Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73a7c4f5-f96f-428a-8378-6b60470968f5.roa
File:                     73a7c4f5-f96f-428a-8378-6b60470968f5.roa (raw, json)
Hash identifier:          wZoyxN9Ng/6yVINiHE82qddRuywPPJLVLJtHmGbvtKs=
Subject key identifier:   A9:AA:14:37:9B:E1:89:5D:1D:14:5C:9B:D2:A8:44:16:9B:89:AD:80
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3F0EE1D64B69C02B89EC75269AE87B0A6F90055C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73a7c4f5-f96f-428a-8378-6b60470968f5.roa
Signing time:             Sat 25 Oct 2025 00:21:30 +0000
ROA not before:           Sat 25 Oct 2025 00:21:30 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        166.80.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:0e:e1:d6:4b:69:c0:2b:89:ec:75:26:9a:e8:7b:0a:6f:90:05:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:21:30 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=3396b38c0f524fbbe6508fba56fa101fdb08b1cef524bf053106e291dbad45e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:00:ab:76:07:8f:e1:aa:b5:d5:79:24:42:84:
                    1c:9e:ce:38:7d:b8:10:19:01:f0:48:85:4b:1c:e7:
                    eb:b5:90:a3:42:8d:8a:28:ec:af:28:aa:19:64:98:
                    0b:57:ce:6a:a6:df:5c:09:f8:2a:ed:00:14:7e:a6:
                    48:dc:77:01:4a:43:25:0d:ae:cc:ec:f8:70:7c:12:
                    27:a3:c9:69:d1:d2:51:a6:5e:6b:f5:ab:d7:3f:3c:
                    de:e1:ff:60:eb:a6:6c:81:8e:50:97:d1:12:73:4e:
                    35:03:f5:fe:1b:fc:3d:c2:75:64:f3:f0:1a:eb:91:
                    23:3d:57:f3:ba:8b:f0:1d:35:99:05:19:c9:26:ef:
                    8c:c5:ba:c3:15:d5:e6:01:ca:66:04:be:bb:68:b4:
                    bf:5d:2b:a0:ce:37:cd:f9:98:55:5b:2d:31:88:fc:
                    22:3b:76:81:b7:47:9c:2c:2e:80:31:a4:6a:d5:85:
                    4c:ad:44:c5:e1:d0:2f:44:64:40:b7:cd:55:48:77:
                    8e:53:ba:59:20:6b:87:92:c0:23:fb:61:c5:82:67:
                    8d:94:0a:a9:4e:d5:8b:82:d7:ee:23:11:b8:2d:ea:
                    71:47:54:1e:03:fd:08:a0:b5:2e:c0:36:c8:79:a3:
                    ff:b7:b5:99:e6:32:69:13:bc:3f:ac:08:65:9c:9a:
                    f7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:AA:14:37:9B:E1:89:5D:1D:14:5C:9B:D2:A8:44:16:9B:89:AD:80
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73a7c4f5-f96f-428a-8378-6b60470968f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.80.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d6:e3:52:87:57:5e:1a:c0:5c:30:5b:1f:52:99:ca:61:7f:c7:
         47:34:25:74:9c:a1:67:6f:cf:d8:03:83:30:c6:33:cb:35:2b:
         7b:e5:d6:80:af:3e:bc:5b:51:87:a8:98:c6:8c:7e:81:43:40:
         ad:ea:22:54:39:38:1d:67:1e:99:d1:4b:57:97:e9:e8:45:77:
         02:cb:56:c3:ab:cd:60:dd:18:3c:e5:fb:1d:f7:b0:de:23:17:
         e6:4c:4a:b9:93:22:f1:5c:c5:e0:7e:b4:a2:66:83:4f:1f:31:
         ce:6f:ad:b2:5e:c1:8c:7a:32:88:5d:af:b2:c9:59:57:3d:39:
         6b:85:e0:98:48:15:ea:d8:ae:e0:03:61:d1:96:11:ae:06:87:
         d0:b9:bf:bf:b0:54:ed:c5:c7:44:19:96:59:33:e0:77:0c:67:
         8d:d7:6e:70:c0:72:18:91:60:3b:7a:77:52:22:a9:d5:13:ba:
         25:7b:3c:fe:07:24:8e:47:93:9d:3e:f5:7a:a9:08:1d:e0:47:
         54:6e:9c:d4:df:8f:7b:ea:8d:ef:87:e4:41:46:db:b8:bc:3c:
         dd:67:d2:f4:77:d7:a8:4c:31:43:3c:6e:0f:fd:09:ac:8f:4e:
         93:a5:e9:4d:1f:06:9c:00:be:b6:7a:ab:17:4a:8b:4f:58:2f:
         46:22:da:fc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPw7h1ktpwCuJ7HUmmuh7Cm+QBVwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAyMTMwWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzk2YjM4YzBmNTI0ZmJiZTY1MDhmYmE1NmZhMTAxZmRi
MDhiMWNlZjUyNGJmMDUzMTA2ZTI5MWRiYWQ0NWUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEAKt2B4/hqrXVeSRChByezjh9uBAZAfBIhUsc5+u1kKNC
jYoo7K8oqhlkmAtXzmqm31wJ+CrtABR+pkjcdwFKQyUNrszs+HB8EiejyWnR0lGm
Xmv1q9c/PN7h/2DrpmyBjlCX0RJzTjUD9f4b/D3CdWTz8BrrkSM9V/O6i/AdNZkF
Gckm74zFusMV1eYBymYEvrtotL9dK6DON835mFVbLTGI/CI7doG3R5wsLoAxpGrV
hUytRMXh0C9EZEC3zVVId45Tulkga4eSwCP7YcWCZ42UCqlO1YuC1+4jEbgt6nFH
VB4D/QigtS7ANsh5o/+3tZnmMmkTvD+sCGWcmvc7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqaoUN5vhiV0dFFyb0qhEFpuJrYAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzczYTdjNGY1LWY5NmYtNDI4YS04Mzc4LTZiNjA0NzA5NjhmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCmUDANBgkqhkiG9w0BAQsFAAOCAQEA1uNSh1deGsBcMFsfUpnKYX/HRzQl
dJyhZ2/P2AODMMYzyzUre+XWgK8+vFtRh6iYxox+gUNAreoiVDk4HWcemdFLV5fp
6EV3AstWw6vNYN0YPOX7Hfew3iMX5kxKuZMi8VzF4H60omaDTx8xzm+tsl7BjHoy
iF2vsslZVz05a4XgmEgV6tiu4ANh0ZYRrgaH0Lm/v7BU7cXHRBmWWTPgdwxnjddu
cMByGJFgO3p3UiKp1RO6JXs8/gckjkeTnT71eqkIHeBHVG6c1N+Pe+qN74fkQUbb
uLw83WfS9HfXqEwxQzxuD/0JrI9Ok6XpTR8GnAC+tnqrF0qLT1gvRiLa/A==
-----END CERTIFICATE-----