Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b743625-8ab8-4d1f-a5ee-b2657bad3209.roa
File:                     7b743625-8ab8-4d1f-a5ee-b2657bad3209.roa (raw, json)
Hash identifier:          NTJuBzqYS+TTbc2njkkqj2jU8G4Q7AhR53letd9qSig=
Subject key identifier:   A5:66:B8:4E:53:BF:E7:78:1E:C0:8C:5B:78:B8:11:39:3F:85:0D:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       52DA22D5C58BB5FC8A6003AF25DD571CDC3104F8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b743625-8ab8-4d1f-a5ee-b2657bad3209.roa
Signing time:             Fri 24 Oct 2025 00:10:41 +0000
ROA not before:           Fri 24 Oct 2025 00:10:41 +0000
ROA not after:            Fri 28 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        128.167.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:da:22:d5:c5:8b:b5:fc:8a:60:03:af:25:dd:57:1c:dc:31:04:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 24 00:10:41 2025 GMT
            Not After : Nov 28 23:59:59 2025 GMT
        Subject: serialNumber=baf0953b7beba94a9da5376edfa07a5af32f9156526c2da29a72d43c6c52f6c4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:95:c3:6f:22:02:a0:d5:e5:bb:1e:1b:66:60:
                    f6:37:bc:69:5e:78:ea:98:07:72:c1:39:e0:89:69:
                    bd:7f:87:f4:2c:11:f3:e9:e8:f3:79:92:91:1f:8c:
                    39:7f:6e:89:57:e2:dd:b8:72:45:c7:3d:0b:c4:7e:
                    75:05:e6:5f:8a:b1:ab:c6:c0:48:bb:38:f6:3e:69:
                    32:d2:49:b2:92:e4:7f:92:ff:f8:a5:9a:4b:d9:4c:
                    03:de:84:b7:b1:38:d2:0c:85:b4:af:15:0b:8f:a9:
                    3b:49:4b:58:57:af:69:6c:5a:ba:db:72:72:9b:5b:
                    e2:40:1d:29:d1:47:35:e0:a3:f0:e2:d1:bc:56:e6:
                    1a:9d:72:e6:12:13:e2:4d:b1:d1:ef:f5:c4:47:fd:
                    81:a1:9e:5a:07:ad:c7:02:36:dd:e7:c4:af:73:4b:
                    96:6c:64:df:36:7a:7d:15:24:c8:f6:ac:59:37:32:
                    51:59:c1:15:92:c0:a9:75:9b:d0:96:98:cf:65:74:
                    ae:6c:55:58:d5:6f:17:b5:70:67:17:ee:e5:c5:d6:
                    56:67:54:5a:f8:26:67:c9:19:c1:ae:d7:c5:08:32:
                    bb:e5:23:12:ab:e4:50:e7:5f:e4:74:36:95:80:22:
                    bc:36:66:01:cf:67:0e:d1:6c:80:e5:8e:e0:f0:59:
                    dc:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:66:B8:4E:53:BF:E7:78:1E:C0:8C:5B:78:B8:11:39:3F:85:0D:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b743625-8ab8-4d1f-a5ee-b2657bad3209.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.167.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c1:4c:37:fc:88:f1:db:5b:3e:32:a7:b6:79:ea:03:eb:51:b0:
         25:f3:eb:5a:ef:fc:a8:0e:2a:18:e6:0a:1d:be:1a:12:c5:92:
         78:0c:0b:74:31:3e:c4:6e:5c:7a:a0:c4:02:2e:4b:bd:e9:ee:
         28:7c:5f:c8:e5:b5:17:ec:7f:6b:77:c0:5e:64:bb:15:ea:b4:
         b2:e7:4f:92:7d:00:fe:73:7e:a0:5a:a6:00:66:62:6e:87:1c:
         c5:96:b7:54:a5:fe:86:b6:ef:44:e1:22:97:11:85:85:45:5c:
         8a:be:25:73:c5:10:5d:62:77:f8:94:75:a0:a4:62:e6:17:8d:
         68:3f:24:85:04:0c:f5:d7:ff:56:77:2d:e1:36:48:c1:55:47:
         03:89:13:e7:01:1f:0a:0e:45:e2:1c:40:67:dc:b8:f4:6b:7c:
         2c:95:aa:39:84:0f:b9:8f:b9:03:3b:8e:89:31:7f:f5:5a:70:
         33:32:44:87:69:f4:36:83:d7:ad:52:77:fa:06:90:ea:02:42:
         12:05:06:d2:18:c6:ee:5e:ad:64:29:8b:68:ee:2f:86:00:25:
         1e:1f:fd:c9:cd:05:d8:8e:2f:2b:a9:6c:78:8d:cb:e7:5b:4d:
         4a:cf:99:48:c2:e1:4a:d1:ea:fa:31:e4:25:66:ac:2f:5d:fa:
         d8:1b:7d:df
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUtoi1cWLtfyKYAOvJd1XHNwxBPgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI0MDAxMDQxWhcNMjUxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYWYwOTUzYjdiZWJhOTRhOWRhNTM3NmVkZmEwN2E1YWYz
MmY5MTU2NTI2YzJkYTI5YTcyZDQzYzZjNTJmNmM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1lcNvIgKg1eW7HhtmYPY3vGleeOqYB3LBOeCJab1/h/Qs
EfPp6PN5kpEfjDl/bolX4t24ckXHPQvEfnUF5l+KsavGwEi7OPY+aTLSSbKS5H+S
//ilmkvZTAPehLexONIMhbSvFQuPqTtJS1hXr2lsWrrbcnKbW+JAHSnRRzXgo/Di
0bxW5hqdcuYSE+JNsdHv9cRH/YGhnloHrccCNt3nxK9zS5ZsZN82en0VJMj2rFk3
MlFZwRWSwKl1m9CWmM9ldK5sVVjVbxe1cGcX7uXF1lZnVFr4JmfJGcGu18UIMrvl
IxKr5FDnX+R0NpWAIrw2ZgHPZw7RbIDljuDwWdyvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpWa4TlO/53gewIxbeLgROT+FDW8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdiNzQzNjI1LThhYjgtNGQxZi1hNWVlLWIyNjU3YmFkMzIwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCApzANBgkqhkiG9w0BAQsFAAOCAQEAwUw3/Ijx21s+Mqe2eeoD61GwJfPr
Wu/8qA4qGOYKHb4aEsWSeAwLdDE+xG5ceqDEAi5LvenuKHxfyOW1F+x/a3fAXmS7
Feq0sudPkn0A/nN+oFqmAGZiboccxZa3VKX+hrbvROEilxGFhUVcir4lc8UQXWJ3
+JR1oKRi5heNaD8khQQM9df/Vnct4TZIwVVHA4kT5wEfCg5F4hxAZ9y49Gt8LJWq
OYQPuY+5AzuOiTF/9VpwMzJEh2n0NoPXrVJ3+gaQ6gJCEgUG0hjG7l6tZCmLaO4v
hgAlHh/9yc0F2I4vK6lseI3L51tNSs+ZSMLhStHq+jHkJWasL1362Bt93w==
-----END CERTIFICATE-----