Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f924b639-a668-4962-9eae-8a87cb05de1d.roa
File:                     f924b639-a668-4962-9eae-8a87cb05de1d.roa (raw, json)
Hash identifier:          JDrXGwGNvkUlAogpSLYVZncJJMVlbJSgX9dN0Whhuac=
Subject key identifier:   12:CD:00:77:AD:12:EF:52:4A:38:33:06:FB:65:45:3F:BB:87:36:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4543BD22DA051B234FD9CFE137A3ABAE4775085C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f924b639-a668-4962-9eae-8a87cb05de1d.roa
Signing time:             Wed 12 Nov 2025 01:30:19 +0000
ROA not before:           Wed 12 Nov 2025 01:30:19 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.182.236.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:43:bd:22:da:05:1b:23:4f:d9:cf:e1:37:a3:ab:ae:47:75:08:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:30:19 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=429390e9bc988d4b774f1b0b01e0ed8e26382bc5eb86d58814b44dd32d7b2bdc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:44:78:8c:21:a4:54:62:81:bb:12:b9:ae:54:
                    96:10:39:28:0b:55:93:e3:96:ec:82:4a:5b:23:9b:
                    c0:6c:39:4a:04:ac:06:8b:60:cf:64:90:38:38:cf:
                    bf:21:28:67:e9:df:b6:4c:5d:84:24:6f:81:08:47:
                    b9:a7:e9:18:1b:ea:4d:63:59:8c:ad:64:2d:56:ed:
                    6f:4e:10:09:e8:0b:24:80:fd:3f:94:3f:1d:e9:1f:
                    79:93:64:f3:31:99:ac:03:55:d1:5a:f6:5e:7c:e6:
                    19:5f:f9:e7:f9:0a:a5:21:10:a0:ba:7c:fc:ed:6f:
                    a3:a6:94:27:a7:2a:b0:0c:89:9a:6a:83:eb:63:42:
                    21:65:38:f5:af:f1:ad:a0:c8:d2:24:1e:a9:55:19:
                    e5:5e:11:21:29:b8:93:b9:e6:f8:af:3b:d9:f0:e0:
                    c9:2b:af:11:2a:95:72:43:da:63:df:2a:9c:09:f9:
                    06:b8:0e:a4:7d:08:45:24:7f:19:d1:f8:10:6b:1c:
                    ae:71:ef:a9:e5:42:de:14:74:c2:14:35:4d:e8:99:
                    1e:72:03:ac:ee:3c:54:29:8e:d3:e9:e9:74:96:f8:
                    c5:61:9d:fc:36:e3:fb:2a:62:de:77:57:16:da:d8:
                    bd:e6:6a:cd:10:5d:88:d4:2c:1e:11:fa:76:86:36:
                    fd:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:CD:00:77:AD:12:EF:52:4A:38:33:06:FB:65:45:3F:BB:87:36:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f924b639-a668-4962-9eae-8a87cb05de1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.182.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:b3:2c:25:14:04:2c:2f:c7:e7:7b:63:8f:4c:c0:e8:07:18:
         99:03:41:2b:19:88:ef:5d:2c:91:27:53:23:bc:7f:dd:1c:02:
         a2:80:b5:fe:c0:57:ba:17:30:0c:f8:2d:1b:8b:61:31:14:b2:
         62:7e:34:e5:27:ed:d9:be:dc:bd:b6:2c:2d:bc:c9:37:e8:8e:
         0b:ee:c4:c3:d8:c9:d0:01:7c:75:62:fa:57:ae:b2:63:6e:d9:
         aa:e7:f4:9f:d7:ee:ae:f0:13:42:46:6e:18:06:08:e9:4c:d4:
         29:02:12:74:8f:92:61:03:36:73:db:c9:a7:33:40:ed:90:ac:
         a0:00:67:8a:bc:00:8f:ff:36:c5:9c:cb:14:c6:9b:48:df:80:
         49:82:c6:17:4b:7c:8e:0d:0d:23:5d:7d:eb:3d:ad:83:ee:3d:
         db:18:22:99:07:73:31:fe:6b:f8:1e:3e:1d:a1:f3:6c:86:a2:
         33:16:28:15:f2:a5:f1:54:ed:f5:ca:75:5e:a7:9c:99:50:04:
         6e:42:fa:13:e0:a7:a6:60:04:36:81:58:8b:e5:12:91:62:57:
         2c:a4:79:6e:26:97:3d:15:cc:7c:54:de:f1:ad:d3:87:a0:f6:
         7e:2e:a8:b8:a4:81:c3:ea:77:26:0c:fe:ff:9e:61:dd:0e:46:
         ef:52:96:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURUO9ItoFGyNP2c/hN6Orrkd1CFwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDEzMDE5WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjkzOTBlOWJjOTg4ZDRiNzc0ZjFiMGIwMWUwZWQ4ZTI2
MzgyYmM1ZWI4NmQ1ODgxNGI0NGRkMzJkN2IyYmRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0RHiMIaRUYoG7ErmuVJYQOSgLVZPjluyCSlsjm8BsOUoE
rAaLYM9kkDg4z78hKGfp37ZMXYQkb4EIR7mn6Rgb6k1jWYytZC1W7W9OEAnoCySA
/T+UPx3pH3mTZPMxmawDVdFa9l585hlf+ef5CqUhEKC6fPztb6OmlCenKrAMiZpq
g+tjQiFlOPWv8a2gyNIkHqlVGeVeESEpuJO55vivO9nw4MkrrxEqlXJD2mPfKpwJ
+Qa4DqR9CEUkfxnR+BBrHK5x76nlQt4UdMIUNU3omR5yA6zuPFQpjtPp6XSW+MVh
nfw24/sqYt53Vxba2L3mas0QXYjULB4R+naGNv0vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEs0Ad60S71JKODMG+2VFP7uHNkIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5MjRiNjM5LWE2NjgtNDk2Mi05ZWFlLThhODdjYjA1ZGUxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHYtuwwDQYJKoZIhvcNAQELBQADggEBAKCzLCUUBCwvx+d7Y49MwOgHGJkD
QSsZiO9dLJEnUyO8f90cAqKAtf7AV7oXMAz4LRuLYTEUsmJ+NOUn7dm+3L22LC28
yTfojgvuxMPYydABfHVi+leusmNu2arn9J/X7q7wE0JGbhgGCOlM1CkCEnSPkmED
NnPbyaczQO2QrKAAZ4q8AI//NsWcyxTGm0jfgEmCxhdLfI4NDSNdfes9rYPuPdsY
IpkHczH+a/gePh2h82yGojMWKBXypfFU7fXKdV6nnJlQBG5C+hPgp6ZgBDaBWIvl
EpFiVyykeW4mlz0VzHxU3vGt04eg9n4uqLikgcPqdyYM/v+eYd0ORu9SloQ=
-----END CERTIFICATE-----