Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a1820a02-368b-475a-8c64-c87e903d2117.roa
File:                     a1820a02-368b-475a-8c64-c87e903d2117.roa (raw, json)
Hash identifier:          IL0AsY6Gp2Jlqo1d7PrUmPjN0NYvVZoXw9ubjJ7Ca14=
Subject key identifier:   A5:75:26:12:1E:98:CA:37:A3:0D:19:DD:66:7C:2C:DB:18:66:B1:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7759F70E7DBF70EC242FD982C29D08BCF25944DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a1820a02-368b-475a-8c64-c87e903d2117.roa
Signing time:             Tue 11 Nov 2025 01:21:26 +0000
ROA not before:           Tue 11 Nov 2025 01:21:26 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        164.152.184.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:59:f7:0e:7d:bf:70:ec:24:2f:d9:82:c2:9d:08:bc:f2:59:44:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:21:26 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=aa5da08e4d6f69036bfb7ad62c276c326dfaa2169ba947ba411fe31252fc249e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2f:cd:cb:88:29:1f:8d:86:b1:ef:7b:ce:19:
                    7d:fb:5b:cb:56:c7:d2:6f:4a:d3:ac:3b:8e:15:7f:
                    c1:db:36:98:28:d1:89:71:f4:ca:f3:63:43:de:8f:
                    47:5c:22:33:49:69:50:d6:24:35:d7:32:cf:5d:e4:
                    c5:cf:50:c9:86:f1:17:91:01:26:ad:ce:2b:e8:59:
                    09:66:b9:78:7b:58:d6:56:41:8d:ba:b9:99:89:4d:
                    ef:53:92:bf:ae:3f:b0:53:60:52:63:d2:a9:63:0b:
                    8b:61:86:5a:21:28:65:5b:74:be:02:e9:85:6e:3f:
                    2d:49:bc:60:95:53:1b:01:e5:c5:3d:7f:da:f4:be:
                    12:c3:07:4a:53:b4:19:44:2a:23:dc:6f:25:e8:c5:
                    4d:bf:43:2a:2f:dd:15:4a:d2:90:6c:1b:57:ec:30:
                    99:4c:88:04:1e:0b:ed:ed:31:3d:a6:9d:ee:aa:2e:
                    3b:ac:9b:09:a3:33:3d:ac:79:b9:3b:3b:85:44:fb:
                    bd:32:01:7a:f7:c4:f3:2e:ac:2b:d9:f7:07:26:fc:
                    97:15:17:77:07:62:a2:d4:f4:a7:d2:80:f8:45:dd:
                    ce:7e:50:ec:5b:4f:e9:5a:56:a5:e9:1a:05:d6:92:
                    5f:8a:8d:60:49:c2:39:10:0a:48:6f:db:62:84:36:
                    52:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:75:26:12:1E:98:CA:37:A3:0D:19:DD:66:7C:2C:DB:18:66:B1:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a1820a02-368b-475a-8c64-c87e903d2117.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4d:a2:28:cb:8e:cb:bd:f9:12:77:fa:dc:8f:48:b6:71:63:ae:
         cd:e9:33:ae:05:57:e5:61:89:2f:fe:d2:8b:88:60:4b:00:ac:
         1d:05:d7:0d:e8:13:c7:b0:40:78:77:93:e0:9c:81:df:89:f8:
         2c:68:8c:0e:c9:27:b3:16:af:29:72:24:0b:38:c1:54:75:ea:
         33:ab:c4:73:e6:9a:e3:0b:19:73:a1:b9:6d:75:19:49:f9:ec:
         18:3e:15:0d:bd:67:08:05:ef:ac:58:3d:57:e0:1a:b0:bc:62:
         3a:f9:9f:fa:41:86:4c:4f:63:38:6d:5c:7a:cb:88:8b:6b:48:
         2c:6c:ed:bf:6a:0c:74:a6:8e:26:6d:23:f4:95:2f:c7:d8:b9:
         2a:38:31:de:88:a0:e0:9a:79:55:7d:20:b1:ba:26:2c:39:ef:
         da:7d:bb:06:f8:2c:45:f2:44:b6:18:a3:ec:88:bf:40:5a:17:
         4f:5b:01:a3:58:41:80:1e:dd:f3:89:a2:31:a3:28:4f:ab:ee:
         f2:36:db:b4:c0:f5:07:e2:3f:9f:39:de:ba:79:43:81:95:23:
         a3:27:cd:b6:e6:2f:03:a4:0e:57:61:86:eb:bd:f4:74:e7:30:
         a2:43:ed:18:5e:5e:c9:c4:81:2d:d1:e1:15:4a:18:e6:f7:52:
         e2:b1:43:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd1n3Dn2/cOwkL9mCwp0IvPJZRN0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEyMTI2WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTVkYTA4ZTRkNmY2OTAzNmJmYjdhZDYyYzI3NmMzMjZk
ZmFhMjE2OWJhOTQ3YmE0MTFmZTMxMjUyZmMyNDllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzL83LiCkfjYax73vOGX37W8tWx9JvStOsO44Vf8HbNpgo
0Ylx9MrzY0Pej0dcIjNJaVDWJDXXMs9d5MXPUMmG8ReRASatzivoWQlmuXh7WNZW
QY26uZmJTe9Tkr+uP7BTYFJj0qljC4thhlohKGVbdL4C6YVuPy1JvGCVUxsB5cU9
f9r0vhLDB0pTtBlEKiPcbyXoxU2/Qyov3RVK0pBsG1fsMJlMiAQeC+3tMT2mne6q
LjusmwmjMz2sebk7O4VE+70yAXr3xPMurCvZ9wcm/JcVF3cHYqLU9KfSgPhF3c5+
UOxbT+laVqXpGgXWkl+KjWBJwjkQCkhv22KENlLjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpXUmEh6YyjejDRndZnws2xhmsaowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ExODIwYTAyLTM2OGItNDc1YS04YzY0LWM4N2U5MDNkMjExNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOkmLgwDQYJKoZIhvcNAQELBQADggEBAE2iKMuOy735Enf63I9ItnFjrs3p
M64FV+VhiS/+0ouIYEsArB0F1w3oE8ewQHh3k+Ccgd+J+CxojA7JJ7MWrylyJAs4
wVR16jOrxHPmmuMLGXOhuW11GUn57Bg+FQ29ZwgF76xYPVfgGrC8Yjr5n/pBhkxP
YzhtXHrLiItrSCxs7b9qDHSmjiZtI/SVL8fYuSo4Md6IoOCaeVV9ILG6Jiw579p9
uwb4LEXyRLYYo+yIv0BaF09bAaNYQYAe3fOJojGjKE+r7vI227TA9QfiP5853rp5
Q4GVI6MnzbbmLwOkDldhhuu99HTnMKJD7RheXsnEgS3R4RVKGOb3UuKxQ4k=
-----END CERTIFICATE-----