Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e18127e7-1573-4e16-8284-95afb7316aa5.roa
File:                     e18127e7-1573-4e16-8284-95afb7316aa5.roa (raw, json)
Hash identifier:          PDGhg/Ox3YSIzSUt2HXTq+sDk9ScL2IeofrIpbYYs98=
Subject key identifier:   38:16:46:BC:1F:CC:A2:03:34:6A:E9:9A:4B:2C:AD:4C:02:46:02:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       478EB0D1F28E3005B763D38795E034BB5D5700B8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e18127e7-1573-4e16-8284-95afb7316aa5.roa
Signing time:             Sat 15 Nov 2025 00:40:44 +0000
ROA not before:           Sat 15 Nov 2025 00:40:44 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.137.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:8e:b0:d1:f2:8e:30:05:b7:63:d3:87:95:e0:34:bb:5d:57:00:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:40:44 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=d3dc0fa3af7cb56d09b7779e299732cca4a98df5902d829f0cdcc6bcdfb906fa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:eb:f4:29:48:85:30:00:df:2a:5d:bf:90:34:
                    63:9c:cf:66:b4:7a:54:bb:5f:08:c9:b5:c5:f6:d6:
                    b9:88:92:a0:ee:b8:1f:22:d1:88:47:d1:60:ba:a5:
                    16:e7:84:81:6d:47:f0:7d:1f:99:c3:00:16:20:e8:
                    e1:3f:1a:cb:24:a2:06:88:72:ce:8c:15:74:41:5a:
                    ba:b5:10:d7:c7:e4:40:e5:15:54:99:bb:1a:21:f0:
                    e8:8a:91:6d:f2:7f:19:00:25:ed:37:44:a6:60:f4:
                    91:2d:7c:09:b4:74:fb:e9:eb:9e:d5:e3:16:58:6d:
                    35:3b:1b:39:8f:50:29:f7:e2:74:4f:aa:ed:c3:e4:
                    a5:52:42:6b:43:87:03:e6:02:3c:7c:dc:95:ca:b8:
                    54:d2:1e:6c:80:80:3e:27:35:92:97:ad:5a:54:d5:
                    c3:11:af:e1:af:c7:f0:76:64:69:9f:25:86:0b:b9:
                    40:0b:10:50:9e:76:3f:8c:74:e8:7e:f2:41:09:e3:
                    13:29:fd:41:96:03:de:9f:eb:4f:9a:35:c7:eb:da:
                    29:c5:f9:ef:ac:28:39:57:0b:fe:19:99:11:2b:66:
                    44:14:5e:8e:c1:20:18:20:a2:b4:f6:8f:19:44:c1:
                    a9:6c:a4:e3:87:6b:a4:30:41:b7:bb:bb:d0:3c:7b:
                    f9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:16:46:BC:1F:CC:A2:03:34:6A:E9:9A:4B:2C:AD:4C:02:46:02:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e18127e7-1573-4e16-8284-95afb7316aa5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.137.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d3:3d:de:a9:14:df:b4:d2:20:30:16:80:0a:db:d9:af:37:e0:
         1f:a3:90:cd:dc:24:5c:a5:f5:aa:4b:91:1f:80:68:d1:a6:34:
         ea:86:d7:0b:07:7a:27:49:69:dd:94:30:26:85:44:b3:69:23:
         cd:b0:93:59:52:76:31:ba:7c:4b:27:5f:bd:d2:62:22:62:ec:
         92:8e:6d:25:fe:dc:ee:a2:0d:35:11:b3:d3:01:f6:f2:b9:f8:
         8c:be:32:cc:12:7c:2e:03:e8:c6:20:78:6a:1b:6b:7d:09:7f:
         4d:30:0c:ad:e8:b3:73:6a:87:90:aa:d1:ac:3b:f9:9a:26:60:
         76:ec:08:9a:c5:8e:84:cf:4c:a0:e6:12:e7:0f:0c:77:b9:d1:
         a3:4e:f4:0e:83:e6:39:64:35:40:89:5e:46:f6:17:7b:b7:92:
         7a:80:a0:ec:08:fe:e6:62:89:94:10:2d:c7:01:ab:76:b4:05:
         cf:0b:4f:30:17:45:ec:0d:e0:49:01:1b:28:21:8f:93:d3:82:
         c6:63:a4:fb:5c:9f:86:75:a6:36:f4:92:7d:31:55:35:f8:39:
         a0:69:d7:89:8b:5b:83:ad:3a:50:a0:4e:1d:e2:cb:fd:27:50:
         96:8c:b3:04:0b:b0:6d:24:82:bf:74:1c:60:74:32:55:16:ed:
         42:d6:ba:9a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR46w0fKOMAW3Y9OHleA0u11XALgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDA0MDQ0WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkM2RjMGZhM2FmN2NiNTZkMDliNzc3OWUyOTk3MzJjY2E0
YTk4ZGY1OTAyZDgyOWYwY2RjYzZiY2RmYjkwNmZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCo6/QpSIUwAN8qXb+QNGOcz2a0elS7XwjJtcX21rmIkqDu
uB8i0YhH0WC6pRbnhIFtR/B9H5nDABYg6OE/GsskogaIcs6MFXRBWrq1ENfH5EDl
FVSZuxoh8OiKkW3yfxkAJe03RKZg9JEtfAm0dPvp657V4xZYbTU7GzmPUCn34nRP
qu3D5KVSQmtDhwPmAjx83JXKuFTSHmyAgD4nNZKXrVpU1cMRr+Gvx/B2ZGmfJYYL
uUALEFCedj+MdOh+8kEJ4xMp/UGWA96f60+aNcfr2inF+e+sKDlXC/4ZmRErZkQU
Xo7BIBggorT2jxlEwalspOOHa6QwQbe7u9A8e/nLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOBZGvB/MogM0aumaSyytTAJGApMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UxODEyN2U3LTE1NzMtNGUxNi04Mjg0LTk1YWZiNzMxNmFhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2iTANBgkqhkiG9w0BAQsFAAOCAQEA0z3eqRTftNIgMBaACtvZrzfgH6OQ
zdwkXKX1qkuRH4Bo0aY06obXCwd6J0lp3ZQwJoVEs2kjzbCTWVJ2Mbp8SydfvdJi
ImLsko5tJf7c7qINNRGz0wH28rn4jL4yzBJ8LgPoxiB4ahtrfQl/TTAMreizc2qH
kKrRrDv5miZgduwImsWOhM9MoOYS5w8Md7nRo070DoPmOWQ1QIleRvYXe7eSeoCg
7Aj+5mKJlBAtxwGrdrQFzwtPMBdF7A3gSQEbKCGPk9OCxmOk+1yfhnWmNvSSfTFV
Nfg5oGnXiYtbg606UKBOHeLL/SdQloyzBAuwbSSCv3QcYHQyVRbtQta6mg==
-----END CERTIFICATE-----