Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54f4f5bc-30c7-4d20-a9b4-b39626f30e78.roa
File:                     54f4f5bc-30c7-4d20-a9b4-b39626f30e78.roa (raw, json)
Hash identifier:          AjzWiUQKM4GTUU8pH3a+ljmilce3nmGH79gEZ6JpJb4=
Subject key identifier:   3D:33:A2:36:2B:9D:AF:29:45:67:F6:E3:4E:D2:F5:67:28:50:1C:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       356BC4DD92C547F69383A8F3297C9A479500D5DA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54f4f5bc-30c7-4d20-a9b4-b39626f30e78.roa
Signing time:             Tue 18 Nov 2025 00:11:40 +0000
ROA not before:           Tue 18 Nov 2025 00:11:40 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        138.52.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:6b:c4:dd:92:c5:47:f6:93:83:a8:f3:29:7c:9a:47:95:00:d5:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:11:40 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=d7062d430cf946a0cc9c376a9d7cbc7870737a4c3ed50e29f5eb215358f0664c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fc:b5:40:55:e7:42:22:5e:b2:ec:96:97:ea:
                    a1:62:4c:9c:57:77:3c:ac:55:bc:89:7c:6d:be:cf:
                    24:97:c5:c8:a0:8a:83:cc:5b:c0:17:3e:f6:42:5b:
                    60:ac:1a:3a:2d:c3:8b:33:2b:7d:fc:1f:7c:7d:c4:
                    39:45:a3:a2:34:f6:94:43:4f:81:85:79:87:b2:9e:
                    2b:6d:3b:24:04:83:d4:35:a4:87:3e:1c:dd:71:a8:
                    6d:0c:d6:08:32:75:e7:47:bb:15:82:72:27:e7:08:
                    de:5d:64:f5:35:07:0d:ba:9d:41:0f:bf:c7:50:30:
                    59:c3:bd:14:84:e0:9c:52:66:9c:c6:44:c1:80:66:
                    26:2c:76:dd:39:b0:7e:43:30:c4:f0:2d:64:08:d0:
                    0c:ca:ea:e5:f9:34:4a:75:34:49:a9:79:15:5b:0c:
                    a2:03:a6:c0:af:3c:a2:05:06:8e:da:ed:aa:8e:41:
                    ba:59:ca:c4:7b:73:73:43:86:c7:de:bb:30:2c:51:
                    20:53:bf:0d:c1:2c:d0:12:54:25:3b:0a:56:97:40:
                    b7:e6:62:da:6d:c2:99:46:b6:63:94:1e:7c:ed:21:
                    63:b7:9f:4b:73:d4:69:30:53:10:b4:e1:c5:86:eb:
                    56:75:4c:39:ad:2e:13:10:e0:9b:d9:6e:13:51:f7:
                    01:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:33:A2:36:2B:9D:AF:29:45:67:F6:E3:4E:D2:F5:67:28:50:1C:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54f4f5bc-30c7-4d20-a9b4-b39626f30e78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.52.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9f:e8:0f:bd:3d:c3:80:e2:17:3c:49:d4:9d:f0:e1:a5:55:44:
         7c:98:de:80:3b:fe:ee:6c:26:f6:1b:52:35:9f:5e:9b:27:8f:
         62:bc:8b:b6:51:01:c7:ab:da:4b:3d:57:1a:59:62:61:b0:03:
         42:0d:db:de:df:16:60:a7:4c:f1:1c:4d:8c:dd:a1:2b:a4:4a:
         dd:ec:02:f9:a2:a2:d3:be:d4:c5:40:5a:e5:40:e1:69:a7:5c:
         5f:77:cc:9d:4d:2d:7d:f2:5c:55:34:b0:31:c0:bf:64:9c:35:
         59:2e:dc:37:2c:16:79:de:5c:62:dd:71:03:fa:7a:f8:50:33:
         0f:f0:10:96:72:3d:ab:cd:61:2f:56:a8:09:8c:ba:d5:7b:03:
         4e:2d:56:e2:40:a7:4b:32:fd:c2:d4:c3:0f:37:c1:03:1b:1b:
         57:8d:94:ee:0c:9f:ae:8e:63:b3:b1:19:54:b0:0d:dd:2f:31:
         db:04:0f:8e:28:16:42:8d:b0:14:15:e0:94:c9:d9:0f:42:4c:
         94:6c:ec:40:bd:0e:fb:33:ef:d8:5a:36:18:31:b1:c1:4b:70:
         f8:d1:da:bb:e3:c7:ed:5b:9d:f2:d7:70:39:d4:cd:95:f0:c7:
         ff:71:b2:1a:a3:67:c4:8c:fa:c0:01:f7:1c:f5:8d:3f:77:88:
         ab:41:79:9d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNWvE3ZLFR/aTg6jzKXyaR5UA1dowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAxMTQwWhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzA2MmQ0MzBjZjk0NmEwY2M5YzM3NmE5ZDdjYmM3ODcw
NzM3YTRjM2VkNTBlMjlmNWViMjE1MzU4ZjA2NjRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQ/LVAVedCIl6y7JaX6qFiTJxXdzysVbyJfG2+zySXxcig
ioPMW8AXPvZCW2CsGjotw4szK338H3x9xDlFo6I09pRDT4GFeYeynittOyQEg9Q1
pIc+HN1xqG0M1ggydedHuxWCcifnCN5dZPU1Bw26nUEPv8dQMFnDvRSE4JxSZpzG
RMGAZiYsdt05sH5DMMTwLWQI0AzK6uX5NEp1NEmpeRVbDKIDpsCvPKIFBo7a7aqO
QbpZysR7c3NDhsfeuzAsUSBTvw3BLNASVCU7ClaXQLfmYtptwplGtmOUHnztIWO3
n0tz1GkwUxC04cWG61Z1TDmtLhMQ4JvZbhNR9wHbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPTOiNiudrylFZ/bjTtL1ZyhQHMQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0ZjRmNWJjLTMwYzctNGQyMC1hOWI0LWIzOTYyNmYzMGU3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCKNDANBgkqhkiG9w0BAQsFAAOCAQEAn+gPvT3DgOIXPEnUnfDhpVVEfJje
gDv+7mwm9htSNZ9emyePYryLtlEBx6vaSz1XGlliYbADQg3b3t8WYKdM8RxNjN2h
K6RK3ewC+aKi077UxUBa5UDhaadcX3fMnU0tffJcVTSwMcC/ZJw1WS7cNywWed5c
Yt1xA/p6+FAzD/AQlnI9q81hL1aoCYy61XsDTi1W4kCnSzL9wtTDDzfBAxsbV42U
7gyfro5js7EZVLAN3S8x2wQPjigWQo2wFBXglMnZD0JMlGzsQL0O+zPv2Fo2GDGx
wUtw+NHau+PH7Vud8tdwOdTNlfDH/3GyGqNnxIz6wAH3HPWNP3eIq0F5nQ==
-----END CERTIFICATE-----