Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48743620-d852-4c45-84d7-d4a7e3874270.roa
File:                     48743620-d852-4c45-84d7-d4a7e3874270.roa (raw, json)
Hash identifier:          cqFz4o6EhDOmgtnylPhcyCIB7iluKMr80CUhzTo9g3o=
Subject key identifier:   7D:4F:2E:8B:7B:BF:F4:6C:58:8A:C6:49:33:22:00:75:86:9A:AB:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6BEBC571D2EFF7CF1C2DA0E59C89B317205987AF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48743620-d852-4c45-84d7-d4a7e3874270.roa
Signing time:             Wed 12 Nov 2025 00:20:45 +0000
ROA not before:           Wed 12 Nov 2025 00:20:45 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        168.192.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:eb:c5:71:d2:ef:f7:cf:1c:2d:a0:e5:9c:89:b3:17:20:59:87:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:20:45 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=5259156393669d51f943e9d49fb5568e7e0607cd53b47b2d5d58c27f8b17d1f6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c6:6f:f3:31:2c:b2:bd:41:4e:c2:47:06:a2:
                    0d:b2:e3:65:1f:c6:10:2b:3f:b6:8c:a5:d8:89:92:
                    d1:39:5b:86:1b:c6:39:6f:d0:20:2b:90:84:33:98:
                    d6:73:a4:bd:fb:66:b8:42:50:af:b8:33:b7:d2:db:
                    a2:d3:ed:cd:54:1c:39:c3:e1:18:ae:58:45:e6:a9:
                    7a:a4:70:e1:f6:07:f5:9f:c4:b4:c1:65:b4:b4:39:
                    56:7d:ac:4a:57:f5:48:53:8d:46:cd:57:6e:38:a1:
                    01:33:db:22:46:3e:dd:9a:e2:65:39:88:a8:21:6d:
                    d2:7a:28:07:9b:e1:3f:cb:76:9d:e4:46:51:ee:77:
                    9c:d7:1d:0f:4d:72:6e:c4:ed:d8:d4:47:e4:bc:b5:
                    52:d8:04:63:23:b8:67:e1:b3:82:7a:f5:07:c5:5f:
                    01:92:aa:ea:2e:05:60:e7:f1:f1:4d:1c:3a:a6:74:
                    1a:61:75:2c:f2:ff:a8:f2:22:a5:8f:80:44:93:1b:
                    ae:56:43:8b:44:14:fa:dd:26:35:58:09:eb:a0:cb:
                    dd:9d:01:6e:4b:9f:28:cc:93:db:45:71:c4:c5:f7:
                    66:17:c9:95:66:30:84:e1:db:83:9f:8a:04:f0:85:
                    aa:92:c5:14:5c:92:a6:74:09:63:cf:e9:02:f7:15:
                    a2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:4F:2E:8B:7B:BF:F4:6C:58:8A:C6:49:33:22:00:75:86:9A:AB:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48743620-d852-4c45-84d7-d4a7e3874270.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.192.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         d5:4b:29:c4:ee:02:07:e0:ec:98:2f:cb:d1:b9:8f:ab:dd:1c:
         e2:98:35:49:51:df:63:c7:ab:6d:6b:b9:57:46:8d:56:25:d6:
         18:0a:de:5a:47:b5:c7:ed:04:26:f4:6e:c0:45:23:e6:81:d4:
         a2:63:14:2a:de:de:ec:cd:9a:ae:17:a5:c2:1a:8e:2f:58:b1:
         d1:91:84:2d:30:2e:ad:1e:e6:1f:6b:ac:07:9c:3d:46:86:fa:
         c3:36:0f:56:b9:de:2d:1c:50:6f:18:ae:eb:a9:c9:9b:06:ca:
         32:f7:d3:cf:81:50:3e:bf:04:cf:4c:8f:c3:c5:38:a7:3b:20:
         df:d5:02:b5:7d:75:05:5e:70:26:af:ad:9c:73:d5:17:8d:d5:
         c8:e8:9e:e1:e8:78:0c:fb:36:f0:7c:87:16:d1:ee:17:db:55:
         ac:f5:51:0e:00:7f:8d:9d:b2:02:41:33:0a:cf:77:d6:f5:0e:
         34:8a:6a:20:31:9d:5d:27:6d:c6:e1:d8:4f:b7:91:c5:4e:fb:
         e4:90:b9:67:c9:9f:f7:28:c5:b8:d4:7b:75:30:d4:41:9b:f1:
         01:f8:d4:7c:f6:be:ea:f8:99:16:a9:7e:dc:7b:cc:79:d3:38:
         b3:76:ee:15:f6:50:09:85:d0:9e:d6:a1:c9:ff:53:e7:02:44:
         f5:84:44:77
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUa+vFcdLv988cLaDlnImzFyBZh68wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAyMDQ1WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MjU5MTU2MzkzNjY5ZDUxZjk0M2U5ZDQ5ZmI1NTY4ZTdl
MDYwN2NkNTNiNDdiMmQ1ZDU4YzI3ZjhiMTdkMWY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5xm/zMSyyvUFOwkcGog2y42UfxhArP7aMpdiJktE5W4Yb
xjlv0CArkIQzmNZzpL37ZrhCUK+4M7fS26LT7c1UHDnD4RiuWEXmqXqkcOH2B/Wf
xLTBZbS0OVZ9rEpX9UhTjUbNV244oQEz2yJGPt2a4mU5iKghbdJ6KAeb4T/Ldp3k
RlHud5zXHQ9Ncm7E7djUR+S8tVLYBGMjuGfhs4J69QfFXwGSquouBWDn8fFNHDqm
dBphdSzy/6jyIqWPgESTG65WQ4tEFPrdJjVYCeugy92dAW5LnyjMk9tFccTF92YX
yZVmMITh24OfigTwhaqSxRRckqZ0CWPP6QL3FaIPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfU8ui3u/9GxYisZJMyIAdYaaqyAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4NzQzNjIwLWQ4NTItNGM0NS04NGQ3LWQ0YTdlMzg3NDI3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwGowDANBgkqhkiG9w0BAQsFAAOCAQEA1UspxO4CB+DsmC/L0bmPq90c4pg1
SVHfY8erbWu5V0aNViXWGAreWke1x+0EJvRuwEUj5oHUomMUKt7e7M2arhelwhqO
L1ix0ZGELTAurR7mH2usB5w9Rob6wzYPVrneLRxQbxiu66nJmwbKMvfTz4FQPr8E
z0yPw8U4pzsg39UCtX11BV5wJq+tnHPVF43VyOie4eh4DPs28HyHFtHuF9tVrPVR
DgB/jZ2yAkEzCs931vUONIpqIDGdXSdtxuHYT7eRxU775JC5Z8mf9yjFuNR7dTDU
QZvxAfjUfPa+6viZFql+3HvMedM4s3buFfZQCYXQntahyf9T5wJE9YREdw==
-----END CERTIFICATE-----