Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa
File:                     b2c3c467-0357-412c-8f21-70113f26e16c.roa (raw, json)
Hash identifier:          SOB87e867iP/5HI5TMBhLwcPRnZdKQuz+3It7n5eUxA=
Subject key identifier:   7B:E3:DE:09:F1:3E:DF:3C:21:A3:43:05:71:C7:7D:8F:CE:0B:EA:4D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E1F1C6B161AEDFE6A214990F8F8E0E94445D659
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa
Signing time:             Sun 16 Nov 2025 00:10:43 +0000
ROA not before:           Sun 16 Nov 2025 00:10:43 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        205.172.176.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:1f:1c:6b:16:1a:ed:fe:6a:21:49:90:f8:f8:e0:e9:44:45:d6:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:10:43 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=ea60c9dac48329a8cd4835da1999b071ce32287b66a21819d1cc71112683f6f6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:72:c9:42:f4:cc:9d:83:9a:e3:81:a6:2e:e6:
                    6f:5a:99:3f:62:5b:1e:f7:04:6f:11:e7:3f:25:65:
                    b0:1c:90:aa:38:25:c6:34:74:69:70:7f:de:57:6c:
                    0a:6c:16:0f:fc:99:76:72:bf:b0:bf:08:64:57:95:
                    40:6c:64:28:a8:9e:6b:76:ba:ed:94:dd:36:ef:87:
                    bd:cf:7e:8a:cb:81:a3:df:e3:44:45:ce:cd:e0:3f:
                    2b:fb:cd:76:ee:5b:05:60:64:eb:b4:3e:ab:87:d5:
                    50:ba:6a:55:cb:ea:75:ac:4e:8b:7f:a4:6c:51:c5:
                    25:2e:8d:f7:3e:ab:89:dc:26:75:45:50:72:13:76:
                    95:23:81:44:a9:3d:5e:59:3b:9d:01:9e:ed:b6:92:
                    c3:09:ff:58:9c:4f:0d:df:9d:42:ca:df:bb:e3:fa:
                    89:2e:01:23:f0:fb:80:86:9e:74:ce:d3:97:a7:28:
                    a7:bd:16:d5:00:16:b2:9f:86:85:cd:0c:56:9f:85:
                    19:50:82:f5:61:96:a1:0c:ac:fe:b0:fe:c4:e0:4d:
                    50:6c:d5:4f:d6:02:33:f0:0d:b0:a6:dd:ad:ee:39:
                    2d:ab:60:2c:d1:fa:89:e9:32:fd:f3:4c:0f:0a:bb:
                    fc:51:cd:ea:27:94:82:c6:c8:6d:3b:bc:58:73:80:
                    34:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:E3:DE:09:F1:3E:DF:3C:21:A3:43:05:71:C7:7D:8F:CE:0B:EA:4D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c467-0357-412c-8f21-70113f26e16c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.172.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:3b:62:d4:b0:c0:b5:cf:a7:4b:50:71:00:97:8e:ab:ce:ca:
         7f:5a:1e:36:df:f8:5b:19:e2:5b:72:03:9e:af:00:57:c9:8c:
         a8:75:61:85:b4:2c:1f:25:bf:d2:9b:aa:ae:d8:2d:a3:b5:91:
         94:2c:63:e0:2a:68:be:2a:81:98:ae:68:90:bb:63:13:d3:f5:
         00:1a:0d:eb:1b:f5:98:e9:f6:6e:05:1a:67:80:46:ff:b1:eb:
         57:a5:58:69:6e:c8:27:ec:4f:05:b5:f0:be:2f:85:f3:40:32:
         89:10:7d:07:4f:9e:82:ea:65:4c:4a:75:5a:b8:ac:b5:95:31:
         dc:be:67:4b:6b:9e:00:6e:b2:a9:7e:7a:76:4d:64:90:82:51:
         7b:80:bc:8c:6c:80:9c:43:83:84:76:2c:3e:aa:80:dc:4a:e7:
         ff:53:ae:25:8e:cb:85:9f:ed:a1:42:9e:6c:00:d0:bf:fa:39:
         f8:9a:17:70:50:fd:70:46:9f:f7:d7:60:41:00:19:24:88:44:
         90:ce:2e:9e:3c:48:bf:2a:b5:f7:31:91:ea:c5:9c:16:73:a3:
         95:fb:ac:4d:30:de:b0:3c:f4:02:58:52:04:04:1d:af:ca:2e:
         e9:93:3c:d8:1d:9b:5e:7f:2d:a0:14:7e:70:6e:f0:fc:58:16:
         5d:28:ba:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbh8caxYa7f5qIUmQ+Pjg6URF1lkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAxMDQzWhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTYwYzlkYWM0ODMyOWE4Y2Q0ODM1ZGExOTk5YjA3MWNl
MzIyODdiNjZhMjE4MTlkMWNjNzExMTI2ODNmNmY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7cslC9Mydg5rjgaYu5m9amT9iWx73BG8R5z8lZbAckKo4
JcY0dGlwf95XbApsFg/8mXZyv7C/CGRXlUBsZCionmt2uu2U3Tbvh73PforLgaPf
40RFzs3gPyv7zXbuWwVgZOu0PquH1VC6alXL6nWsTot/pGxRxSUujfc+q4ncJnVF
UHITdpUjgUSpPV5ZO50Bnu22ksMJ/1icTw3fnULK37vj+okuASPw+4CGnnTO05en
KKe9FtUAFrKfhoXNDFafhRlQgvVhlqEMrP6w/sTgTVBs1U/WAjPwDbCm3a3uOS2r
YCzR+onpMv3zTA8Ku/xRzeonlILGyG07vFhzgDSrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUe+PeCfE+3zwho0MFccd9j84L6k0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyYzNjNDY3LTAzNTctNDEyYy04ZjIxLTcwMTEzZjI2ZTE2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALNrLAwDQYJKoZIhvcNAQELBQADggEBAIY7YtSwwLXPp0tQcQCXjqvOyn9a
Hjbf+FsZ4ltyA56vAFfJjKh1YYW0LB8lv9Kbqq7YLaO1kZQsY+AqaL4qgZiuaJC7
YxPT9QAaDesb9Zjp9m4FGmeARv+x61elWGluyCfsTwW18L4vhfNAMokQfQdPnoLq
ZUxKdVq4rLWVMdy+Z0trngBusql+enZNZJCCUXuAvIxsgJxDg4R2LD6qgNxK5/9T
riWOy4Wf7aFCnmwA0L/6OfiaF3BQ/XBGn/fXYEEAGSSIRJDOLp48SL8qtfcxkerF
nBZzo5X7rE0w3rA89AJYUgQEHa/KLumTPNgdm15/LaAUfnBu8PxYFl0ouig=
-----END CERTIFICATE-----