Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf517b2e-8f05-4d24-bfe1-6207c312e178.roa
File:                     bf517b2e-8f05-4d24-bfe1-6207c312e178.roa (raw, json)
Hash identifier:          AnKkTRrPD7fwldOvzMRl/4kmC8z0ChpV6Dp+4vrkUPI=
Subject key identifier:   56:42:FB:67:62:1E:D1:A7:F2:F0:37:EF:6E:F3:65:C9:EA:F8:DC:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0773589EE36BD9B67D5AF5B6AEFCBEA0C29EED54
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf517b2e-8f05-4d24-bfe1-6207c312e178.roa
Signing time:             Sun 16 Nov 2025 00:30:14 +0000
ROA not before:           Sun 16 Nov 2025 00:30:14 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.246.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:73:58:9e:e3:6b:d9:b6:7d:5a:f5:b6:ae:fc:be:a0:c2:9e:ed:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:30:14 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=b7a40815ecfb0111c8ef1990cbdd06850c4d8b29e68acd1b80efa9008182904c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7e:a3:85:6f:7f:a0:98:83:fc:0c:eb:13:3f:
                    6b:59:7c:91:31:a3:88:a9:01:5f:dd:6a:db:e1:7f:
                    92:22:a7:62:b0:a9:42:4c:c5:7b:4d:b5:bb:34:e4:
                    d6:40:df:eb:a0:fe:32:75:84:1f:95:26:42:30:5d:
                    a5:62:cc:7c:89:6e:d5:de:3c:da:14:94:d8:c8:89:
                    97:96:a7:a5:e1:79:d6:a9:64:d7:de:1d:2b:67:a6:
                    93:bf:1e:05:2b:f7:d2:d1:f2:a2:0a:1f:a6:bf:c6:
                    bd:c8:ae:59:49:69:17:7c:86:48:4b:5f:c5:c5:df:
                    7a:94:51:24:19:38:0e:9b:b7:85:2f:b9:6b:5b:57:
                    c9:52:7d:eb:06:52:d9:30:d5:87:c5:d2:d7:53:aa:
                    3f:6c:8a:39:8e:39:62:cc:e8:87:2f:32:fe:de:c9:
                    87:34:11:ad:72:90:34:ca:50:aa:28:15:89:02:8b:
                    7b:17:9c:25:b9:01:1f:20:c6:2b:86:8b:b8:79:0d:
                    c1:9f:11:f0:61:3c:ac:18:73:db:41:8f:70:1d:a1:
                    7b:6c:43:43:fe:01:6a:ff:01:18:43:73:66:55:47:
                    a9:80:a8:1a:49:e4:d6:24:61:1f:06:f6:5d:df:4a:
                    73:5e:ac:70:02:25:2b:35:99:a3:7f:c6:7e:f8:79:
                    c3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:42:FB:67:62:1E:D1:A7:F2:F0:37:EF:6E:F3:65:C9:EA:F8:DC:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf517b2e-8f05-4d24-bfe1-6207c312e178.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.246.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         23:04:a2:aa:21:b3:1f:fc:96:27:03:48:8b:a2:45:17:0e:7b:
         e8:aa:39:2f:13:01:58:b5:17:2a:47:33:0d:ad:9b:fe:af:bb:
         ae:53:55:af:eb:a0:79:a3:89:72:a8:6d:28:4e:97:c9:9c:98:
         34:13:88:e3:84:19:8f:3d:60:0f:6f:e8:4d:2f:80:a8:a7:92:
         a9:bc:9a:35:70:9a:a2:b7:5b:41:ef:a3:c6:62:e4:ec:a8:5f:
         ea:0a:8f:c8:51:f8:96:32:15:7b:60:83:71:ed:82:5f:2f:63:
         f6:2f:2f:1a:da:13:15:82:41:3c:ff:d0:d6:cd:04:e3:cf:1f:
         07:8a:64:7f:0a:49:9d:42:fa:b8:db:48:98:b5:54:56:0f:f6:
         17:d7:00:81:19:66:d7:21:d7:a1:f2:49:77:0a:c5:fb:7c:4b:
         6e:de:e7:9e:7d:34:af:53:74:9f:ad:0e:5a:8a:c3:1f:b2:72:
         37:76:fa:36:dc:4d:a0:d0:0a:54:c1:db:a7:59:37:b4:f9:03:
         56:10:8b:4e:e6:3d:49:d7:8e:1e:9f:81:0b:de:b2:55:55:ec:
         1c:96:0b:8f:94:ec:3f:b9:0f:61:e9:f6:83:ad:46:dd:81:03:
         47:75:8a:59:e5:42:04:80:5d:02:4e:cb:0f:2b:8d:10:a1:f5:
         44:ba:6c:66
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUB3NYnuNr2bZ9WvW2rvy+oMKe7VQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMDE0WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiN2E0MDgxNWVjZmIwMTExYzhlZjE5OTBjYmRkMDY4NTBj
NGQ4YjI5ZTY4YWNkMWI4MGVmYTkwMDgxODI5MDRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOfqOFb3+gmIP8DOsTP2tZfJExo4ipAV/datvhf5Iip2Kw
qUJMxXtNtbs05NZA3+ug/jJ1hB+VJkIwXaVizHyJbtXePNoUlNjIiZeWp6Xhedap
ZNfeHStnppO/HgUr99LR8qIKH6a/xr3IrllJaRd8hkhLX8XF33qUUSQZOA6bt4Uv
uWtbV8lSfesGUtkw1YfF0tdTqj9sijmOOWLM6IcvMv7eyYc0Ea1ykDTKUKooFYkC
i3sXnCW5AR8gxiuGi7h5DcGfEfBhPKwYc9tBj3AdoXtsQ0P+AWr/ARhDc2ZVR6mA
qBpJ5NYkYR8G9l3fSnNerHACJSs1maN/xn74ecPvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVkL7Z2Ie0afy8DfvbvNlyer43MQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmNTE3YjJlLThmMDUtNGQyNC1iZmUxLTYyMDdjMzEyZTE3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA59jANBgkqhkiG9w0BAQsFAAOCAQEAIwSiqiGzH/yWJwNIi6JFFw576Ko5
LxMBWLUXKkczDa2b/q+7rlNVr+ugeaOJcqhtKE6XyZyYNBOI44QZjz1gD2/oTS+A
qKeSqbyaNXCaordbQe+jxmLk7Khf6gqPyFH4ljIVe2CDce2CXy9j9i8vGtoTFYJB
PP/Q1s0E488fB4pkfwpJnUL6uNtImLVUVg/2F9cAgRlm1yHXofJJdwrF+3xLbt7n
nn00r1N0n60OWorDH7JyN3b6NtxNoNAKVMHbp1k3tPkDVhCLTuY9SdeOHp+BC96y
VVXsHJYLj5TsP7kPYen2g61G3YEDR3WKWeVCBIBdAk7LDyuNEKH1RLpsZg==
-----END CERTIFICATE-----