Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f2c37c5-eaa0-424a-ba1e-5ebd99f3b15c.roa
File:                     7f2c37c5-eaa0-424a-ba1e-5ebd99f3b15c.roa (raw, json)
Hash identifier:          Pidm2fKtfgJqk34MB8ihxgARWko0u5AjmrdvJpsoMYg=
Subject key identifier:   60:25:DF:75:75:70:F0:00:9E:9B:0A:59:70:0F:83:04:2A:D3:BE:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E4499347598BD1BBF82077E62B0FA89CDE2A841
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f2c37c5-eaa0-424a-ba1e-5ebd99f3b15c.roa
Signing time:             Sun 16 Nov 2025 00:31:46 +0000
ROA not before:           Sun 16 Nov 2025 00:31:46 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.168.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:44:99:34:75:98:bd:1b:bf:82:07:7e:62:b0:fa:89:cd:e2:a8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:31:46 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=24e1450617c419dbf748933ee18d85ccc7d2cc35819b9dd9db5317bf87771108, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:82:62:f2:f4:9b:57:b1:2b:35:dd:92:38:62:
                    30:20:1d:2e:16:0a:33:8b:8c:6b:ff:52:04:8c:8e:
                    2b:b4:5f:23:a9:14:39:ef:49:2e:45:2d:2e:a9:56:
                    69:72:c8:9c:ee:76:28:92:89:f7:65:19:0f:a5:f6:
                    05:3a:f0:e7:e3:16:d0:1c:84:64:ca:2b:a3:99:9f:
                    d3:7a:ec:49:13:b2:36:5d:29:5e:6e:aa:92:14:ce:
                    7f:d5:e7:d1:c1:94:ac:f7:4b:3b:b0:5a:bc:0f:14:
                    53:9d:76:cf:5b:63:19:00:7d:20:c0:34:bc:c3:14:
                    02:6d:69:80:6e:81:c3:2a:7b:03:dc:9d:ea:40:b1:
                    8d:4e:fb:cd:06:61:01:18:9f:0d:a3:37:9d:0b:cc:
                    9f:71:72:3b:94:10:b2:fa:c1:f9:a4:4f:2e:9e:3a:
                    06:a6:7d:84:a5:b0:79:8c:45:19:b7:9f:e0:49:04:
                    2f:4d:ce:2e:26:29:96:05:06:d6:d5:1d:58:2f:42:
                    8d:61:b7:b9:36:08:4c:56:80:db:9d:03:df:e5:3f:
                    29:71:ef:79:7b:91:cf:7b:fe:7f:2e:9e:d4:f7:ea:
                    0d:5d:60:90:93:3b:73:aa:85:ce:c0:33:67:24:ec:
                    f3:d8:b3:dd:df:5c:b8:f9:68:ec:56:6e:c8:56:c7:
                    6b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:25:DF:75:75:70:F0:00:9E:9B:0A:59:70:0F:83:04:2A:D3:BE:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f2c37c5-eaa0-424a-ba1e-5ebd99f3b15c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.168.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         93:77:71:10:f3:09:ae:54:8e:d0:2c:a6:a5:3b:15:d1:e9:74:
         6a:08:c2:43:be:83:49:45:05:a0:92:f2:0e:70:64:e0:83:14:
         32:b5:29:3f:38:08:5a:00:d8:aa:d9:56:79:cf:64:15:93:96:
         78:bc:d6:aa:e1:3f:a0:3a:d2:d4:cb:20:47:1f:7a:73:60:fb:
         2d:76:de:0a:62:6b:46:66:f6:5e:37:40:b2:ba:f6:12:6a:6b:
         e9:92:bd:e3:07:27:df:48:2d:cf:53:58:e5:e3:8a:65:f1:1d:
         07:a8:ca:cb:a5:c0:47:86:db:d4:8e:4b:69:92:7b:18:34:06:
         f6:08:a2:bd:bf:14:c6:b5:f8:aa:a5:93:c7:d2:8b:c8:b4:45:
         36:77:87:2c:c0:41:9c:d6:8f:d8:6e:11:71:82:c9:78:a8:4b:
         37:a2:33:16:6a:2e:86:a2:6c:07:a6:fd:1a:a2:33:61:4c:23:
         a8:b5:7d:8f:dc:cc:b3:5e:c2:6a:da:cd:c0:98:a3:f4:a9:cc:
         8e:c8:70:77:f9:ab:c4:68:76:ed:45:63:e9:1f:84:0f:a2:6f:
         27:db:27:d0:da:f7:16:1a:ff:22:ea:23:71:12:2e:cc:88:8c:
         bc:8c:a9:f8:6c:d0:0c:f4:7f:ed:e5:68:f1:31:7f:74:a9:4e:
         87:86:3d:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbkSZNHWYvRu/ggd+YrD6ic3iqEEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMTQ2WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGUxNDUwNjE3YzQxOWRiZjc0ODkzM2VlMThkODVjY2M3
ZDJjYzM1ODE5YjlkZDlkYjUzMTdiZjg3NzcxMTA4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCygmLy9JtXsSs13ZI4YjAgHS4WCjOLjGv/UgSMjiu0XyOp
FDnvSS5FLS6pVmlyyJzudiiSifdlGQ+l9gU68OfjFtAchGTKK6OZn9N67EkTsjZd
KV5uqpIUzn/V59HBlKz3SzuwWrwPFFOdds9bYxkAfSDANLzDFAJtaYBugcMqewPc
nepAsY1O+80GYQEYnw2jN50LzJ9xcjuUELL6wfmkTy6eOgamfYSlsHmMRRm3n+BJ
BC9Nzi4mKZYFBtbVHVgvQo1ht7k2CExWgNudA9/lPylx73l7kc97/n8untT36g1d
YJCTO3Oqhc7AM2ck7PPYs93fXLj5aOxWbshWx2s/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYCXfdXVw8ACemwpZcA+DBCrTvn4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdmMmMzN2M1LWVhYTAtNDI0YS1iYTFlLTVlYmQ5OWYzYjE1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfMqAAwDQYJKoZIhvcNAQELBQADggEBAJN3cRDzCa5UjtAspqU7FdHpdGoI
wkO+g0lFBaCS8g5wZOCDFDK1KT84CFoA2KrZVnnPZBWTlni81qrhP6A60tTLIEcf
enNg+y123gpia0Zm9l43QLK69hJqa+mSveMHJ99ILc9TWOXjimXxHQeoysulwEeG
29SOS2mSexg0BvYIor2/FMa1+Kqlk8fSi8i0RTZ3hyzAQZzWj9huEXGCyXioSzei
MxZqLoaibAem/RqiM2FMI6i1fY/czLNewmrazcCYo/SpzI7IcHf5q8Rodu1FY+kf
hA+ibyfbJ9Da9xYa/yLqI3ESLsyIjLyMqfhs0Az0f+3laPExf3SpToeGPXA=
-----END CERTIFICATE-----