Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e18da5a-f870-44ce-b5d0-8665afe2c5c7.roa
File:                     8e18da5a-f870-44ce-b5d0-8665afe2c5c7.roa (raw, json)
Hash identifier:          qQVBXIpbUzKVWOAo+gGJUxlzemGEokZAgqyNJ/xHNlk=
Subject key identifier:   7B:18:26:57:EC:9B:C9:F1:A7:DD:E9:10:F8:78:1C:80:14:79:76:A1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7942AECEA697F88102AC650D1A58839525E7BA01
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e18da5a-f870-44ce-b5d0-8665afe2c5c7.roa
Signing time:             Tue 21 Oct 2025 00:31:00 +0000
ROA not before:           Tue 21 Oct 2025 00:31:00 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        167.243.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:42:ae:ce:a6:97:f8:81:02:ac:65:0d:1a:58:83:95:25:e7:ba:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:31:00 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=a333f2d2620e3541122f49438d6f64eb2978f97fec9b4d69a9952f49ca5887fa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:d3:b0:20:f9:17:54:90:d2:d9:88:ef:ae:
                    9e:3f:0f:e1:9b:25:07:9d:e8:00:97:9d:f0:cc:73:
                    22:60:c4:9f:34:6e:5a:6c:ba:31:4c:46:76:df:0e:
                    48:30:db:cd:4f:1b:d0:e1:ef:4b:22:df:e0:18:39:
                    d8:4b:7f:5b:48:5e:55:76:6f:e3:88:0f:04:51:7e:
                    aa:e0:8e:1c:ed:56:26:e7:58:f0:08:a3:55:fb:0b:
                    82:c4:0b:13:65:9f:ff:8a:ac:43:50:82:d3:70:a7:
                    a5:00:86:b4:31:23:0a:7c:f0:d0:90:7d:e7:12:e3:
                    96:21:42:cc:3b:86:06:65:69:53:e9:05:c6:2d:06:
                    ff:6a:fb:09:b9:5b:47:8d:fc:06:a8:84:6a:3c:52:
                    da:a8:84:2e:33:c0:c5:29:3b:c6:3e:a0:47:a3:56:
                    a1:28:04:54:44:ee:33:68:91:da:2f:53:d8:75:37:
                    ca:33:3e:8b:3f:37:20:74:2b:91:be:07:5b:38:4f:
                    5c:39:d6:c7:bf:5c:50:f3:67:59:a9:8d:7d:27:14:
                    e0:48:9c:52:e3:de:37:a0:b6:74:9b:5f:4b:62:bd:
                    79:d5:2a:3f:b8:80:f4:09:20:db:7b:26:1a:76:18:
                    1b:48:05:ff:6d:b3:e8:6f:f6:2e:06:9f:d0:59:36:
                    bc:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:18:26:57:EC:9B:C9:F1:A7:DD:E9:10:F8:78:1C:80:14:79:76:A1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e18da5a-f870-44ce-b5d0-8665afe2c5c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.243.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ad:e0:be:b2:d5:1f:c4:0b:08:2c:ce:c3:e4:d6:ee:dc:83:f0:
         8a:50:e5:b4:aa:57:5a:94:4e:0a:06:93:6c:8e:59:5a:80:22:
         35:d7:48:ac:6c:ef:b4:5f:9c:27:0a:7f:d3:69:c4:3a:50:cd:
         09:eb:1f:e1:ed:7e:1d:96:f3:e6:2f:d8:37:17:63:11:9d:68:
         42:02:b1:4b:8c:23:4f:3a:69:70:94:f0:93:53:9d:2a:6d:d0:
         47:4c:20:0e:51:54:dc:e8:9a:f8:b6:7b:b8:17:29:94:2f:ad:
         d5:16:4e:a6:99:2d:df:5e:ee:0e:4c:f1:e0:1f:86:78:80:06:
         3b:d6:d0:67:23:12:b6:14:53:35:77:61:34:8d:ea:59:f9:c3:
         33:ee:57:77:de:fe:b5:ba:f0:84:22:f2:86:0f:8c:44:03:fb:
         b2:af:4c:3a:40:ba:93:ba:39:3e:48:17:aa:2b:af:5c:13:5e:
         e2:9d:34:05:7b:f3:21:3b:08:73:50:d4:ff:35:80:d4:c9:77:
         99:53:e2:97:ad:ec:fb:5a:7a:2b:ba:13:0f:06:da:54:c3:f2:
         39:2b:19:0c:45:91:49:d8:c1:e8:00:c2:d5:6c:2f:a8:43:16:
         17:57:01:c7:f4:ed:2c:f6:d2:08:e3:f3:5d:23:63:7d:83:e8:
         20:67:9e:68
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeUKuzqaX+IECrGUNGliDlSXnugEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAzMTAwWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzMzZjJkMjYyMGUzNTQxMTIyZjQ5NDM4ZDZmNjRlYjI5
NzhmOTdmZWM5YjRkNjlhOTk1MmY0OWNhNTg4N2ZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/vdOwIPkXVJDS2Yjvrp4/D+GbJQed6ACXnfDMcyJgxJ80
blpsujFMRnbfDkgw281PG9Dh70si3+AYOdhLf1tIXlV2b+OIDwRRfqrgjhztVibn
WPAIo1X7C4LECxNln/+KrENQgtNwp6UAhrQxIwp88NCQfecS45YhQsw7hgZlaVPp
BcYtBv9q+wm5W0eN/AaohGo8UtqohC4zwMUpO8Y+oEejVqEoBFRE7jNokdovU9h1
N8ozPos/NyB0K5G+B1s4T1w51se/XFDzZ1mpjX0nFOBInFLj3jegtnSbX0tivXnV
Kj+4gPQJINt7Jhp2GBtIBf9ts+hv9i4Gn9BZNrwJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUexgmV+ybyfGn3ekQ+HgcgBR5dqEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhlMThkYTVhLWY4NzAtNDRjZS1iNWQwLTg2NjVhZmUyYzVjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCn8zANBgkqhkiG9w0BAQsFAAOCAQEAreC+stUfxAsILM7D5Nbu3IPwilDl
tKpXWpROCgaTbI5ZWoAiNddIrGzvtF+cJwp/02nEOlDNCesf4e1+HZbz5i/YNxdj
EZ1oQgKxS4wjTzppcJTwk1OdKm3QR0wgDlFU3Oia+LZ7uBcplC+t1RZOppkt317u
Dkzx4B+GeIAGO9bQZyMSthRTNXdhNI3qWfnDM+5Xd97+tbrwhCLyhg+MRAP7sq9M
OkC6k7o5PkgXqiuvXBNe4p00BXvzITsIc1DU/zWA1Ml3mVPil63s+1p6K7oTDwba
VMPyOSsZDEWRSdjB6ADC1WwvqEMWF1cBx/TtLPbSCOPzXSNjfYPoIGeeaA==
-----END CERTIFICATE-----