Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8dd3bb1-ba43-44ca-9cd5-560d785c94a5.roa
File:                     d8dd3bb1-ba43-44ca-9cd5-560d785c94a5.roa (raw, json)
Hash identifier:          01f4Lov1szpQUJRwWJ+Uny+lkl1vxhHZSfcA5fwH7Lw=
Subject key identifier:   5B:48:E5:FD:81:7F:94:94:BE:09:2C:0C:15:66:0D:0B:F1:56:16:78
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E9A11F0C4604605954943DDF2AAF5A32A4389F1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8dd3bb1-ba43-44ca-9cd5-560d785c94a5.roa
Signing time:             Sat 25 Oct 2025 00:30:51 +0000
ROA not before:           Sat 25 Oct 2025 00:30:51 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.254.16.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:9a:11:f0:c4:60:46:05:95:49:43:dd:f2:aa:f5:a3:2a:43:89:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:30:51 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=f735d0db3c9e17a1e9726e62972dd1fe4ddaadda6e950855dd5721f7f774ce80, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b5:55:8e:ab:d9:97:db:33:55:3a:74:30:8b:
                    86:fd:73:aa:b3:e6:2a:83:95:5f:c1:63:51:15:35:
                    a1:a9:f9:c8:ec:18:cc:c3:69:61:d9:8c:4d:24:a1:
                    39:b9:32:99:12:d8:4f:78:4b:28:84:50:5c:37:91:
                    32:bb:b3:c7:a0:56:63:96:df:58:7d:b3:6d:03:a2:
                    75:e2:2c:da:3f:ff:61:63:2d:56:50:fc:51:ad:cb:
                    b6:bf:b9:95:15:55:4b:1a:54:bb:4e:a8:b1:c5:14:
                    9f:c0:e0:ee:51:06:ec:72:58:25:ad:2b:79:44:85:
                    9c:f9:27:d5:55:4a:ee:98:8e:22:ac:0e:40:92:31:
                    97:b6:4a:4f:0a:6f:f1:8c:c2:d3:37:0a:cd:af:73:
                    a3:0e:22:85:5c:54:d4:13:7e:84:57:86:65:3c:cb:
                    19:eb:c0:66:f5:f8:ca:0c:0b:c3:4b:bb:0f:a4:9d:
                    04:96:d6:df:1b:52:6e:2f:0d:99:33:4d:32:21:63:
                    58:3a:3d:21:fb:71:64:db:53:23:5c:f8:e2:a6:a6:
                    de:39:d1:af:9c:51:8e:c5:a0:53:61:5c:f8:68:7a:
                    93:9f:8a:b7:2a:a3:6a:a5:ee:6f:9b:e4:49:9c:fb:
                    b1:fd:c6:bf:56:1f:75:d4:f1:55:58:75:35:1f:ff:
                    48:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:48:E5:FD:81:7F:94:94:BE:09:2C:0C:15:66:0D:0B:F1:56:16:78
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8dd3bb1-ba43-44ca-9cd5-560d785c94a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.254.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:ca:4f:db:49:eb:97:b3:d3:fe:44:17:43:b2:a9:5a:c3:c5:
         9a:1e:e3:89:c9:13:13:46:31:9e:a4:6c:e0:72:4f:a9:ea:ff:
         02:c0:c8:27:d1:3d:97:df:94:78:ad:93:62:f3:86:e1:e3:54:
         a7:6a:1a:a4:12:33:5e:9d:04:f6:24:40:e7:a7:79:1c:19:d7:
         78:2e:6b:83:25:7d:9d:6f:62:c2:4c:07:76:d1:da:fe:67:18:
         9d:1c:a3:42:52:0e:05:33:0d:71:13:03:d4:02:77:ff:65:82:
         cf:01:a3:b3:51:8c:90:5c:7f:b7:32:1e:a9:a8:0b:54:51:3f:
         af:dd:2d:26:21:46:06:34:f9:35:f2:e3:25:b5:40:b5:c4:75:
         20:b3:97:22:6e:1d:02:2c:d4:0a:10:bb:31:fe:e9:62:a2:5b:
         42:37:0a:aa:44:c6:8c:ef:ed:a5:1f:81:4e:32:c6:8a:6c:b9:
         1d:fa:24:d2:38:83:c9:cf:8e:38:59:bf:1f:ed:35:f6:c8:3b:
         c6:70:cd:96:fa:e5:88:d6:81:63:38:20:28:e1:64:d5:14:3d:
         d2:17:e6:52:67:d2:7c:98:e2:bb:cc:a3:0d:99:3c:b9:de:51:
         74:e1:53:95:45:8b:fb:f4:ef:7e:f6:33:dc:94:87:cd:bf:aa:
         06:a9:11:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPpoR8MRgRgWVSUPd8qr1oypDifEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAzMDUxWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzM1ZDBkYjNjOWUxN2ExZTk3MjZlNjI5NzJkZDFmZTRk
ZGFhZGRhNmU5NTA4NTVkZDU3MjFmN2Y3NzRjZTgwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDitVWOq9mX2zNVOnQwi4b9c6qz5iqDlV/BY1EVNaGp+cjs
GMzDaWHZjE0koTm5MpkS2E94SyiEUFw3kTK7s8egVmOW31h9s20DonXiLNo//2Fj
LVZQ/FGty7a/uZUVVUsaVLtOqLHFFJ/A4O5RBuxyWCWtK3lEhZz5J9VVSu6YjiKs
DkCSMZe2Sk8Kb/GMwtM3Cs2vc6MOIoVcVNQTfoRXhmU8yxnrwGb1+MoMC8NLuw+k
nQSW1t8bUm4vDZkzTTIhY1g6PSH7cWTbUyNc+OKmpt450a+cUY7FoFNhXPhoepOf
ircqo2ql7m+b5Emc+7H9xr9WH3XU8VVYdTUf/0g1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUW0jl/YF/lJS+CSwMFWYNC/FWFngwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4ZGQzYmIxLWJhNDMtNDRjYS05Y2Q1LTU2MGQ3ODVjOTRhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIX/hAwDQYJKoZIhvcNAQELBQADggEBADnKT9tJ65ez0/5EF0OyqVrDxZoe
44nJExNGMZ6kbOByT6nq/wLAyCfRPZfflHitk2LzhuHjVKdqGqQSM16dBPYkQOen
eRwZ13gua4MlfZ1vYsJMB3bR2v5nGJ0co0JSDgUzDXETA9QCd/9lgs8Bo7NRjJBc
f7cyHqmoC1RRP6/dLSYhRgY0+TXy4yW1QLXEdSCzlyJuHQIs1AoQuzH+6WKiW0I3
CqpExozv7aUfgU4yxopsuR36JNI4g8nPjjhZvx/tNfbIO8ZwzZb65YjWgWM4ICjh
ZNUUPdIX5lJn0nyY4rvMow2ZPLneUXThU5VFi/v07372M9yUh82/qgapEe8=
-----END CERTIFICATE-----