Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f87a9816-c748-4bfb-9e42-8d7c00a32f35.roa
File:                     f87a9816-c748-4bfb-9e42-8d7c00a32f35.roa (raw, json)
Hash identifier:          0SRBod96kp4fNOCj+pAlqTrfUjQ8TIsN8q5hrOGihmg=
Subject key identifier:   97:27:35:82:A6:C7:AD:97:3A:30:88:2D:F0:08:54:98:21:FB:8B:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F7A9952C88276618777190881D189657B485164
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f87a9816-c748-4bfb-9e42-8d7c00a32f35.roa
Signing time:             Thu 13 Nov 2025 00:40:15 +0000
ROA not before:           Thu 13 Nov 2025 00:40:15 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.34.96.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:7a:99:52:c8:82:76:61:87:77:19:08:81:d1:89:65:7b:48:51:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:40:15 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=5f7d9f6ab7d09c5b3482253b79015633ed2870201533a164bc3cce5a3530cabc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:50:cf:40:c4:15:ba:90:eb:24:8d:8a:28:f6:
                    8b:18:cf:f3:00:49:42:84:86:ba:eb:89:11:64:20:
                    99:e1:88:a2:cb:64:27:66:1a:d1:51:7a:6d:69:af:
                    f8:dd:92:b6:34:75:b7:f4:46:cd:4b:65:4a:dd:99:
                    37:00:70:f4:dd:79:e2:49:9a:64:5a:22:6b:c1:cc:
                    aa:2e:fd:d2:ff:cf:e1:fa:03:f7:61:93:6e:91:df:
                    f0:5c:9f:b6:1b:91:c4:fa:9c:5a:03:f4:79:d0:df:
                    9a:55:64:66:4a:95:fe:5b:30:a2:37:31:40:62:c0:
                    6c:88:51:9d:2f:df:c1:2c:47:b4:41:7a:0a:4f:2a:
                    b8:ad:ab:b9:78:0a:d0:2e:25:73:0e:9b:f5:f0:f8:
                    bc:b9:43:79:29:86:b9:c5:b6:45:e5:9f:64:5f:2c:
                    9d:c3:2a:ce:01:d7:33:c2:7d:6c:d9:cf:95:ca:ed:
                    ba:2f:8c:5d:92:c9:d5:ae:12:01:92:11:fb:02:88:
                    5d:3c:48:4e:51:c4:d3:96:8d:00:54:2e:3b:5a:3f:
                    c9:9f:5f:92:dc:e2:41:5c:64:58:c2:da:2f:de:52:
                    03:2a:b6:a8:d6:c0:c0:c4:a3:b3:f9:28:fc:cc:1a:
                    8f:92:eb:5d:39:72:f3:3c:71:ca:dc:ff:f1:cc:56:
                    29:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:27:35:82:A6:C7:AD:97:3A:30:88:2D:F0:08:54:98:21:FB:8B:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f87a9816-c748-4bfb-9e42-8d7c00a32f35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.34.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         bc:ee:a7:41:2b:1f:c4:9d:c9:b5:7e:59:25:04:86:80:40:e3:
         14:47:68:d0:25:1b:0b:68:15:34:d2:e9:b1:d2:fd:5f:c5:cc:
         85:30:11:da:39:cb:0e:c6:a6:81:11:14:9a:23:fd:ca:c9:63:
         4b:f6:8e:5d:61:d4:00:48:07:1f:91:52:4d:04:c7:ad:e4:eb:
         91:65:51:05:b3:a7:69:05:cf:4c:87:4d:ba:52:79:7d:3c:f1:
         94:10:ee:0d:d6:02:d3:37:c9:46:17:ba:bc:e2:c0:27:62:36:
         cd:a2:10:b6:cb:2a:f9:b7:04:6c:13:d0:d1:ae:fb:25:06:e5:
         f0:3f:da:86:f5:e8:9d:c7:31:27:99:0c:df:b1:33:79:59:d2:
         df:67:06:20:4e:3f:69:53:2f:ca:5c:5c:17:90:ab:97:d6:ef:
         b6:83:bc:e4:be:64:3b:b7:80:61:c0:d1:b3:f2:6c:f4:41:6c:
         5c:61:eb:e1:81:bd:c5:0e:28:15:14:2e:7c:fb:6e:76:af:d0:
         b5:83:80:45:d3:34:bc:15:17:5f:44:47:10:d0:a8:ff:db:20:
         eb:68:02:7f:f0:d8:0d:e8:73:26:16:39:49:aa:98:70:45:a4:
         a8:f3:8d:cb:f3:1c:b5:ca:04:4a:91:bc:97:b8:71:5f:ba:fe:
         bd:0d:e1:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL3qZUsiCdmGHdxkIgdGJZXtIUWQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDA0MDE1WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjdkOWY2YWI3ZDA5YzViMzQ4MjI1M2I3OTAxNTYzM2Vk
Mjg3MDIwMTUzM2ExNjRiYzNjY2U1YTM1MzBjYWJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwUM9AxBW6kOskjYoo9osYz/MASUKEhrrriRFkIJnhiKLL
ZCdmGtFRem1pr/jdkrY0dbf0Rs1LZUrdmTcAcPTdeeJJmmRaImvBzKou/dL/z+H6
A/dhk26R3/Bcn7YbkcT6nFoD9HnQ35pVZGZKlf5bMKI3MUBiwGyIUZ0v38EsR7RB
egpPKritq7l4CtAuJXMOm/Xw+Ly5Q3kphrnFtkXln2RfLJ3DKs4B1zPCfWzZz5XK
7bovjF2SydWuEgGSEfsCiF08SE5RxNOWjQBULjtaP8mfX5Lc4kFcZFjC2i/eUgMq
tqjWwMDEo7P5KPzMGo+S6105cvM8ccrc//HMVilhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlyc1gqbHrZc6MIgt8AhUmCH7i0owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4N2E5ODE2LWM3NDgtNGJmYi05ZTQyLThkN2MwMGEzMmYzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUjImAwDQYJKoZIhvcNAQELBQADggEBALzup0ErH8SdybV+WSUEhoBA4xRH
aNAlGwtoFTTS6bHS/V/FzIUwEdo5yw7GpoERFJoj/crJY0v2jl1h1ABIBx+RUk0E
x63k65FlUQWzp2kFz0yHTbpSeX088ZQQ7g3WAtM3yUYXurziwCdiNs2iELbLKvm3
BGwT0NGu+yUG5fA/2ob16J3HMSeZDN+xM3lZ0t9nBiBOP2lTL8pcXBeQq5fW77aD
vOS+ZDu3gGHA0bPybPRBbFxh6+GBvcUOKBUULnz7bnav0LWDgEXTNLwVF19ERxDQ
qP/bIOtoAn/w2A3ocyYWOUmqmHBFpKjzjcvzHLXKBEqRvJe4cV+6/r0N4UQ=
-----END CERTIFICATE-----