Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/047471e9-5147-4aae-82fa-97d22965384b.roa
File:                     047471e9-5147-4aae-82fa-97d22965384b.roa (raw, json)
Hash identifier:          RT90vg2abweroBgueeCou7dhfN/ooMsWMApmYSczIuU=
Subject key identifier:   2A:83:36:6A:A0:17:E2:00:4E:29:FD:81:2C:77:73:71:6C:F8:7D:AB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6DC78B2C1E0A1C1F1C3F1AC473B3F6ADC1977B60
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/047471e9-5147-4aae-82fa-97d22965384b.roa
Signing time:             Wed 24 Sep 2025 00:01:06 +0000
ROA not before:           Wed 24 Sep 2025 00:01:06 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.46.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:c7:8b:2c:1e:0a:1c:1f:1c:3f:1a:c4:73:b3:f6:ad:c1:97:7b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 24 00:01:06 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=eeef29ed6ae9f00e8feb17b6e36ddfbb17b179fd2bbac221dae001fcab444fdf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3f:3c:4c:08:bc:0d:4b:82:26:78:9b:bd:4f:
                    3e:79:e9:41:d1:5e:84:14:4b:f6:e5:7e:dd:01:de:
                    18:d3:e5:37:cb:ce:40:8f:55:8c:35:6a:9f:50:32:
                    c4:50:6c:3c:31:59:f8:11:f0:79:7c:c1:8b:67:15:
                    32:4c:71:c7:48:21:a5:64:c0:6e:1b:7d:71:f5:b0:
                    33:78:61:75:8a:d3:fb:19:92:fb:73:5e:11:fe:dd:
                    32:a4:74:ca:26:f1:40:ff:17:f0:9f:32:e1:c0:25:
                    ad:61:87:09:01:8d:9f:3e:63:56:ca:77:13:54:0d:
                    aa:d9:95:3c:fb:d7:f6:c2:61:87:84:0d:af:d6:6f:
                    55:dc:6d:7f:7b:48:76:b8:b3:53:90:cd:c9:3c:2f:
                    d3:1e:7d:26:08:8c:7c:f0:15:b9:4e:0c:6c:89:6c:
                    e6:21:f2:73:dc:88:9a:85:60:87:fd:d1:39:68:a0:
                    71:f6:17:c2:d7:33:2f:16:84:b7:25:72:89:77:fc:
                    2b:d3:15:8c:65:f1:d3:db:e3:84:ac:a1:ed:db:4c:
                    39:4d:3d:9e:fd:f4:7b:e0:e7:f6:ff:fe:b2:5b:1a:
                    a3:b0:b2:21:77:d6:78:c2:4c:78:16:3b:53:26:cc:
                    7a:f8:a9:60:8d:b1:4c:41:2f:2b:5b:2c:47:90:4e:
                    49:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:83:36:6A:A0:17:E2:00:4E:29:FD:81:2C:77:73:71:6C:F8:7D:AB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/047471e9-5147-4aae-82fa-97d22965384b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.46.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:5b:0d:2d:3e:52:e8:ee:b8:df:42:36:6e:4f:eb:0c:28:21:
         2a:3b:95:10:29:90:d0:eb:73:ac:ee:70:36:78:9d:36:cc:a4:
         15:6e:ff:85:48:76:b2:70:b1:85:9a:24:24:22:d4:04:27:f0:
         ff:95:d7:f9:18:b7:2b:f4:f0:07:9a:b2:27:8a:75:99:1d:ba:
         65:4e:73:30:17:c2:f0:2d:7d:ed:4d:a2:3b:72:39:06:6a:d3:
         d0:31:73:2e:75:3c:f5:95:91:40:59:66:ac:f2:e2:dc:3c:f1:
         c4:69:e2:25:27:f3:ed:26:50:6b:be:2c:38:ac:9c:9b:14:25:
         42:a8:1c:0d:69:9b:fb:56:59:e3:55:17:21:ab:ed:ca:20:d3:
         a6:2f:d9:c7:54:ae:75:37:64:03:68:b0:e4:cf:17:8c:d6:ce:
         14:5f:12:03:b1:6b:11:57:bb:eb:e8:61:71:43:e4:ff:e0:af:
         dd:72:dd:d8:4a:4a:0a:21:e8:ee:fb:d8:c0:f9:1d:67:e3:98:
         38:9b:28:27:a5:70:c5:b0:f3:b7:28:b4:85:4b:ee:ba:f0:6c:
         00:49:bf:ab:db:da:0d:12:40:12:28:d0:5a:59:93:d7:ac:78:
         80:8c:a8:94:74:52:49:aa:55:4b:bb:a7:e3:81:f5:e9:45:d0:
         b9:96:bd:52
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbceLLB4KHB8cPxrEc7P2rcGXe2AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI0MDAwMTA2WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWVmMjllZDZhZTlmMDBlOGZlYjE3YjZlMzZkZGZiYjE3
YjE3OWZkMmJiYWMyMjFkYWUwMDFmY2FiNDQ0ZmRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoPzxMCLwNS4ImeJu9Tz556UHRXoQUS/blft0B3hjT5TfL
zkCPVYw1ap9QMsRQbDwxWfgR8Hl8wYtnFTJMccdIIaVkwG4bfXH1sDN4YXWK0/sZ
kvtzXhH+3TKkdMom8UD/F/CfMuHAJa1hhwkBjZ8+Y1bKdxNUDarZlTz71/bCYYeE
Da/Wb1XcbX97SHa4s1OQzck8L9MefSYIjHzwFblODGyJbOYh8nPciJqFYIf90Tlo
oHH2F8LXMy8WhLclcol3/CvTFYxl8dPb44Ssoe3bTDlNPZ799Hvg5/b//rJbGqOw
siF31njCTHgWO1MmzHr4qWCNsUxBLytbLEeQTkltAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKoM2aqAX4gBOKf2BLHdzcWz4faswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA0NzQ3MWU5LTUxNDctNGFhZS04MmZhLTk3ZDIyOTY1Mzg0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwChLjANBgkqhkiG9w0BAQsFAAOCAQEAK1sNLT5S6O6430I2bk/rDCghKjuV
ECmQ0OtzrO5wNnidNsykFW7/hUh2snCxhZokJCLUBCfw/5XX+Ri3K/TwB5qyJ4p1
mR26ZU5zMBfC8C197U2iO3I5BmrT0DFzLnU89ZWRQFlmrPLi3DzxxGniJSfz7SZQ
a74sOKycmxQlQqgcDWmb+1ZZ41UXIavtyiDTpi/Zx1SudTdkA2iw5M8XjNbOFF8S
A7FrEVe76+hhcUPk/+Cv3XLd2EpKCiHo7vvYwPkdZ+OYOJsoJ6VwxbDztyi0hUvu
uvBsAEm/q9vaDRJAEijQWlmT16x4gIyolHRSSapVS7un44H16UXQuZa9Ug==
-----END CERTIFICATE-----