Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab5b8d10-5f17-4c4b-aae8-a265399770c5.roa
File:                     ab5b8d10-5f17-4c4b-aae8-a265399770c5.roa (raw, json)
Hash identifier:          0wBtywHDERRvqMgvABM6u0UFP9AY+kq3J/ak8xcQ8+o=
Subject key identifier:   0F:57:D8:8C:8C:5C:7E:52:E7:E7:EA:21:72:D8:C3:2B:F3:CF:86:32
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2846421B1147A2E442DCDA655D8324C52E4BB45C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab5b8d10-5f17-4c4b-aae8-a265399770c5.roa
Signing time:             Tue 11 Nov 2025 00:40:53 +0000
ROA not before:           Tue 11 Nov 2025 00:40:53 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        147.106.192.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:46:42:1b:11:47:a2:e4:42:dc:da:65:5d:83:24:c5:2e:4b:b4:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:40:53 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=8cd257a38faca1dce91e82dd2eb040310cb9e4a040d8dc85354838a06c339a05, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:89:97:16:d4:e6:6e:de:86:a9:13:9d:b8:7e:
                    85:9c:9b:80:0e:db:d9:c5:c7:36:31:5d:a2:88:03:
                    59:45:f8:2a:f8:2e:d6:a7:3d:51:a2:3a:27:82:22:
                    bc:9d:3b:b6:06:bb:0c:11:0d:d6:06:e0:8c:af:a6:
                    56:24:67:f0:54:81:09:a6:c1:29:81:92:f1:08:6f:
                    5b:3a:25:28:bb:54:78:ce:16:80:e8:21:4f:82:37:
                    23:c7:e7:da:7e:6b:80:f0:05:e8:f9:5a:d1:e3:10:
                    b4:13:92:6e:dd:3e:f4:54:00:6b:6e:8a:0e:92:3f:
                    ab:6d:73:d6:0d:35:23:12:8b:c1:ac:d0:02:f9:09:
                    48:c6:00:85:d0:ca:3d:cf:9e:7a:a0:07:b7:0d:25:
                    ba:bf:6c:dc:88:0c:ef:32:fd:96:23:0e:e9:d0:cd:
                    34:17:2a:84:1d:fb:99:fe:f4:7e:65:5e:6f:b7:af:
                    54:ce:af:39:67:53:73:32:65:7f:43:0a:e4:81:ed:
                    96:1b:ff:34:1d:7e:33:ca:69:06:80:b4:bd:e4:69:
                    fe:ff:ac:4d:16:22:b9:a7:80:b2:9f:99:00:1e:42:
                    b4:5d:95:f3:eb:74:18:41:89:0f:e0:45:57:83:fe:
                    0f:92:8f:52:1f:fe:da:70:b5:7c:70:4a:ec:c0:93:
                    8e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:57:D8:8C:8C:5C:7E:52:E7:E7:EA:21:72:D8:C3:2B:F3:CF:86:32
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab5b8d10-5f17-4c4b-aae8-a265399770c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.106.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5d:ad:2f:92:81:40:78:e7:c0:5c:35:8f:d2:d1:33:b5:ef:73:
         7f:a5:3c:14:24:51:a0:7e:2e:e0:0f:5b:a6:29:cf:c2:a9:58:
         7e:ff:86:25:a1:ee:3e:2c:8a:53:1d:71:04:eb:cd:f0:cc:e1:
         0b:9e:07:e3:b7:fd:e7:6e:30:34:81:88:40:96:4e:89:3d:0c:
         1d:f8:a8:03:d2:a3:b6:f5:73:57:e9:2e:b4:66:65:8b:58:c0:
         a2:fe:97:34:03:af:fe:bd:97:b3:7a:78:41:75:63:81:e7:77:
         8d:87:c2:ef:9c:93:6a:ee:d3:73:88:6f:37:61:fd:98:29:34:
         d3:44:df:a6:c0:23:64:00:4c:c3:0e:a7:7f:42:07:0f:be:1a:
         74:76:c5:e5:68:9d:0f:18:bf:07:15:da:8e:88:4a:f0:75:bd:
         a7:33:eb:f8:1b:c9:ba:aa:90:f9:11:ae:f2:f9:7d:c2:52:d8:
         43:91:1f:39:fe:b1:92:2d:c3:dc:5d:e2:c7:ab:e2:a3:db:ad:
         32:75:55:7d:8e:8f:58:34:31:08:af:ce:86:3d:e9:11:24:d0:
         e2:1b:15:d2:86:23:08:9b:aa:b1:03:eb:0d:f2:28:fa:73:96:
         db:7b:fd:e1:3d:48:63:46:5f:c3:9d:2c:fc:74:0f:c2:ef:7a:
         25:3b:f1:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKEZCGxFHouRC3NplXYMkxS5LtFwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDA0MDUzWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2QyNTdhMzhmYWNhMWRjZTkxZTgyZGQyZWIwNDAzMTBj
YjllNGEwNDBkOGRjODUzNTQ4MzhhMDZjMzM5YTA1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2iZcW1OZu3oapE524foWcm4AO29nFxzYxXaKIA1lF+Cr4
LtanPVGiOieCIrydO7YGuwwRDdYG4IyvplYkZ/BUgQmmwSmBkvEIb1s6JSi7VHjO
FoDoIU+CNyPH59p+a4DwBej5WtHjELQTkm7dPvRUAGtuig6SP6ttc9YNNSMSi8Gs
0AL5CUjGAIXQyj3PnnqgB7cNJbq/bNyIDO8y/ZYjDunQzTQXKoQd+5n+9H5lXm+3
r1TOrzlnU3MyZX9DCuSB7ZYb/zQdfjPKaQaAtL3kaf7/rE0WIrmngLKfmQAeQrRd
lfPrdBhBiQ/gRVeD/g+Sj1If/tpwtXxwSuzAk46vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD1fYjIxcflLn5+ohctjDK/PPhjIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FiNWI4ZDEwLTVmMTctNGM0Yi1hYWU4LWEyNjUzOTk3NzBjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaTasAwDQYJKoZIhvcNAQELBQADggEBAF2tL5KBQHjnwFw1j9LRM7Xvc3+l
PBQkUaB+LuAPW6Ypz8KpWH7/hiWh7j4silMdcQTrzfDM4QueB+O3/eduMDSBiECW
Tok9DB34qAPSo7b1c1fpLrRmZYtYwKL+lzQDr/69l7N6eEF1Y4Hnd42Hwu+ck2ru
03OIbzdh/ZgpNNNE36bAI2QATMMOp39CBw++GnR2xeVonQ8YvwcV2o6ISvB1vacz
6/gbybqqkPkRrvL5fcJS2EORHzn+sZItw9xd4ser4qPbrTJ1VX2Oj1g0MQivzoY9
6REk0OIbFdKGIwibqrED6w3yKPpzltt7/eE9SGNGX8OdLPx0D8LveiU78es=
-----END CERTIFICATE-----