2:a4:54:f1:da:ac:
         ee:dd:dc:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW1jcGLnIyWbO9pgkOHOXjzvvXR8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIyMDQ4WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MWY1Y2U0ZDY2OTM1MDkwNTFjMzkxYTBmNTgxMTRkNGNi
MzkwZDk3OWNkNDZiNGNiYzQ3YmIwMjVlNmUyZDk3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4S7oqq3bYW3eyTd3ejZazd6+X4B3jLIXmj/rmrp45+RFa
KkhCJLMynlgfKZ3X/c/HDQEi73pc7hp/aWY+Ssg8YmI8zN09ESiXBTvvUG2qojxc
1RfmzkqU/QbgDkWmVIfupB/UtqcMusgcvq9F3jqRKU7mCDtmwpSXE/AEIXcOUcL+
vogVWGwKGhonVrIoBe1fiB6pHYti6xArosohsVeXwmYn/3eHNvRUilqtyhdS41r0
ZgyfTmI5AD5NF2+60jYoar3WPs9chvbjq2GM8WpQCRjA4tiFuaXS1qpN4cW9kc9O
gYBeuXWCFRycVFHS9MSojAssc4kSXGaerYIubcK9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2WpgT4inPQad9qNzs8OLipto4q0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0ZGJhMmFlLWZhNTUtNDQ4ZC04Mjg2LTBiMjY0NzIzNjg4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOkmKgwDQYJKoZIhvcNAQELBQADggEBANAemhuRnJIDA2N/wWnZNotk3wFH
wF3YtlHyx25tBRonIjMsjmV1a2uteDMVSRcQOc6wexmnRzNBVR2za71E9B9SnZyH
2HUxxl5/EZSGDMpTe5ag6l0swdEoe3MzxkQUp2dYe9WzpWmZuy6jww0q6v95Dkbq
oms6CK9Tkhsr+F7aPhNJvr+RDk71yOoZ6L3xT9Wrm6Kv1wyBWxA3gIndw/0piOqa
PO+ez752xEvvtuoIVzAEGL2ZCrtLpj35FuCG2xFX3xgrcUoOy5dRlVl6U3gleGYb
qqnUBfJgDqq+y162ko33iqB7MIOB7id3Cau8JrrXRmfOQ9KkVPHarO7d3PA=
-----END CERTIFICATE-----