Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5753e2d3-4442-467a-b1d8-3c38c62f910c.roa
File:                     5753e2d3-4442-467a-b1d8-3c38c62f910c.roa (raw, json)
Hash identifier:          qtKnCcsigAUHYzRK9lDD9qiNJMm//eEAi7tueDCjL2A=
Subject key identifier:   95:F6:30:0C:E6:00:DF:B4:73:62:00:66:E4:35:39:67:74:A3:8C:66
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       075B600204B3001C74FD26886C72159A5A521183
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5753e2d3-4442-467a-b1d8-3c38c62f910c.roa
Signing time:             Sat 25 Oct 2025 00:30:49 +0000
ROA not before:           Sat 25 Oct 2025 00:30:49 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.228.192.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:5b:60:02:04:b3:00:1c:74:fd:26:88:6c:72:15:9a:5a:52:11:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:30:49 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=3f7e417c5f11e7417e27fe76844925abf5724559dafe73feea9b93dee4667427, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:17:4d:79:70:30:7c:99:12:5f:10:f3:44:d5:
                    c2:6b:47:99:49:d6:a9:11:18:8e:74:b3:b3:ed:47:
                    62:c4:a7:0e:09:a6:ea:a4:d7:c8:ed:2a:ec:78:cf:
                    51:1f:1b:2c:c5:eb:9b:f9:19:fc:07:1c:43:89:ef:
                    06:94:68:89:e1:73:e5:d4:55:d2:99:8f:e3:70:7a:
                    64:52:fb:72:2d:da:21:88:f1:a6:e4:72:8e:d7:3e:
                    5c:71:0d:8d:22:98:d8:33:d6:e7:5a:22:97:9c:b9:
                    a9:d7:b6:43:6f:2c:75:a6:b3:23:9d:2e:84:21:4a:
                    ad:77:cd:bb:78:3b:7a:d0:5d:26:91:18:68:28:15:
                    b9:8d:81:10:e7:73:01:ae:a7:cb:f8:e8:1f:69:72:
                    1b:7e:05:b6:4e:bc:b0:27:4d:17:c0:16:85:05:3d:
                    a0:67:00:6c:00:0c:07:bd:dc:00:45:32:c8:2e:bc:
                    1e:57:a8:09:30:dd:b1:33:e5:ae:95:bd:1d:62:07:
                    d7:f7:8c:51:00:b7:ec:83:42:fe:1c:ce:a8:56:d6:
                    af:a7:13:5b:40:b4:8e:fa:7e:b8:c4:1b:0a:5e:5c:
                    d2:84:b7:4e:2f:2f:3f:4b:b9:34:86:91:ce:32:43:
                    1d:f1:f1:cc:b8:a2:38:78:42:44:9f:a7:cd:1f:0d:
                    7b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F6:30:0C:E6:00:DF:B4:73:62:00:66:E4:35:39:67:74:A3:8C:66
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5753e2d3-4442-467a-b1d8-3c38c62f910c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.228.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         28:af:1b:fd:b7:c0:8f:41:e2:0e:77:ad:a3:a2:6e:e5:16:b9:
         61:c6:b3:fa:c4:70:35:40:dd:01:99:02:11:70:01:ff:6f:77:
         bd:5d:3b:77:2c:45:a3:ee:a8:c1:48:e9:80:94:70:bf:da:3f:
         6a:43:db:3e:9f:f6:90:09:c1:02:be:94:2b:87:ea:3c:59:04:
         a2:e4:aa:ac:c7:6b:73:f9:1c:a6:5d:08:4b:fb:ab:ef:f4:c9:
         f9:8f:7c:01:0f:75:2b:26:f8:77:3a:84:2d:89:f5:50:40:31:
         08:99:89:2d:4b:ef:3f:29:78:63:b6:32:4d:17:81:f5:16:e5:
         c0:9c:1d:2b:0a:8b:fc:ab:84:83:62:df:7f:eb:76:af:a4:25:
         bf:27:d6:fe:86:29:b9:13:94:9a:2a:43:fd:d8:15:db:8e:f1:
         62:2f:89:56:56:13:3e:81:2d:4a:41:a5:77:92:b5:5d:d7:a6:
         c3:ed:53:37:52:92:19:18:ed:97:36:43:bc:eb:97:85:ac:23:
         fd:78:7c:2f:60:ac:29:ec:ff:63:ad:b6:44:4b:6e:4b:0f:d7:
         13:a8:b6:42:9c:b0:4f:44:33:51:4e:ce:7b:4b:f8:23:47:35:
         a2:28:ab:79:1e:07:34:6c:1a:c1:ed:bb:ed:25:47:08:16:75:
         c0:e1:98:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUB1tgAgSzABx0/SaIbHIVmlpSEYMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAzMDQ5WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjdlNDE3YzVmMTFlNzQxN2UyN2ZlNzY4NDQ5MjVhYmY1
NzI0NTU5ZGFmZTczZmVlYTliOTNkZWU0NjY3NDI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBF015cDB8mRJfEPNE1cJrR5lJ1qkRGI50s7PtR2LEpw4J
puqk18jtKux4z1EfGyzF65v5GfwHHEOJ7waUaInhc+XUVdKZj+NwemRS+3It2iGI
8abkco7XPlxxDY0imNgz1udaIpecuanXtkNvLHWmsyOdLoQhSq13zbt4O3rQXSaR
GGgoFbmNgRDncwGup8v46B9pcht+BbZOvLAnTRfAFoUFPaBnAGwADAe93ABFMsgu
vB5XqAkw3bEz5a6VvR1iB9f3jFEAt+yDQv4czqhW1q+nE1tAtI76frjEGwpeXNKE
t04vLz9LuTSGkc4yQx3x8cy4ojh4QkSfp80fDXs1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlfYwDOYA37RzYgBm5DU5Z3SjjGYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU3NTNlMmQzLTQ0NDItNDY3YS1iMWQ4LTNjMzhjNjJmOTEwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAah5MAwDQYJKoZIhvcNAQELBQADggEBACivG/23wI9B4g53raOibuUWuWHG
s/rEcDVA3QGZAhFwAf9vd71dO3csRaPuqMFI6YCUcL/aP2pD2z6f9pAJwQK+lCuH
6jxZBKLkqqzHa3P5HKZdCEv7q+/0yfmPfAEPdSsm+Hc6hC2J9VBAMQiZiS1L7z8p
eGO2Mk0XgfUW5cCcHSsKi/yrhINi33/rdq+kJb8n1v6GKbkTlJoqQ/3YFduO8WIv
iVZWEz6BLUpBpXeStV3XpsPtUzdSkhkY7Zc2Q7zrl4WsI/14fC9grCns/2OttkRL
bksP1xOotkKcsE9EM1FOzntL+CNHNaIoq3keBzRsGsHtu+0lRwgWdcDhmLM=
-----END CERTIFICATE-----