Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e0224f-add1-4750-9889-4168c3af1743.roa
File:                     22e0224f-add1-4750-9889-4168c3af1743.roa (raw, json)
Hash identifier:          AqXv3JfINIdlhgXflEDrFR8frPxMcopKp+nrk4G5Zsw=
Subject key identifier:   AC:D5:87:E6:F9:53:0D:9F:35:C7:5D:F9:4D:8E:CC:37:30:72:2D:49
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57FD190D048E1122DCDBC9F52217B40AE3879B12
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e0224f-add1-4750-9889-4168c3af1743.roa
Signing time:             Tue 28 Oct 2025 00:01:00 +0000
ROA not before:           Tue 28 Oct 2025 00:01:00 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.153.112.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:fd:19:0d:04:8e:11:22:dc:db:c9:f5:22:17:b4:0a:e3:87:9b:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:01:00 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=2c59439961e4b9fa2b4e5993cad8f5cb9a77eeab55fa4aec577e232f5384c731, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:41:8f:52:38:7d:19:f3:9e:e8:74:57:54:47:
                    88:37:37:21:4a:1d:4d:1e:07:27:15:f2:f5:80:ff:
                    50:a0:aa:46:c1:c0:a4:b5:c1:af:72:a4:ac:2b:11:
                    e0:5a:3d:43:98:34:2d:ba:b2:40:23:94:99:12:fe:
                    0b:27:37:6b:39:0b:57:57:11:2b:af:9c:9a:79:d6:
                    8f:9d:1f:d5:b7:c1:5e:03:91:2d:e8:f4:cf:fa:a9:
                    a3:3d:30:dc:35:c8:95:61:f1:38:10:ea:b1:a7:66:
                    c9:7f:78:8c:b3:20:95:bd:bc:95:8f:9c:cc:db:f0:
                    12:22:72:97:d7:c1:06:78:88:24:54:80:61:a5:3e:
                    da:25:71:e7:ae:07:16:55:8e:5e:88:27:8c:39:8c:
                    40:0e:79:30:a9:c4:a3:73:7e:59:0f:5d:e1:85:93:
                    e9:9d:dd:a8:38:3b:4e:8e:69:76:d9:76:cf:12:cd:
                    fb:06:6f:50:81:b7:e0:1f:b9:f4:50:25:93:e9:41:
                    83:a1:8f:0e:3a:ee:bf:82:98:80:04:8c:c8:d0:ea:
                    04:d4:66:74:8b:15:98:27:1e:ec:20:01:f2:b8:56:
                    2e:93:0e:cf:75:a8:9e:65:94:99:c4:31:0c:d1:01:
                    dc:79:66:bd:16:0c:4d:c0:0a:7c:fa:c3:7d:16:c8:
                    f8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D5:87:E6:F9:53:0D:9F:35:C7:5D:F9:4D:8E:CC:37:30:72:2D:49
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e0224f-add1-4750-9889-4168c3af1743.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.153.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bd:4d:9c:77:2a:59:23:17:d5:21:86:32:90:cd:0e:7d:a6:a7:
         4c:5f:d4:5d:af:14:c2:10:ca:91:ca:1d:51:bc:1b:0d:0b:2f:
         78:5f:2c:48:07:95:a9:2c:35:4a:68:95:d9:bf:2b:ad:a8:0b:
         65:3a:98:a9:73:18:67:8b:33:37:76:8e:16:1b:e3:5d:7c:e1:
         1b:37:a3:16:81:d2:15:ac:f3:33:16:74:37:84:05:60:37:66:
         0b:41:bc:4b:33:33:55:27:06:b2:f0:37:3d:a6:13:6c:c4:b7:
         8a:aa:6d:19:d4:af:6a:88:2c:41:fc:7d:b0:49:ba:8a:58:c2:
         7a:74:ba:e7:d0:89:e0:8d:86:02:7b:49:1b:18:3b:6f:36:bb:
         ae:4b:f5:73:24:1e:c0:2f:a7:24:44:7e:fd:e3:38:ad:06:50:
         26:78:e3:77:5d:30:7b:1b:6c:98:e6:59:88:b2:dd:7d:82:47:
         c1:7b:aa:63:f4:3d:e8:a7:f6:83:a9:0f:f8:b1:9c:af:b5:88:
         f5:38:4d:99:d6:dd:45:37:2b:c1:a0:76:66:40:1a:23:a2:5f:
         90:65:e6:5f:bc:e9:c9:db:0d:b5:be:12:d5:45:58:37:80:11:
         c5:eb:ea:80:d6:d2:82:f7:57:37:e8:89:2d:5b:13:da:4f:e0:
         08:32:76:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV/0ZDQSOESLc28n1Ihe0CuOHmxIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAwMTAwWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzU5NDM5OTYxZTRiOWZhMmI0ZTU5OTNjYWQ4ZjVjYjlh
NzdlZWFiNTVmYTRhZWM1NzdlMjMyZjUzODRjNzMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGQY9SOH0Z857odFdUR4g3NyFKHU0eBycV8vWA/1CgqkbB
wKS1wa9ypKwrEeBaPUOYNC26skAjlJkS/gsnN2s5C1dXESuvnJp51o+dH9W3wV4D
kS3o9M/6qaM9MNw1yJVh8TgQ6rGnZsl/eIyzIJW9vJWPnMzb8BIicpfXwQZ4iCRU
gGGlPtolceeuBxZVjl6IJ4w5jEAOeTCpxKNzflkPXeGFk+md3ag4O06OaXbZds8S
zfsGb1CBt+AfufRQJZPpQYOhjw467r+CmIAEjMjQ6gTUZnSLFZgnHuwgAfK4Vi6T
Ds91qJ5llJnEMQzRAdx5Zr0WDE3ACnz6w30WyPgBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrNWH5vlTDZ81x135TY7MNzByLUkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIyZTAyMjRmLWFkZDEtNDc1MC05ODg5LTQxNjhjM2FmMTc0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANomXAwDQYJKoZIhvcNAQELBQADggEBAL1NnHcqWSMX1SGGMpDNDn2mp0xf
1F2vFMIQypHKHVG8Gw0LL3hfLEgHlaksNUpoldm/K62oC2U6mKlzGGeLMzd2jhYb
41184Rs3oxaB0hWs8zMWdDeEBWA3ZgtBvEszM1UnBrLwNz2mE2zEt4qqbRnUr2qI
LEH8fbBJuopYwnp0uufQieCNhgJ7SRsYO282u65L9XMkHsAvpyREfv3jOK0GUCZ4
43ddMHsbbJjmWYiy3X2CR8F7qmP0Pein9oOpD/ixnK+1iPU4TZnW3UU3K8GgdmZA
GiOiX5Bl5l+86cnbDbW+EtVFWDeAEcXr6oDW0oL3VzfoiS1bE9pP4Agydjg=
-----END CERTIFICATE-----