Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c5b22d0-c570-479a-9176-1b8ae33317b3.roa
File:                     9c5b22d0-c570-479a-9176-1b8ae33317b3.roa (raw, json)
Hash identifier:          ccdlANu8xy1zWzMEuHNDuH48nKJJvvvPvKj1SYh6Zyc=
Subject key identifier:   AD:1F:43:3D:69:42:F4:3A:32:F1:C6:BD:E1:A5:1F:B7:EB:B0:BB:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4768796E5ECAF35C852B504B84518BAD800E15CE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c5b22d0-c570-479a-9176-1b8ae33317b3.roa
Signing time:             Sat 15 Nov 2025 00:20:44 +0000
ROA not before:           Sat 15 Nov 2025 00:20:44 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.130.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:68:79:6e:5e:ca:f3:5c:85:2b:50:4b:84:51:8b:ad:80:0e:15:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:20:44 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=ff34e2ba8c38c3446a7c9284d78f2054dce336a27e42ecfdbbbbf636232dbca8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8f:30:6c:88:fe:9f:ac:84:b6:28:72:01:8a:
                    8c:cd:63:bb:e2:00:a4:7a:78:ea:ca:bf:ec:b6:61:
                    21:99:2f:9a:02:4b:35:f0:be:13:bb:19:29:20:14:
                    46:fb:78:96:dd:30:a5:f8:b1:d6:b1:1e:a9:ea:c2:
                    f0:b8:3d:96:42:90:62:db:ee:d7:97:03:91:45:03:
                    a7:cc:72:da:89:2b:da:5a:f4:d2:37:7b:54:96:16:
                    a3:e2:68:c6:90:bb:c5:b9:c2:37:54:af:fc:45:17:
                    6b:d4:7c:8f:37:7a:00:ed:51:f9:0b:92:2d:7b:a4:
                    46:f8:17:88:5a:2a:05:13:4d:70:c6:54:93:65:82:
                    e0:b9:c7:43:bd:1a:8d:e5:26:14:ee:56:94:52:c6:
                    85:d1:38:c7:88:3e:ba:e9:a3:95:05:00:9e:7a:94:
                    36:42:7a:76:b3:ae:9c:a7:e2:bd:0f:b1:9c:98:14:
                    79:a0:be:1c:be:cf:f1:bf:7d:b8:4e:e9:2a:bf:c7:
                    25:f3:7c:7c:d5:f5:fa:38:31:dd:2f:e9:83:a0:75:
                    54:dc:b3:fd:a8:89:8c:eb:6c:cc:f6:4f:d1:d6:60:
                    e4:d3:2a:f0:39:a3:f8:ae:92:6a:4b:8b:2d:e8:b9:
                    45:3b:93:21:c0:24:0c:e1:cb:98:3b:0c:89:1d:ab:
                    9c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:1F:43:3D:69:42:F4:3A:32:F1:C6:BD:E1:A5:1F:B7:EB:B0:BB:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c5b22d0-c570-479a-9176-1b8ae33317b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.130.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         66:55:69:b4:c4:03:7a:b6:f2:c2:82:c1:70:36:98:ab:ab:e8:
         72:52:8b:00:4c:38:21:88:18:27:d7:73:5e:4e:37:0f:23:c2:
         d2:ce:9c:89:d7:6c:c4:ce:dd:5e:64:8e:1d:ef:65:b8:3f:ec:
         2c:06:75:ef:b2:7e:86:e0:df:59:a7:c0:34:5e:4f:c6:c7:e0:
         2e:49:bf:72:54:59:75:88:1d:50:68:88:20:9f:31:93:ab:19:
         d3:a5:bc:59:c9:c6:31:a0:2f:ac:df:df:f4:db:ba:57:ee:8b:
         c8:99:2d:35:e5:ac:ff:d8:8d:28:82:2e:03:70:b3:2c:73:f3:
         50:ed:01:de:8e:ab:9f:10:67:76:cf:e3:81:fd:d8:55:d1:89:
         65:e4:f7:ac:71:20:d1:45:83:c5:69:54:66:6f:d1:c5:dc:f4:
         1e:e9:63:f9:17:3b:6c:4a:80:3f:19:fa:8b:f4:4f:26:76:4f:
         88:d6:ec:da:eb:24:8a:e0:a6:db:1d:3a:6b:bb:ea:b0:15:71:
         70:4b:20:e8:a0:c7:a1:80:9f:89:2c:c9:53:7e:95:c3:47:f6:
         5e:ca:d9:db:8a:a3:09:4c:0e:c8:3d:90:83:c4:b6:45:32:b6:
         91:45:c9:14:72:18:a3:62:22:87:23:1b:ad:24:1a:e0:f1:03:
         07:28:52:07
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR2h5bl7K81yFK1BLhFGLrYAOFc4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDAyMDQ0WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjM0ZTJiYThjMzhjMzQ0NmE3YzkyODRkNzhmMjA1NGRj
ZTMzNmEyN2U0MmVjZmRiYmJiZjYzNjIzMmRiY2E4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMjzBsiP6frIS2KHIBiozNY7viAKR6eOrKv+y2YSGZL5oC
SzXwvhO7GSkgFEb7eJbdMKX4sdaxHqnqwvC4PZZCkGLb7teXA5FFA6fMctqJK9pa
9NI3e1SWFqPiaMaQu8W5wjdUr/xFF2vUfI83egDtUfkLki17pEb4F4haKgUTTXDG
VJNlguC5x0O9Go3lJhTuVpRSxoXROMeIPrrpo5UFAJ56lDZCenazrpyn4r0PsZyY
FHmgvhy+z/G/fbhO6Sq/xyXzfHzV9fo4Md0v6YOgdVTcs/2oiYzrbMz2T9HWYOTT
KvA5o/iukmpLiy3ouUU7kyHAJAzhy5g7DIkdq5zvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUrR9DPWlC9Doy8ca94aUft+uwu78wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzljNWIyMmQwLWM1NzAtNDc5YS05MTc2LTFiOGFlMzMzMTdiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBigjANBgkqhkiG9w0BAQsFAAOCAQEAZlVptMQDerbywoLBcDaYq6voclKL
AEw4IYgYJ9dzXk43DyPC0s6ciddsxM7dXmSOHe9luD/sLAZ177J+huDfWafANF5P
xsfgLkm/clRZdYgdUGiIIJ8xk6sZ06W8WcnGMaAvrN/f9Nu6V+6LyJktNeWs/9iN
KIIuA3CzLHPzUO0B3o6rnxBnds/jgf3YVdGJZeT3rHEg0UWDxWlUZm/Rxdz0Hulj
+Rc7bEqAPxn6i/RPJnZPiNbs2uskiuCm2x06a7vqsBVxcEsg6KDHoYCfiSzJU36V
w0f2XsrZ24qjCUwOyD2Qg8S2RTK2kUXJFHIYo2IihyMbrSQa4PEDByhSBw==
-----END CERTIFICATE-----