Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6eac564-46b0-42be-9a4a-ff56d0af6522.roa
File:                     d6eac564-46b0-42be-9a4a-ff56d0af6522.roa (raw, json)
Hash identifier:          7+xd8N2bNOZ1J8ZCeNQY0T9diyDIuoIyN0RXOJa8V/o=
Subject key identifier:   44:9F:B7:CB:58:33:BD:33:FA:69:DD:19:DF:DD:46:D4:E0:2E:8F:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1CCE21433943A12C969176C5968E956FEA6041D0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6eac564-46b0-42be-9a4a-ff56d0af6522.roa
Signing time:             Wed 12 Nov 2025 00:30:12 +0000
ROA not before:           Wed 12 Nov 2025 00:30:12 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.247.17.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:ce:21:43:39:43:a1:2c:96:91:76:c5:96:8e:95:6f:ea:60:41:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:30:12 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=028a6b15ff711e4f4536ffc042bc8a91f18f1e741f20e197254eaee4bf5a8d8b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0d:97:ea:96:ba:f6:f3:1a:be:78:3a:27:41:
                    79:51:9e:ef:af:a2:51:8f:f4:85:76:a5:a5:f4:93:
                    e2:15:01:7c:6c:3c:d7:0a:29:fc:53:ba:29:58:7d:
                    2f:fe:93:8c:90:19:63:3a:1e:32:fc:28:97:eb:37:
                    ae:43:49:eb:0e:40:df:a5:ea:fc:bb:0f:27:2c:66:
                    e9:4a:d5:bc:19:ef:0f:c2:a5:b2:f5:d9:72:a3:92:
                    78:39:6c:26:1b:1c:01:3b:84:0d:ae:e1:25:26:da:
                    41:a8:2a:4a:e9:f9:de:72:e8:9c:06:1f:6f:ba:ef:
                    81:d8:e4:78:b9:c2:92:2e:0b:29:51:36:22:2c:5e:
                    17:87:0a:f4:44:38:08:5a:0c:b1:b2:35:4a:9d:d3:
                    63:ba:65:25:ca:4f:9b:a8:b6:4e:63:d4:bd:e2:6c:
                    2c:3e:c4:c7:16:75:95:10:40:10:80:32:75:71:c3:
                    ab:47:4c:e8:ec:fe:b6:ac:41:e9:83:eb:da:8b:9d:
                    fd:6c:c7:d3:75:52:3b:df:e4:f9:66:fc:30:e2:6f:
                    33:57:60:c2:e3:f8:a8:2e:f5:4b:fb:d1:a4:8c:cf:
                    98:9d:10:0a:d8:29:61:33:72:76:c9:6f:7b:cc:be:
                    9d:ff:58:b2:5d:b4:84:cb:5b:18:e1:d0:55:5f:42:
                    1a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9F:B7:CB:58:33:BD:33:FA:69:DD:19:DF:DD:46:D4:E0:2E:8F:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6eac564-46b0-42be-9a4a-ff56d0af6522.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.247.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:82:bd:80:07:4c:aa:82:b4:85:09:f0:b4:e7:83:41:40:d2:
         f3:bf:78:c7:69:1f:b4:df:dc:ae:58:8a:92:f8:21:81:05:46:
         44:1c:01:83:dc:dc:bf:73:76:92:9d:f6:b2:e1:fb:d0:7c:30:
         84:22:66:9e:d8:36:56:33:05:19:80:a1:0b:0a:bb:fb:6c:17:
         93:e9:fe:f7:be:bd:41:7c:f3:48:66:2c:67:43:1c:c1:91:5a:
         e5:78:56:c0:18:2b:21:f6:b7:3f:2c:42:13:e9:69:57:f7:b6:
         81:2b:fc:ce:6f:9e:fa:80:88:85:df:57:99:49:5f:5e:c5:3c:
         38:5c:c0:5d:be:c1:88:7c:3d:a6:47:9f:c6:3d:49:33:5b:db:
         32:f5:14:00:5f:ab:c9:0e:a9:0e:52:d7:a3:2f:c0:89:42:13:
         5f:15:6a:b1:a5:f0:28:7b:d9:8d:b0:f8:0a:0f:dc:b6:86:50:
         b4:46:b0:29:e5:b2:35:ee:bd:53:c7:9b:23:69:cb:b9:ea:19:
         42:99:34:28:fc:9d:15:49:0d:03:9b:2f:a3:20:b0:5d:5f:f9:
         97:6e:16:a0:65:86:96:b5:78:58:1c:b3:6c:c4:bc:bd:c0:80:
         eb:ed:38:42:2f:f2:36:5a:ab:70:95:8a:36:dd:da:b1:47:f6:
         97:1b:9d:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHM4hQzlDoSyWkXbFlo6Vb+pgQdAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAzMDEyWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjhhNmIxNWZmNzExZTRmNDUzNmZmYzA0MmJjOGE5MWYx
OGYxZTc0MWYyMGUxOTcyNTRlYWVlNGJmNWE4ZDhiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHDZfqlrr28xq+eDonQXlRnu+volGP9IV2paX0k+IVAXxs
PNcKKfxTuilYfS/+k4yQGWM6HjL8KJfrN65DSesOQN+l6vy7DycsZulK1bwZ7w/C
pbL12XKjkng5bCYbHAE7hA2u4SUm2kGoKkrp+d5y6JwGH2+674HY5Hi5wpIuCylR
NiIsXheHCvREOAhaDLGyNUqd02O6ZSXKT5uotk5j1L3ibCw+xMcWdZUQQBCAMnVx
w6tHTOjs/rasQemD69qLnf1sx9N1Ujvf5Plm/DDibzNXYMLj+Kgu9Uv70aSMz5id
EArYKWEzcnbJb3vMvp3/WLJdtITLWxjh0FVfQhoRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURJ+3y1gzvTP6ad0Z391G1OAuj74wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2ZWFjNTY0LTQ2YjAtNDJiZS05YTRhLWZmNTZkMGFmNjUyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAs9xEwDQYJKoZIhvcNAQELBQADggEBAB6CvYAHTKqCtIUJ8LTng0FA0vO/
eMdpH7Tf3K5YipL4IYEFRkQcAYPc3L9zdpKd9rLh+9B8MIQiZp7YNlYzBRmAoQsK
u/tsF5Pp/ve+vUF880hmLGdDHMGRWuV4VsAYKyH2tz8sQhPpaVf3toEr/M5vnvqA
iIXfV5lJX17FPDhcwF2+wYh8PaZHn8Y9STNb2zL1FABfq8kOqQ5S16MvwIlCE18V
arGl8Ch72Y2w+AoP3LaGULRGsCnlsjXuvVPHmyNpy7nqGUKZNCj8nRVJDQObL6Mg
sF1f+ZduFqBlhpa1eFgcs2zEvL3AgOvtOEIv8jZaq3CVijbd2rFH9pcbnas=
-----END CERTIFICATE-----