Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8f5305d-5841-42e2-ad49-6c34831c42bb.roa
File:                     d8f5305d-5841-42e2-ad49-6c34831c42bb.roa (raw, json)
Hash identifier:          GZb07bfac8pDjXtYTNfppAF1zHlGDy7su9nhkavCKbA=
Subject key identifier:   96:B4:69:F7:AB:E7:46:C9:65:57:DD:8B:BC:A3:1B:CD:A1:B3:90:9D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       348446E3835FFD7AFDFCF2533E24763D0A85E8F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8f5305d-5841-42e2-ad49-6c34831c42bb.roa
Signing time:             Tue 11 Nov 2025 02:00:08 +0000
ROA not before:           Tue 11 Nov 2025 02:00:08 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.193.0.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:84:46:e3:83:5f:fd:7a:fd:fc:f2:53:3e:24:76:3d:0a:85:e8:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:00:08 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=d5f239ef486c66b6a4229a871082a9102f171e68a2933dbc7f24792060bf341c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9a:d8:8f:5f:1d:56:1d:f1:e3:23:c6:01:4d:
                    08:1e:d9:bd:2c:64:4e:a6:b2:32:06:5d:b0:83:6e:
                    8a:04:f7:5a:90:9c:e7:cc:0c:70:5e:90:e9:56:4e:
                    69:a9:29:25:06:7e:d1:ba:ff:6c:7d:41:6b:09:13:
                    16:49:e4:d5:b4:df:04:ec:83:29:37:95:cc:05:bf:
                    1a:f3:3c:d6:7b:3f:79:af:4c:18:65:92:20:39:78:
                    09:4b:e6:f9:b2:cb:3f:ab:6d:87:e7:d5:97:cb:ae:
                    f1:ca:23:da:2e:81:fb:ee:99:f6:6c:f3:26:92:92:
                    cc:de:00:e0:16:16:62:3e:93:25:59:86:16:06:1a:
                    78:50:95:cc:25:a1:e8:c1:c5:dd:92:ef:32:1b:5a:
                    94:ff:d4:e3:c8:46:bf:b0:78:f3:8f:7c:11:86:19:
                    65:a8:17:62:7d:3b:8c:24:5b:03:a2:c9:de:86:bb:
                    db:aa:da:10:a7:49:3c:6e:5b:e5:63:5e:e6:47:77:
                    29:90:f8:b6:17:71:cd:68:9d:ab:84:b1:65:d3:75:
                    66:9f:5a:8a:00:c0:4f:b1:d2:f7:74:dd:52:fc:c8:
                    bb:4c:cd:ad:2e:11:ce:3c:b3:38:3a:f5:33:03:b1:
                    e3:95:12:ce:cc:5f:a4:20:5e:fd:a0:93:a3:90:7e:
                    d4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B4:69:F7:AB:E7:46:C9:65:57:DD:8B:BC:A3:1B:CD:A1:B3:90:9D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8f5305d-5841-42e2-ad49-6c34831c42bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.193.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6b:ac:86:1d:5e:45:9f:c2:eb:36:9a:b6:26:7c:1d:dc:97:75:
         cd:7b:ae:a9:f0:48:70:e9:3f:9a:79:55:b2:69:8b:92:24:74:
         82:1d:31:91:e3:16:cf:ab:3f:a8:a7:48:53:66:bb:df:23:84:
         b8:3b:2e:ba:7d:61:59:bf:6c:62:b7:24:da:5b:11:23:91:ce:
         e0:d1:b1:2f:ea:06:7a:a0:f3:6b:70:60:a8:30:10:76:24:45:
         dd:01:fa:43:69:f9:fd:92:66:03:d6:69:a1:5b:c2:49:23:d0:
         0a:f9:69:93:c8:7f:7d:52:62:ee:5a:cf:b4:10:77:67:58:87:
         dd:4a:0b:00:58:86:ab:77:af:eb:30:a6:9b:23:05:43:22:54:
         57:f0:b1:c1:25:d9:2e:a1:8f:55:5c:25:d7:d5:54:bb:75:17:
         9f:94:76:0b:63:fe:78:a5:3b:c2:56:ac:3c:5e:3b:47:76:7a:
         9f:c9:dd:87:e3:22:45:25:a7:09:42:b8:de:43:4d:61:65:ec:
         60:82:c2:81:92:b4:18:54:ad:90:9c:fb:73:78:3c:59:f1:7b:
         5d:2c:cf:c5:59:21:73:bb:1d:c6:22:33:2c:0e:43:9e:31:3c:
         22:48:e5:5c:96:83:52:5c:ec:43:1a:83:15:f7:41:f9:92:5f:
         96:6f:b4:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNIRG44Nf/Xr9/PJTPiR2PQqF6PQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIwMDA4WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNWYyMzllZjQ4NmM2NmI2YTQyMjlhODcxMDgyYTkxMDJm
MTcxZTY4YTI5MzNkYmM3ZjI0NzkyMDYwYmYzNDFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDimtiPXx1WHfHjI8YBTQge2b0sZE6msjIGXbCDbooE91qQ
nOfMDHBekOlWTmmpKSUGftG6/2x9QWsJExZJ5NW03wTsgyk3lcwFvxrzPNZ7P3mv
TBhlkiA5eAlL5vmyyz+rbYfn1ZfLrvHKI9ougfvumfZs8yaSkszeAOAWFmI+kyVZ
hhYGGnhQlcwloejBxd2S7zIbWpT/1OPIRr+wePOPfBGGGWWoF2J9O4wkWwOiyd6G
u9uq2hCnSTxuW+VjXuZHdymQ+LYXcc1onauEsWXTdWafWooAwE+x0vd03VL8yLtM
za0uEc48szg69TMDseOVEs7MX6QgXv2gk6OQftT9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlrRp96vnRsllV92LvKMbzaGzkJ0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4ZjUzMDVkLTU4NDEtNDJlMi1hZDQ5LTZjMzQ4MzFjNDJiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWhwQAwDQYJKoZIhvcNAQELBQADggEBAGushh1eRZ/C6zaatiZ8HdyXdc17
rqnwSHDpP5p5VbJpi5IkdIIdMZHjFs+rP6inSFNmu98jhLg7Lrp9YVm/bGK3JNpb
ESORzuDRsS/qBnqg82twYKgwEHYkRd0B+kNp+f2SZgPWaaFbwkkj0Ar5aZPIf31S
Yu5az7QQd2dYh91KCwBYhqt3r+swppsjBUMiVFfwscEl2S6hj1VcJdfVVLt1F5+U
dgtj/nilO8JWrDxeO0d2ep/J3YfjIkUlpwlCuN5DTWFl7GCCwoGStBhUrZCc+3N4
PFnxe10sz8VZIXO7HcYiMywOQ54xPCJI5VyWg1Jc7EMagxX3QfmSX5ZvtDs=
-----END CERTIFICATE-----