Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61b7b9ae-b712-4a51-b302-aafa1010e46e.roa
File:                     61b7b9ae-b712-4a51-b302-aafa1010e46e.roa (raw, json)
Hash identifier:          2TXFlONv5w8jc2jl40uQpSOkULh2ojwyjk8z9A8f0qY=
Subject key identifier:   85:F4:C7:A7:47:C9:E7:98:A5:38:8F:89:33:73:40:43:4E:23:3D:4B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0980BBA8B40B988D9521CF9E3FB0D0A7B61C1E46
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61b7b9ae-b712-4a51-b302-aafa1010e46e.roa
Signing time:             Sat 25 Oct 2025 00:20:41 +0000
ROA not before:           Sat 25 Oct 2025 00:20:41 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.176.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:80:bb:a8:b4:0b:98:8d:95:21:cf:9e:3f:b0:d0:a7:b6:1c:1e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:20:41 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=5f240910666c000a60547d888410335bba6ea82c9f42756373687a085a298ac2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:13:61:82:26:f0:f1:e9:89:72:8b:c3:f0:ce:
                    ee:7c:06:d4:ed:3a:4d:3d:24:bb:c6:62:38:2e:f4:
                    96:fd:27:ae:fb:cf:72:28:3c:54:89:89:93:3d:9b:
                    86:d7:5b:31:f8:96:d3:fa:89:9f:9d:15:fc:1c:f5:
                    1c:70:ba:d8:f3:72:d0:5b:95:36:3f:7f:d1:4c:6c:
                    96:21:21:f4:55:71:70:56:55:78:ba:64:03:70:26:
                    b6:d3:1a:08:a2:7d:3e:64:4e:56:c7:e4:36:22:39:
                    10:7a:2a:92:b0:46:7c:8c:b0:57:62:eb:21:62:32:
                    25:83:bd:76:65:c1:93:8b:72:69:63:26:b4:4d:f3:
                    33:00:38:2d:ba:f2:09:c9:c4:a8:dc:ec:7d:28:b2:
                    e8:5a:0c:a5:62:3e:dd:05:92:36:dc:ab:19:7a:7b:
                    fe:29:30:0f:d3:6b:cb:b3:a8:31:51:7a:cf:84:cf:
                    3d:dc:5f:db:06:f9:9f:74:42:36:0e:83:0f:8f:19:
                    93:b1:82:27:f5:fa:ce:cd:f5:b4:04:a6:cb:23:fa:
                    aa:33:ef:89:9a:35:e8:d2:76:0b:af:d0:47:30:7d:
                    69:b1:14:4f:b6:82:a5:33:d5:cb:fc:d6:83:85:c4:
                    3a:dd:52:35:15:77:8c:aa:c5:55:ac:2a:9e:5e:ac:
                    c4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F4:C7:A7:47:C9:E7:98:A5:38:8F:89:33:73:40:43:4E:23:3D:4B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61b7b9ae-b712-4a51-b302-aafa1010e46e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.176.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         3d:59:12:3b:0d:a6:a4:2b:f1:9c:b1:0b:39:ce:08:4b:b5:29:
         94:1f:d8:c2:fe:c1:00:fe:3f:80:02:fa:4c:ed:0c:01:23:7c:
         5b:45:87:22:2c:a7:56:16:a2:f4:18:1a:77:9c:9e:13:58:9b:
         79:7a:a5:8e:37:fa:a9:ee:48:11:6b:70:c1:3c:74:0c:21:3a:
         2b:1e:14:e2:f1:b2:4a:19:8e:bd:a9:3d:fc:36:35:c2:2d:b4:
         e9:ea:4f:60:74:33:ee:b2:44:0b:4e:e7:e7:ea:ac:6e:20:93:
         a2:cd:5d:d1:ae:e9:16:15:97:1f:23:f4:f0:74:de:1b:a0:9d:
         64:9c:c7:d3:76:28:71:9b:60:f4:c0:10:df:c7:c5:53:f2:23:
         42:e6:3e:b6:58:3d:3d:c1:3f:b3:c7:ff:72:c0:89:41:60:9e:
         f1:e1:22:1b:db:79:cb:a4:f5:08:46:e1:b4:51:bd:34:43:51:
         44:99:58:b7:9e:b6:f0:4f:f1:55:e0:04:ae:7a:0f:03:48:92:
         b4:fc:a9:d7:fb:4f:d4:b8:36:f5:54:28:f4:f7:ab:a9:0d:6b:
         c3:ca:a9:c3:58:25:21:b8:ea:0a:af:bc:79:5e:78:1a:3d:b1:
         0c:1f:39:e7:d7:e4:10:96:a9:9f:7d:64:c7:02:85:26:a2:43:
         89:42:d0:e1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCYC7qLQLmI2VIc+eP7DQp7YcHkYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAyMDQxWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjI0MDkxMDY2NmMwMDBhNjA1NDdkODg4NDEwMzM1YmJh
NmVhODJjOWY0Mjc1NjM3MzY4N2EwODVhMjk4YWMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3E2GCJvDx6Ylyi8Pwzu58BtTtOk09JLvGYjgu9Jb9J677
z3IoPFSJiZM9m4bXWzH4ltP6iZ+dFfwc9RxwutjzctBblTY/f9FMbJYhIfRVcXBW
VXi6ZANwJrbTGgiifT5kTlbH5DYiORB6KpKwRnyMsFdi6yFiMiWDvXZlwZOLcmlj
JrRN8zMAOC268gnJxKjc7H0osuhaDKViPt0Fkjbcqxl6e/4pMA/Ta8uzqDFRes+E
zz3cX9sG+Z90QjYOgw+PGZOxgif1+s7N9bQEpssj+qoz74maNejSdguv0EcwfWmx
FE+2gqUz1cv81oOFxDrdUjUVd4yqxVWsKp5erMShAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhfTHp0fJ55ilOI+JM3NAQ04jPUswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxYjdiOWFlLWI3MTItNGE1MS1iMzAyLWFhZmExMDEwZTQ2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFrsDANBgkqhkiG9w0BAQsFAAOCAQEAPVkSOw2mpCvxnLELOc4IS7UplB/Y
wv7BAP4/gAL6TO0MASN8W0WHIiynVhai9Bgad5yeE1ibeXqljjf6qe5IEWtwwTx0
DCE6Kx4U4vGyShmOvak9/DY1wi206epPYHQz7rJEC07n5+qsbiCTos1d0a7pFhWX
HyP08HTeG6CdZJzH03YocZtg9MAQ38fFU/IjQuY+tlg9PcE/s8f/csCJQWCe8eEi
G9t5y6T1CEbhtFG9NENRRJlYt5628E/xVeAErnoPA0iStPyp1/tP1Lg29VQo9Per
qQ1rw8qpw1glIbjqCq+8eV54Gj2xDB8559fkEJapn31kxwKFJqJDiULQ4Q==
-----END CERTIFICATE-----