Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2279a492-73db-41f0-98ae-bd6039e89d3b.roa
File:                     2279a492-73db-41f0-98ae-bd6039e89d3b.roa (raw, json)
Hash identifier:          ijj7nLiAdducMPSQdA4ss4fFDUnHUEdcKhfZNVURKXc=
Subject key identifier:   DF:49:F0:87:D8:BF:4A:0E:8E:83:3F:82:97:F9:06:91:DC:EE:79:9A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78B7A2E6FD1A6061339F13C16318F4BA131E8F19
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2279a492-73db-41f0-98ae-bd6039e89d3b.roa
Signing time:             Fri 24 Oct 2025 00:12:08 +0000
ROA not before:           Fri 24 Oct 2025 00:12:08 +0000
ROA not after:            Fri 28 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        134.31.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:b7:a2:e6:fd:1a:60:61:33:9f:13:c1:63:18:f4:ba:13:1e:8f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 24 00:12:08 2025 GMT
            Not After : Nov 28 23:59:59 2025 GMT
        Subject: serialNumber=3f52d878382833877e98289d1a3431159ee60b7aee53f3b4daa17c43aee868ee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:76:2a:74:d9:72:27:1f:b2:4f:50:aa:a1:27:
                    7e:cd:f6:9d:ac:df:c1:98:9a:a7:b6:9c:74:a8:05:
                    69:0c:7d:a2:c4:50:65:14:79:de:a4:45:0b:10:51:
                    ae:d6:80:0b:8a:04:db:fb:41:6c:83:e4:d5:38:e5:
                    ed:e6:0f:16:06:05:8f:fe:86:18:1c:de:ce:01:1e:
                    43:4b:0a:cc:72:0b:65:10:cf:8c:32:61:f3:08:20:
                    fa:c2:53:11:89:80:c5:8d:e2:b3:00:bc:d0:e7:95:
                    c2:b0:84:c5:ca:2e:56:7b:f0:9c:7c:86:55:aa:5c:
                    2a:26:85:85:64:aa:cf:a4:2e:6d:cb:af:c8:89:6a:
                    18:15:36:48:85:9a:0a:24:9c:59:7e:7c:4a:b0:ee:
                    7c:11:5c:99:92:6a:e2:dc:18:01:6d:a2:5f:67:a1:
                    c8:17:51:49:6c:9c:49:a9:62:4b:51:75:fe:22:ca:
                    0d:ba:d8:c7:2a:06:bd:2a:20:ac:17:30:01:a8:51:
                    fe:b4:aa:c9:8b:7e:dd:b1:b9:24:28:ee:5b:3e:d4:
                    be:90:a0:42:54:c5:1e:9d:91:48:4a:e4:ef:f1:99:
                    56:38:bd:eb:e7:cd:c0:b3:b4:d9:68:7e:be:73:c0:
                    8e:b0:5d:73:07:e4:5f:41:1b:89:5f:18:b4:7a:6b:
                    11:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:49:F0:87:D8:BF:4A:0E:8E:83:3F:82:97:F9:06:91:DC:EE:79:9A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2279a492-73db-41f0-98ae-bd6039e89d3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.31.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d2:cb:08:da:c9:eb:ca:d4:fd:b1:52:41:e9:3f:1d:a6:41:ca:
         ed:c3:39:b0:29:7a:2b:c6:54:d1:0e:f2:e9:8c:6d:50:86:b9:
         eb:8b:00:59:45:9c:22:c0:29:8f:33:51:77:df:f7:93:30:36:
         6c:ae:57:3d:d7:c5:c1:e2:68:8a:8b:7c:09:28:a8:7a:48:65:
         6a:92:d8:d9:80:1f:ab:20:13:0e:dc:a3:ca:46:50:cf:27:e5:
         a4:e4:cf:95:c0:90:b5:2e:f6:ff:83:88:4b:aa:c7:23:b2:67:
         28:c2:0e:4b:70:b0:31:70:6a:76:59:d5:57:d4:28:3f:5e:9d:
         4d:27:4d:ec:f5:d1:9b:7c:89:07:ea:23:a7:3b:af:b1:f1:15:
         42:bc:0b:ad:8e:a5:a2:c7:2e:2f:68:5b:6d:3b:36:e3:19:2e:
         a6:d8:44:77:b7:84:e6:3f:a5:00:2a:66:4a:35:fd:9e:3c:70:
         74:fc:09:01:2e:86:7b:85:1a:90:3d:23:10:41:85:f3:1d:78:
         bb:26:86:df:c0:81:d7:10:29:09:c5:2f:a5:ae:39:1c:8f:37:
         8c:72:9b:5b:2e:3c:ed:d2:16:30:21:2c:29:21:eb:bd:d5:4e:
         2f:e4:e1:2e:95:3e:2b:cc:19:45:43:c7:5e:a2:62:01:9e:6e:
         f7:cc:c1:b2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeLei5v0aYGEznxPBYxj0uhMejxkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI0MDAxMjA4WhcNMjUxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjUyZDg3ODM4MjgzMzg3N2U5ODI4OWQxYTM0MzExNTll
ZTYwYjdhZWU1M2YzYjRkYWExN2M0M2FlZTg2OGVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvdip02XInH7JPUKqhJ37N9p2s38GYmqe2nHSoBWkMfaLE
UGUUed6kRQsQUa7WgAuKBNv7QWyD5NU45e3mDxYGBY/+hhgc3s4BHkNLCsxyC2UQ
z4wyYfMIIPrCUxGJgMWN4rMAvNDnlcKwhMXKLlZ78Jx8hlWqXComhYVkqs+kLm3L
r8iJahgVNkiFmgoknFl+fEqw7nwRXJmSauLcGAFtol9nocgXUUlsnEmpYktRdf4i
yg262McqBr0qIKwXMAGoUf60qsmLft2xuSQo7ls+1L6QoEJUxR6dkUhK5O/xmVY4
vevnzcCztNlofr5zwI6wXXMH5F9BG4lfGLR6axF9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU30nwh9i/Sg6Ogz+Cl/kGkdzueZowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIyNzlhNDkyLTczZGItNDFmMC05OGFlLWJkNjAzOWU4OWQzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCGHzANBgkqhkiG9w0BAQsFAAOCAQEA0ssI2snrytT9sVJB6T8dpkHK7cM5
sCl6K8ZU0Q7y6YxtUIa564sAWUWcIsApjzNRd9/3kzA2bK5XPdfFweJoiot8CSio
ekhlapLY2YAfqyATDtyjykZQzyflpOTPlcCQtS72/4OIS6rHI7JnKMIOS3CwMXBq
dlnVV9QoP16dTSdN7PXRm3yJB+ojpzuvsfEVQrwLrY6loscuL2hbbTs24xkupthE
d7eE5j+lACpmSjX9njxwdPwJAS6Ge4UakD0jEEGF8x14uyaG38CB1xApCcUvpa45
HI83jHKbWy487dIWMCEsKSHrvdVOL+ThLpU+K8wZRUPHXqJiAZ5u98zBsg==
-----END CERTIFICATE-----