Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a728d17e-d435-496e-9424-123dad229b72.roa
File:                     a728d17e-d435-496e-9424-123dad229b72.roa (raw, json)
Hash identifier:          XcJqRrUj57FgTkHphyOqmqRLb3OpZSj0bSeMeBJpgBk=
Subject key identifier:   BC:4E:9A:75:E8:40:BE:7B:21:C1:92:2A:2B:1C:7B:3D:7C:05:EE:08
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F7DF92267B86DB11B399AC7CD8B47C2BE9EDDFF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a728d17e-d435-496e-9424-123dad229b72.roa
Signing time:             Tue 11 Nov 2025 01:50:09 +0000
ROA not before:           Tue 11 Nov 2025 01:50:09 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        162.120.24.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:7d:f9:22:67:b8:6d:b1:1b:39:9a:c7:cd:8b:47:c2:be:9e:dd:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:50:09 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=c23e6e4f16a7499742a4b0922c92a55a6c0eadbed0a2cd0f4838c58d492b8d73, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fa:73:29:ae:64:04:75:96:22:77:42:bf:16:
                    7e:97:ca:1d:d9:73:f5:8e:4f:2e:76:65:c2:ae:e7:
                    8a:80:ae:1a:c1:7a:21:8b:42:37:75:ec:6a:19:9a:
                    ad:ad:e8:8c:7b:04:e9:fc:8e:3a:8e:2a:cc:74:dc:
                    b0:12:aa:36:6c:a3:a1:44:f8:2b:9a:0e:68:f0:6f:
                    d4:93:83:46:55:ad:46:b4:26:e0:95:0d:e6:48:55:
                    e4:c3:aa:8d:bd:5f:26:91:4b:7f:23:1b:66:c2:2d:
                    e9:43:d9:5b:69:c2:8b:88:10:5a:58:26:b7:96:1c:
                    e1:9f:26:91:0d:c6:09:bd:f6:0b:1c:74:bc:64:f6:
                    61:f4:78:f4:e8:8e:04:30:ad:b0:1c:1d:f4:3e:ed:
                    d3:47:1b:32:2c:be:60:2f:58:0c:a3:61:2e:ce:7e:
                    f7:5a:44:48:53:94:6c:67:f4:8e:40:2c:27:77:db:
                    aa:cb:2c:2f:e5:2b:d0:93:00:a7:fe:ab:87:6d:f4:
                    7a:4e:8f:d5:7d:4f:10:f8:f8:b7:d5:1a:88:26:b4:
                    f6:44:51:e4:6e:a7:48:0d:af:73:ae:f9:ff:75:97:
                    48:9a:5c:d5:4f:1b:08:5e:57:37:4d:3d:74:ab:d0:
                    fb:b5:3a:91:a8:33:2a:36:00:8b:2f:00:e5:f8:39:
                    a5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:4E:9A:75:E8:40:BE:7B:21:C1:92:2A:2B:1C:7B:3D:7C:05:EE:08
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a728d17e-d435-496e-9424-123dad229b72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.120.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         21:1c:b2:8f:44:49:29:7e:32:27:8e:97:47:c6:3e:96:41:78:
         9d:b3:ca:56:bc:a4:b6:e0:37:d2:c9:ab:90:c1:1b:87:aa:af:
         eb:b1:75:0d:4c:78:16:52:36:1c:db:fa:63:6b:a1:fd:da:47:
         31:0a:ca:13:58:be:c1:25:7e:f8:bb:eb:d2:75:f7:b7:13:13:
         c4:8e:08:e4:13:6d:32:1b:10:61:15:e8:be:65:2f:4c:61:0d:
         43:1e:f2:f1:99:26:59:ef:77:8b:97:0b:3d:17:cf:af:66:23:
         a0:93:f4:07:16:cc:ce:31:f5:de:1d:41:7c:0d:42:72:22:2c:
         d1:e5:62:6e:b0:01:de:4f:16:49:c6:5e:c8:c0:05:8e:21:50:
         ae:c9:a0:c2:67:91:54:f4:74:ab:0a:d5:0e:73:02:6b:62:a5:
         ba:28:22:d9:57:0d:ce:73:7b:72:17:b0:ca:55:3a:3b:9d:9e:
         5b:29:7d:4c:00:30:44:03:40:72:d0:4c:70:9d:23:c3:29:60:
         ec:1b:5b:00:9e:8e:aa:3c:bd:78:a3:53:ca:fe:3d:7e:29:c4:
         bd:61:a5:96:d6:5f:70:4a:0c:ef:94:02:04:cd:da:b7:6d:c1:
         b0:dd:38:70:7d:40:f0:95:7e:75:e0:d7:f6:76:57:75:02:10:
         28:57:0c:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf335Ime4bbEbOZrHzYtHwr6e3f8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDE1MDA5WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMjNlNmU0ZjE2YTc0OTk3NDJhNGIwOTIyYzkyYTU1YTZj
MGVhZGJlZDBhMmNkMGY0ODM4YzU4ZDQ5MmI4ZDczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF+nMprmQEdZYid0K/Fn6Xyh3Zc/WOTy52ZcKu54qArhrB
eiGLQjd17GoZmq2t6Ix7BOn8jjqOKsx03LASqjZso6FE+CuaDmjwb9STg0ZVrUa0
JuCVDeZIVeTDqo29XyaRS38jG2bCLelD2VtpwouIEFpYJreWHOGfJpENxgm99gsc
dLxk9mH0ePTojgQwrbAcHfQ+7dNHGzIsvmAvWAyjYS7OfvdaREhTlGxn9I5ALCd3
26rLLC/lK9CTAKf+q4dt9HpOj9V9TxD4+LfVGogmtPZEUeRup0gNr3Ou+f91l0ia
XNVPGwheVzdNPXSr0Pu1OpGoMyo2AIsvAOX4OaXdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvE6adehAvnshwZIqKxx7PXwF7ggwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3MjhkMTdlLWQ0MzUtNDk2ZS05NDI0LTEyM2RhZDIyOWI3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOieBgwDQYJKoZIhvcNAQELBQADggEBACEcso9ESSl+MieOl0fGPpZBeJ2z
yla8pLbgN9LJq5DBG4eqr+uxdQ1MeBZSNhzb+mNrof3aRzEKyhNYvsElfvi769J1
97cTE8SOCOQTbTIbEGEV6L5lL0xhDUMe8vGZJlnvd4uXCz0Xz69mI6CT9AcWzM4x
9d4dQXwNQnIiLNHlYm6wAd5PFknGXsjABY4hUK7JoMJnkVT0dKsK1Q5zAmtipboo
ItlXDc5ze3IXsMpVOjudnlspfUwAMEQDQHLQTHCdI8MpYOwbWwCejqo8vXijU8r+
PX4pxL1hpZbWX3BKDO+UAgTN2rdtwbDdOHB9QPCVfnXg1/Z2V3UCEChXDDU=
-----END CERTIFICATE-----