Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72219ba2-8eee-4c34-8224-a8f5ccc253fc.roa
File:                     72219ba2-8eee-4c34-8224-a8f5ccc253fc.roa (raw, json)
Hash identifier:          nIZULqbu0ENNdZ4FBcM27rxp8Lu5ATQCKA/B+H4m4B8=
Subject key identifier:   0E:43:BF:97:8E:51:69:15:9B:16:02:26:7A:AD:C6:7B:C5:69:E6:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73F42B9045A0D9E92050D2EBB5D15AB3F67C0270
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72219ba2-8eee-4c34-8224-a8f5ccc253fc.roa
Signing time:             Tue 11 Nov 2025 02:10:05 +0000
ROA not before:           Tue 11 Nov 2025 02:10:05 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.20.132.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:f4:2b:90:45:a0:d9:e9:20:50:d2:eb:b5:d1:5a:b3:f6:7c:02:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:10:05 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=1d3271913582aa32b4dce6eb9100e14c6815c99817cdeba734038be1e70ac703, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c2:13:40:78:2d:86:b0:f5:a5:ba:7a:4d:60:
                    4f:0b:77:99:06:76:bd:c2:c0:89:34:41:e6:d8:37:
                    65:22:ad:66:9e:1b:60:28:67:70:23:b7:8b:33:91:
                    62:3d:bf:e5:74:f6:f5:9e:74:2a:27:b0:9e:57:6e:
                    8e:4b:35:cf:34:1e:ac:a4:0f:bd:a5:93:f8:60:0f:
                    95:09:15:57:9b:97:71:d9:32:c2:df:26:cb:11:b7:
                    83:6f:1d:31:9a:b6:01:3d:ed:a5:8e:58:28:e8:61:
                    fd:12:7a:4b:fb:3d:eb:dd:66:a9:3f:b8:ca:a4:b3:
                    be:a4:6d:69:ab:ba:44:ca:12:cf:91:58:c4:ba:0b:
                    1f:ab:8e:21:56:c6:10:3a:db:ed:fe:b6:e9:30:a3:
                    3d:38:9b:46:a1:43:2a:39:a3:46:6e:18:58:b4:81:
                    f9:40:63:2c:38:fc:37:5c:9e:c2:2b:68:ba:57:d3:
                    c3:db:c0:a5:a1:f8:ee:0e:6d:00:33:d4:35:3d:e7:
                    f2:63:25:b1:be:74:cd:58:5f:00:e4:05:26:47:3e:
                    c0:a2:f0:fa:51:a9:4a:67:ed:07:c3:b8:22:3e:93:
                    7a:58:02:89:bb:08:e2:f3:b6:db:75:57:71:a3:5a:
                    c3:07:63:74:2a:c2:04:04:ae:40:d0:6d:8e:35:cc:
                    d4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:43:BF:97:8E:51:69:15:9B:16:02:26:7A:AD:C6:7B:C5:69:E6:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72219ba2-8eee-4c34-8224-a8f5ccc253fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.20.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:3f:04:0b:dd:3a:a1:ab:25:3d:81:3f:ca:01:74:7f:37:30:
         32:0c:77:11:92:ed:30:2a:98:e6:76:db:f3:e4:17:df:ad:c9:
         65:d3:87:ff:b8:85:4b:da:32:76:e4:9c:73:43:08:60:18:fb:
         ca:9a:c6:bf:17:c3:23:77:08:f2:7d:fd:c1:9f:2e:65:9d:91:
         60:19:e5:09:a3:7e:61:de:b4:55:d1:4f:67:de:6c:4a:3e:60:
         ec:d6:63:33:e8:de:ee:c6:24:62:0e:80:5a:2a:ff:94:4a:14:
         04:27:aa:55:ab:6f:28:e0:eb:65:6a:7b:08:e7:85:9e:7e:1b:
         4f:fa:ac:59:c3:e7:ff:1e:d8:72:be:b2:da:e8:12:4d:a3:17:
         82:b7:15:3e:5c:a0:f0:41:a0:23:e5:33:22:22:ec:55:f2:ae:
         be:d4:98:6a:46:4b:24:65:05:e0:04:05:13:d0:27:df:9a:6c:
         c5:d3:da:1a:e1:4b:5d:a0:5c:36:26:d3:26:78:33:98:c3:e8:
         55:1e:33:cb:99:a2:f6:64:ff:1b:52:cf:21:8d:47:b2:18:f4:
         3e:16:f2:67:3d:da:89:ec:94:da:57:5a:44:e1:bd:4d:f6:d0:
         83:59:7c:a4:ce:c5:1c:33:75:19:2a:2f:06:ba:ce:ef:dd:2d:
         80:ee:a1:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc/QrkEWg2ekgUNLrtdFas/Z8AnAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIxMDA1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDMyNzE5MTM1ODJhYTMyYjRkY2U2ZWI5MTAwZTE0YzY4
MTVjOTk4MTdjZGViYTczNDAzOGJlMWU3MGFjNzAzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSwhNAeC2GsPWlunpNYE8Ld5kGdr3CwIk0QebYN2UirWae
G2AoZ3Ajt4szkWI9v+V09vWedConsJ5Xbo5LNc80HqykD72lk/hgD5UJFVebl3HZ
MsLfJssRt4NvHTGatgE97aWOWCjoYf0Sekv7PevdZqk/uMqks76kbWmrukTKEs+R
WMS6Cx+rjiFWxhA62+3+tukwoz04m0ahQyo5o0ZuGFi0gflAYyw4/DdcnsIraLpX
08PbwKWh+O4ObQAz1DU95/JjJbG+dM1YXwDkBSZHPsCi8PpRqUpn7QfDuCI+k3pY
Aom7COLzttt1V3GjWsMHY3QqwgQErkDQbY41zNQ5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDkO/l45RaRWbFgImeq3Ge8Vp5oowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcyMjE5YmEyLThlZWUtNGMzNC04MjI0LWE4ZjVjY2MyNTNmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFIQwDQYJKoZIhvcNAQELBQADggEBALE/BAvdOqGrJT2BP8oBdH83MDIM
dxGS7TAqmOZ22/PkF9+tyWXTh/+4hUvaMnbknHNDCGAY+8qaxr8XwyN3CPJ9/cGf
LmWdkWAZ5QmjfmHetFXRT2febEo+YOzWYzPo3u7GJGIOgFoq/5RKFAQnqlWrbyjg
62VqewjnhZ5+G0/6rFnD5/8e2HK+stroEk2jF4K3FT5coPBBoCPlMyIi7FXyrr7U
mGpGSyRlBeAEBRPQJ9+abMXT2hrhS12gXDYm0yZ4M5jD6FUeM8uZovZk/xtSzyGN
R7IY9D4W8mc92onslNpXWkThvU320INZfKTOxRwzdRkqLwa6zu/dLYDuoeI=
-----END CERTIFICATE-----