Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d06c4360-59d9-4f8a-9e60-9ad149bb4f4a.roa
File:                     d06c4360-59d9-4f8a-9e60-9ad149bb4f4a.roa (raw, json)
Hash identifier:          RBuMq53KtV+lCulBDy95R9DH5XfTQ7H0BPPc+zA0kI0=
Subject key identifier:   A1:FB:6C:E0:8E:58:DB:0B:89:49:04:AA:DD:0D:CD:B4:7D:8E:79:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03919D8CEF5655915509CFE6EF8164F9335C7CE6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d06c4360-59d9-4f8a-9e60-9ad149bb4f4a.roa
Signing time:             Wed 12 Nov 2025 01:30:44 +0000
ROA not before:           Wed 12 Nov 2025 01:30:44 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.22.80.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:91:9d:8c:ef:56:55:91:55:09:cf:e6:ef:81:64:f9:33:5c:7c:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:30:44 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=cc734d994831568ac91f3a18bfa701dbcd84a2f6c173cd67d4e604a56a00c810, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:df:0e:a4:f2:41:db:87:16:f8:06:39:0b:04:
                    7b:a7:fc:b1:42:5e:04:b1:14:2c:dc:ae:1f:7a:44:
                    09:c1:1a:aa:5b:c3:34:a0:35:c3:f3:aa:3a:cc:c8:
                    83:4a:0b:e1:c7:37:a3:31:42:80:80:c9:32:1e:46:
                    4b:db:4a:d5:9b:50:0c:29:48:1d:17:7e:4b:ae:ca:
                    ef:f5:65:70:ff:99:00:47:27:da:c6:79:39:ea:2f:
                    31:46:1a:43:3c:21:e5:6b:ca:dc:8d:13:7f:43:ff:
                    b8:98:ca:74:49:90:88:7d:8f:5d:3d:44:97:12:33:
                    9b:b9:dd:27:60:be:f3:b3:27:9e:de:c7:a6:0f:38:
                    d7:96:9c:52:ff:09:3a:f7:2c:17:bd:9d:6e:7c:99:
                    24:bf:8a:d0:6f:8b:f5:4f:55:08:b3:50:9a:77:9c:
                    2c:da:8d:5c:36:d6:da:ac:fc:18:5f:aa:3f:81:3e:
                    3e:d5:b2:36:4d:6c:ae:13:38:89:37:30:67:5d:4b:
                    86:87:ec:c3:c4:c6:63:ba:24:ac:4b:27:56:38:09:
                    23:5d:0e:06:42:72:84:bf:34:87:10:93:69:ca:64:
                    b1:03:38:70:94:30:c7:91:d5:a3:d5:4b:9a:8d:c7:
                    af:cc:65:ac:c4:ee:45:db:3d:d4:41:58:0c:cc:14:
                    13:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FB:6C:E0:8E:58:DB:0B:89:49:04:AA:DD:0D:CD:B4:7D:8E:79:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d06c4360-59d9-4f8a-9e60-9ad149bb4f4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.22.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4c:d1:45:0d:bc:a9:1f:78:f3:29:e3:77:5a:fe:cd:6d:bd:73:
         fa:14:dd:65:e3:8d:59:63:26:f9:3f:a6:8d:88:e1:d6:74:9b:
         e6:23:37:fa:2b:b9:87:ca:4c:f4:9f:f1:7c:82:65:74:7c:e9:
         ea:15:5b:bc:59:64:45:1b:f8:97:b4:99:0a:ec:19:77:69:87:
         50:f4:a7:50:b3:95:aa:1c:8a:9b:ab:e1:71:88:8b:aa:07:60:
         1a:79:57:03:5c:91:68:61:85:c1:38:86:9d:cb:c7:04:c5:ae:
         26:f9:c1:d5:2e:d0:a7:c2:b4:f1:8e:4a:53:f0:2a:77:23:c0:
         7b:30:e3:b6:46:1a:46:16:fa:c4:d5:c7:b2:c5:37:1a:14:b9:
         df:ba:b7:ef:2f:7b:05:a2:89:6c:1f:9b:17:6e:20:14:4a:f5:
         a9:43:72:92:e8:e4:d7:ac:54:62:f5:1c:06:b6:e1:ef:1c:21:
         1e:b9:d2:53:31:1a:78:59:14:65:92:46:7d:24:33:e4:e2:02:
         78:4c:b8:fd:89:44:27:7c:df:c7:79:17:54:a7:0a:6a:4c:0f:
         2b:54:41:57:a8:48:51:ad:2c:9e:7d:66:85:29:de:fd:eb:28:
         e0:a5:8b:cd:c9:7e:88:4c:8d:e6:39:d7:48:e8:f8:44:f0:49:
         c0:5d:b8:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA5GdjO9WVZFVCc/m74Fk+TNcfOYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDEzMDQ0WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzczNGQ5OTQ4MzE1NjhhYzkxZjNhMThiZmE3MDFkYmNk
ODRhMmY2YzE3M2NkNjdkNGU2MDRhNTZhMDBjODEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCT3w6k8kHbhxb4BjkLBHun/LFCXgSxFCzcrh96RAnBGqpb
wzSgNcPzqjrMyINKC+HHN6MxQoCAyTIeRkvbStWbUAwpSB0Xfkuuyu/1ZXD/mQBH
J9rGeTnqLzFGGkM8IeVrytyNE39D/7iYynRJkIh9j109RJcSM5u53SdgvvOzJ57e
x6YPONeWnFL/CTr3LBe9nW58mSS/itBvi/VPVQizUJp3nCzajVw21tqs/Bhfqj+B
Pj7VsjZNbK4TOIk3MGddS4aH7MPExmO6JKxLJ1Y4CSNdDgZCcoS/NIcQk2nKZLED
OHCUMMeR1aPVS5qNx6/MZazE7kXbPdRBWAzMFBPpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUofts4I5Y2wuJSQSq3Q3NtH2OeW8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwNmM0MzYwLTU5ZDktNGY4YS05ZTYwLTlhZDE0OWJiNGY0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQXFlAwDQYJKoZIhvcNAQELBQADggEBAEzRRQ28qR948ynjd1r+zW29c/oU
3WXjjVljJvk/po2I4dZ0m+YjN/oruYfKTPSf8XyCZXR86eoVW7xZZEUb+Je0mQrs
GXdph1D0p1Czlaocipur4XGIi6oHYBp5VwNckWhhhcE4hp3LxwTFrib5wdUu0KfC
tPGOSlPwKncjwHsw47ZGGkYW+sTVx7LFNxoUud+6t+8vewWiiWwfmxduIBRK9alD
cpLo5NesVGL1HAa24e8cIR650lMxGnhZFGWSRn0kM+TiAnhMuP2JRCd838d5F1Sn
CmpMDytUQVeoSFGtLJ59ZoUp3v3rKOCli83JfohMjeY510jo+ETwScBduCI=
-----END CERTIFICATE-----