Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8dd3c9f1-214b-450f-91c9-754a0ab85a82.roa
File:                     8dd3c9f1-214b-450f-91c9-754a0ab85a82.roa (raw, json)
Hash identifier:          mbDkX3U7uXhYltcUWB+9iRIS0I6N6ty0cgulRyS99aw=
Subject key identifier:   96:85:0D:13:70:85:47:26:67:9C:DB:BA:9E:E5:E8:B4:07:53:27:2F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C989549323B22F9451D473439B7373EB4D0160E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8dd3c9f1-214b-450f-91c9-754a0ab85a82.roa
Signing time:             Tue 11 Nov 2025 00:20:39 +0000
ROA not before:           Tue 11 Nov 2025 00:20:39 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.21.192.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:98:95:49:32:3b:22:f9:45:1d:47:34:39:b7:37:3e:b4:d0:16:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:20:39 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=eaff6aafc749ef90710b150058186c201854176cc4644c04b108ec64d6cc9362, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:27:ce:16:f5:74:35:c8:c8:18:14:56:21:
                    ed:7d:72:77:76:7f:1f:91:d1:87:a6:60:33:21:cd:
                    90:04:6e:70:a1:44:8d:09:c4:27:bc:92:00:aa:db:
                    2b:87:09:42:d0:0f:ab:d5:f6:0c:58:83:4a:5d:7c:
                    16:37:ce:c0:e2:be:c8:d2:75:56:b9:8a:0d:e8:0b:
                    e7:65:06:4e:bb:21:95:ff:de:a6:3e:05:43:43:57:
                    ff:b3:a0:d2:ca:e5:d6:f5:af:3b:74:94:9d:37:05:
                    9d:b1:21:b1:bc:7e:98:df:fa:bc:36:fd:f9:15:2c:
                    58:cd:cc:f4:55:fc:56:c0:e6:cc:63:15:0f:ba:d7:
                    fa:c3:30:e4:da:b6:75:03:7f:e8:81:fe:65:f9:50:
                    3c:05:b5:d4:d9:52:a9:a4:cb:30:2e:24:0d:c5:ee:
                    14:af:6b:49:ba:a3:a0:99:bb:15:12:f5:80:26:35:
                    c3:99:69:e2:7c:bb:9d:9b:25:52:71:91:1c:9f:36:
                    37:6d:b7:95:4f:b3:dc:8a:a2:4a:ca:f5:7d:ba:a9:
                    36:38:a5:b0:2d:5e:59:92:a9:ff:91:17:52:a2:99:
                    5a:11:39:16:30:4c:13:79:4b:ea:2b:5d:15:c7:fd:
                    3b:cf:f6:25:ab:5e:b2:46:27:f2:19:09:f8:06:b1:
                    1e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:85:0D:13:70:85:47:26:67:9C:DB:BA:9E:E5:E8:B4:07:53:27:2F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8dd3c9f1-214b-450f-91c9-754a0ab85a82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5a:e1:6d:f2:0a:57:14:c3:56:76:44:e5:d2:c4:f4:23:e1:6c:
         7f:60:ea:26:84:bd:3b:85:9f:1e:0e:1e:7a:4d:e2:f2:f2:02:
         60:08:42:55:4f:c3:28:68:b7:67:29:6d:4d:f4:b7:c0:d4:19:
         b2:ae:5a:14:79:83:b2:b1:04:fb:82:56:8f:3a:48:ac:2b:8a:
         68:2d:89:13:00:6e:a1:70:90:ed:3e:d9:0e:0e:e7:fa:7f:01:
         04:4a:e4:68:20:8b:fe:b9:61:a9:a6:be:9f:d5:81:b9:82:1b:
         97:1f:a5:7d:d4:82:93:1f:33:64:67:19:d0:3e:fa:58:93:da:
         16:26:de:45:ee:53:7c:cb:40:23:b6:97:03:ab:b0:c6:dc:9c:
         9a:6e:49:26:7f:39:2b:ce:87:c5:10:53:7e:85:07:cf:dd:ff:
         40:b4:b0:8c:e7:d0:6a:fe:0a:14:ca:2d:35:60:20:83:c0:16:
         c5:68:7a:f2:2d:43:af:5e:5e:fc:ad:11:8e:04:a8:50:73:3d:
         96:d8:d7:e3:ad:63:f7:2b:96:b0:ea:c1:ea:cb:19:83:ff:91:
         ca:bd:64:08:f2:d5:68:d6:98:71:f9:18:92:73:11:2d:6f:04:
         27:46:d1:ff:c6:cb:e4:d6:2c:76:69:95:a7:31:22:7b:b5:10:
         1b:6d:c9:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfJiVSTI7IvlFHUc0Obc3PrTQFg4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDAyMDM5WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWZmNmFhZmM3NDllZjkwNzEwYjE1MDA1ODE4NmMyMDE4
NTQxNzZjYzQ2NDRjMDRiMTA4ZWM2NGQ2Y2M5MzYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3aCfOFvV0NcjIGBRWIe19cnd2fx+R0YemYDMhzZAEbnCh
RI0JxCe8kgCq2yuHCULQD6vV9gxYg0pdfBY3zsDivsjSdVa5ig3oC+dlBk67IZX/
3qY+BUNDV/+zoNLK5db1rzt0lJ03BZ2xIbG8fpjf+rw2/fkVLFjNzPRV/FbA5sxj
FQ+61/rDMOTatnUDf+iB/mX5UDwFtdTZUqmkyzAuJA3F7hSva0m6o6CZuxUS9YAm
NcOZaeJ8u52bJVJxkRyfNjdtt5VPs9yKokrK9X26qTY4pbAtXlmSqf+RF1KimVoR
ORYwTBN5S+orXRXH/TvP9iWrXrJGJ/IZCfgGsR7lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUloUNE3CFRyZnnNu6nuXotAdTJy8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkZDNjOWYxLTIxNGItNDUwZi05MWM5LTc1NGEwYWI4NWE4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANrFcAwDQYJKoZIhvcNAQELBQADggEBAFrhbfIKVxTDVnZE5dLE9CPhbH9g
6iaEvTuFnx4OHnpN4vLyAmAIQlVPwyhot2cpbU30t8DUGbKuWhR5g7KxBPuCVo86
SKwrimgtiRMAbqFwkO0+2Q4O5/p/AQRK5Gggi/65Yammvp/VgbmCG5cfpX3UgpMf
M2RnGdA++liT2hYm3kXuU3zLQCO2lwOrsMbcnJpuSSZ/OSvOh8UQU36FB8/d/0C0
sIzn0Gr+ChTKLTVgIIPAFsVoevItQ69eXvytEY4EqFBzPZbY1+OtY/crlrDqwerL
GYP/kcq9ZAjy1WjWmHH5GJJzES1vBCdG0f/Gy+TWLHZplacxInu1EBttyYI=
-----END CERTIFICATE-----