Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87f2d17b-bc00-4f7a-b7e8-788558dd25ae.roa
File:                     87f2d17b-bc00-4f7a-b7e8-788558dd25ae.roa (raw, json)
Hash identifier:          Glo25z9xfUiy5KdJIrLJX77aPfpwVcsP2ipFzdP0IMY=
Subject key identifier:   9B:83:DC:96:4A:87:4E:C1:68:C1:58:34:16:51:78:6A:14:11:4B:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       141765A7534A6F519FE8ECC95EA0DF5E2732E9DA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87f2d17b-bc00-4f7a-b7e8-788558dd25ae.roa
Signing time:             Sun 19 Oct 2025 02:20:09 +0000
ROA not before:           Sun 19 Oct 2025 02:20:09 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        149.44.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:17:65:a7:53:4a:6f:51:9f:e8:ec:c9:5e:a0:df:5e:27:32:e9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 02:20:09 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=3a4f5d54e002da19570cf9177fb6e79d7e16411cb05c719488c2535f1794e164, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:0e:8b:71:e7:9f:42:1d:1a:09:e7:5e:3f:e8:
                    d1:6c:9f:41:66:c2:54:2d:e7:20:fd:48:7c:38:be:
                    58:c9:98:0c:ff:9d:c6:70:87:71:c5:6a:2f:2e:dd:
                    87:b9:be:93:4d:4d:1c:7c:41:6a:9a:23:30:64:6c:
                    cd:21:c5:b9:45:b9:d8:68:83:15:8a:9b:0d:5c:81:
                    70:7f:8e:82:eb:11:be:bf:52:ba:8d:75:2b:10:58:
                    16:80:84:43:ce:25:20:d9:36:46:65:b5:86:f7:43:
                    1c:e9:fc:4e:d3:61:20:c2:2e:43:b4:96:f9:26:64:
                    57:e8:ed:28:a4:32:00:2d:d0:45:4e:7a:e5:93:9f:
                    20:7d:41:00:d1:f5:a0:cf:4e:51:54:d0:bc:01:33:
                    d0:02:33:45:df:f0:f5:c4:ad:2e:05:97:3c:41:b0:
                    db:71:0c:62:1c:cb:54:ed:d8:1f:d4:91:f3:ce:43:
                    c2:28:eb:a5:e8:f3:0e:6d:87:0b:cb:86:40:0f:3f:
                    94:66:95:0d:d7:e6:c3:0f:ad:6e:e6:2d:05:b0:ae:
                    e0:c9:94:98:f3:d1:9a:39:18:50:60:a8:5e:84:c5:
                    07:07:32:d7:2b:ec:0f:c5:6f:f6:ee:35:9c:ca:10:
                    d7:fe:75:7e:98:8c:ad:ca:45:1c:9e:11:fb:da:3b:
                    d4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:83:DC:96:4A:87:4E:C1:68:C1:58:34:16:51:78:6A:14:11:4B:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87f2d17b-bc00-4f7a-b7e8-788558dd25ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.44.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:f6:bf:b6:81:94:63:f4:d9:a3:ee:77:60:c7:7c:37:06:b9:
         61:ca:d1:d0:2a:a1:f2:eb:c0:80:bc:25:d6:a7:39:00:64:22:
         74:d1:78:74:21:ec:a8:c5:16:ef:ad:bb:b4:81:5a:92:9c:60:
         f7:ab:ce:64:67:be:46:3c:1a:1a:72:82:80:28:3e:38:8f:61:
         82:39:ee:e8:cc:98:6f:8a:ec:28:ea:72:f0:af:5d:38:dd:8f:
         b9:b6:b6:43:8f:38:86:1a:c5:ee:29:86:51:35:4e:f2:6c:f3:
         94:3b:fa:8f:f4:a2:a7:eb:59:c0:3b:a4:df:3d:d4:9a:9a:aa:
         6f:e3:37:f8:d3:8b:78:84:96:46:bf:65:66:8a:63:99:e2:00:
         78:f5:29:50:7a:86:19:83:bb:e6:5c:34:9d:95:e4:6e:c3:06:
         d5:6a:6a:8f:84:72:aa:eb:21:cb:9c:9f:bd:29:16:0c:ae:29:
         93:e3:57:34:ed:f7:1f:f8:8d:50:86:de:25:ef:43:e2:7c:c0:
         3d:31:9e:9d:c9:05:9b:83:9c:1e:18:d0:b4:87:15:8d:d2:8e:
         72:2a:bb:85:35:ec:61:9d:65:17:06:a4:d4:6a:2d:9f:db:6b:
         5a:56:b5:5e:f0:b6:d9:cf:cf:33:87:b2:36:f3:a8:73:ae:64:
         4c:e8:89:08
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFBdlp1NKb1Gf6OzJXqDfXicy6dowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDIyMDA5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTRmNWQ1NGUwMDJkYTE5NTcwY2Y5MTc3ZmI2ZTc5ZDdl
MTY0MTFjYjA1YzcxOTQ4OGMyNTM1ZjE3OTRlMTY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnDotx559CHRoJ514/6NFsn0FmwlQt5yD9SHw4vljJmAz/
ncZwh3HFai8u3Ye5vpNNTRx8QWqaIzBkbM0hxblFudhogxWKmw1cgXB/joLrEb6/
UrqNdSsQWBaAhEPOJSDZNkZltYb3Qxzp/E7TYSDCLkO0lvkmZFfo7SikMgAt0EVO
euWTnyB9QQDR9aDPTlFU0LwBM9ACM0Xf8PXErS4FlzxBsNtxDGIcy1Tt2B/UkfPO
Q8Io66Xo8w5thwvLhkAPP5RmlQ3X5sMPrW7mLQWwruDJlJjz0Zo5GFBgqF6ExQcH
Mtcr7A/Fb/buNZzKENf+dX6YjK3KRRyeEfvaO9QhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUm4PclkqHTsFowVg0FlF4ahQRS2kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg3ZjJkMTdiLWJjMDAtNGY3YS1iN2U4LTc4ODU1OGRkMjVhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCVLDANBgkqhkiG9w0BAQsFAAOCAQEAsva/toGUY/TZo+53YMd8Nwa5YcrR
0Cqh8uvAgLwl1qc5AGQidNF4dCHsqMUW7627tIFakpxg96vOZGe+RjwaGnKCgCg+
OI9hgjnu6MyYb4rsKOpy8K9dON2Puba2Q484hhrF7imGUTVO8mzzlDv6j/Sip+tZ
wDuk3z3Umpqqb+M3+NOLeISWRr9lZopjmeIAePUpUHqGGYO75lw0nZXkbsMG1Wpq
j4Ryqushy5yfvSkWDK4pk+NXNO33H/iNUIbeJe9D4nzAPTGenckFm4OcHhjQtIcV
jdKOciq7hTXsYZ1lFwak1Gotn9trWla1XvC22c/PM4eyNvOoc65kTOiJCA==
-----END CERTIFICATE-----