Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afe18807-0512-46f4-a30f-04920426bc1e.roa
File:                     afe18807-0512-46f4-a30f-04920426bc1e.roa (raw, json)
Hash identifier:          CcVCTykOD6dGSuo70eT+QxGVpyWgHkWJmgVU/IwetDg=
Subject key identifier:   CD:97:D1:F1:0B:BE:19:F9:BC:2A:12:88:5A:92:C2:B1:B2:6F:5B:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7020C9ADABA87E0BAFFDE2BAAD8C07854220A8A3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afe18807-0512-46f4-a30f-04920426bc1e.roa
Signing time:             Tue 11 Nov 2025 01:40:52 +0000
ROA not before:           Tue 11 Nov 2025 01:40:52 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        140.167.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:20:c9:ad:ab:a8:7e:0b:af:fd:e2:ba:ad:8c:07:85:42:20:a8:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:40:52 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=f0b391aa434e2d113265bbc63864b4f72f1ccd40aba9a163818bb887b3ad5203, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:29:91:42:52:5b:b7:2e:96:d0:43:ad:5a:e3:
                    4a:f4:19:ec:16:1c:4b:ae:08:71:0c:9e:6d:d3:b6:
                    6e:4e:8a:b3:7b:bd:4f:c8:f4:c7:34:bc:04:80:38:
                    5a:b6:04:52:e6:32:1b:52:95:62:ac:dc:4c:52:0d:
                    ba:5b:fb:02:86:9c:22:87:55:88:74:43:a7:e3:fb:
                    2e:c4:ca:a7:48:29:86:35:f2:6d:9f:90:f7:6b:08:
                    1b:e9:b7:78:08:19:37:2b:96:91:c1:f6:cf:52:53:
                    63:0a:8e:9d:ca:d2:1d:09:48:b5:1d:66:77:1a:64:
                    07:4d:dd:09:a5:e8:b5:fa:73:fd:04:7c:f5:ef:c2:
                    f5:7f:47:89:5a:b2:6e:57:17:57:f2:47:b0:1f:cd:
                    9b:ba:d7:46:8c:91:07:5b:ba:b6:b5:64:a9:47:60:
                    b1:6b:bc:1f:c2:49:ff:64:57:a0:f2:83:96:4a:ea:
                    8f:c6:dd:dd:f3:6b:15:31:e7:67:e1:6d:6b:22:d9:
                    da:f5:65:45:c9:fb:c9:45:98:fa:b6:7d:f6:65:95:
                    c5:19:02:2f:d3:ce:a7:52:bc:7a:1e:35:1e:8c:86:
                    05:4a:c5:7d:52:79:da:33:d9:55:fc:d0:7d:48:f4:
                    44:ff:2c:d1:f4:5a:9b:59:95:ac:49:56:af:14:12:
                    f3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:97:D1:F1:0B:BE:19:F9:BC:2A:12:88:5A:92:C2:B1:B2:6F:5B:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afe18807-0512-46f4-a30f-04920426bc1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.167.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2c:e4:8d:9f:8e:ab:4c:4d:12:ed:92:c8:e9:f8:47:00:28:5a:
         c9:bb:e6:ab:bb:da:1a:e8:ed:c8:03:8d:1d:f0:f3:6b:71:38:
         83:f5:50:f4:03:97:54:46:76:8d:26:fb:8d:02:e7:14:18:a2:
         5d:f3:84:4c:7b:d9:28:2d:47:a5:e4:3f:74:ef:74:80:b8:f9:
         72:69:93:02:7d:bf:fa:40:08:0d:5d:c0:ee:2e:5e:dd:6c:3e:
         d5:78:1f:9d:e6:de:55:80:c8:a3:5d:c8:9d:2a:72:3d:ff:c5:
         95:a2:58:9f:f9:8b:3e:f5:15:d1:b4:38:5e:2f:d1:5e:f9:5e:
         e8:03:16:39:8f:09:98:9f:32:4d:89:7a:14:dd:de:2f:59:4f:
         64:47:50:3b:fe:fa:0f:64:de:e7:35:1f:37:23:4d:6a:e3:af:
         dd:d5:0d:a3:c0:7d:78:ed:51:0e:ce:e7:c8:d7:c6:87:5a:99:
         44:69:19:7c:f2:73:83:fe:ad:f0:d6:8b:9d:e1:64:6d:e6:47:
         f9:8b:e0:5a:c0:de:75:dc:d8:a0:af:24:5c:de:e6:d4:d5:f8:
         36:c3:65:75:c5:05:be:17:f2:f1:54:f0:dc:83:cd:33:02:0d:
         ca:c3:fb:68:93:51:15:cb:63:dc:30:07:78:84:43:51:49:8c:
         b5:48:b8:2d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcCDJrauofguv/eK6rYwHhUIgqKMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDE0MDUyWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMGIzOTFhYTQzNGUyZDExMzI2NWJiYzYzODY0YjRmNzJm
MWNjZDQwYWJhOWExNjM4MThiYjg4N2IzYWQ1MjAzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtKZFCUlu3LpbQQ61a40r0GewWHEuuCHEMnm3Ttm5OirN7
vU/I9Mc0vASAOFq2BFLmMhtSlWKs3ExSDbpb+wKGnCKHVYh0Q6fj+y7EyqdIKYY1
8m2fkPdrCBvpt3gIGTcrlpHB9s9SU2MKjp3K0h0JSLUdZncaZAdN3Qml6LX6c/0E
fPXvwvV/R4lasm5XF1fyR7AfzZu610aMkQdbura1ZKlHYLFrvB/CSf9kV6Dyg5ZK
6o/G3d3zaxUx52fhbWsi2dr1ZUXJ+8lFmPq2ffZllcUZAi/TzqdSvHoeNR6MhgVK
xX1Sedoz2VX80H1I9ET/LNH0WptZlaxJVq8UEvPNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzZfR8Qu+Gfm8KhKIWpLCsbJvWyMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmZTE4ODA3LTA1MTItNDZmNC1hMzBmLTA0OTIwNDI2YmMxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCMpzANBgkqhkiG9w0BAQsFAAOCAQEALOSNn46rTE0S7ZLI6fhHAChaybvm
q7vaGujtyAONHfDza3E4g/VQ9AOXVEZ2jSb7jQLnFBiiXfOETHvZKC1HpeQ/dO90
gLj5cmmTAn2/+kAIDV3A7i5e3Ww+1XgfnebeVYDIo13InSpyPf/FlaJYn/mLPvUV
0bQ4Xi/RXvle6AMWOY8JmJ8yTYl6FN3eL1lPZEdQO/76D2Te5zUfNyNNauOv3dUN
o8B9eO1RDs7nyNfGh1qZRGkZfPJzg/6t8NaLneFkbeZH+YvgWsDeddzYoK8kXN7m
1NX4NsNldcUFvhfy8VTw3IPNMwINysP7aJNRFctj3DAHeIRDUUmMtUi4LQ==
-----END CERTIFICATE-----