Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9467035e-ac22-4ed7-bdeb-771152f3e853.roa
File:                     9467035e-ac22-4ed7-bdeb-771152f3e853.roa (raw, json)
Hash identifier:          a4h9w58F3gMjI7ld4ISxIcGTebwt5rLoHZax4J4DI8c=
Subject key identifier:   23:47:BB:6C:64:2C:04:B3:14:EF:4D:30:F1:F1:D7:6D:DA:D6:8C:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54AF23463E907A39B89279D7516164778A0AEE2B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9467035e-ac22-4ed7-bdeb-771152f3e853.roa
Signing time:             Thu 13 Nov 2025 00:51:56 +0000
ROA not before:           Thu 13 Nov 2025 00:51:56 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        170.68.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:af:23:46:3e:90:7a:39:b8:92:79:d7:51:61:64:77:8a:0a:ee:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:51:56 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=5f2d2624f6e1c49ba9318a0d99dc14bef4617b0e9aece0cc4dd8df20153afc94, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:90:80:6f:33:d7:08:5c:f5:c2:c6:fe:69:f0:
                    b8:d1:6a:ba:0a:1e:1b:7d:34:14:ce:02:d0:38:65:
                    67:ea:65:52:0c:01:99:63:4b:d1:22:63:a0:26:75:
                    10:a9:4a:10:fb:30:f3:b5:58:10:54:52:2c:b2:fe:
                    ec:86:e5:51:d9:89:44:89:69:f5:27:e0:c5:3e:94:
                    0f:fe:71:12:98:86:42:42:fa:d3:d0:05:65:54:11:
                    7c:0f:2a:67:9c:7b:e9:1d:eb:35:8e:33:08:e7:bd:
                    ff:f4:f1:60:64:55:2b:2e:02:3a:6f:8a:e3:c8:48:
                    43:00:52:48:1e:54:49:63:33:d5:fa:4e:f5:9c:0a:
                    17:61:85:66:59:c8:b1:54:86:72:06:16:05:54:30:
                    b1:06:fd:ed:77:11:34:4f:70:d3:e7:72:eb:51:96:
                    2a:fe:6c:94:92:4c:ac:21:66:e8:6a:c5:82:b8:48:
                    ef:c0:94:48:91:5d:df:57:09:e0:5f:aa:7f:45:ea:
                    4d:0c:93:c4:b3:78:f2:39:1e:10:61:05:a2:56:42:
                    f5:21:62:5c:aa:79:2e:7a:7c:61:f4:42:cb:c8:34:
                    59:f8:5b:f3:75:aa:ad:38:4b:77:25:55:e4:c8:eb:
                    d4:04:cc:b7:a2:6b:7d:71:6e:c6:cf:29:cc:a6:37:
                    91:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:47:BB:6C:64:2C:04:B3:14:EF:4D:30:F1:F1:D7:6D:DA:D6:8C:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9467035e-ac22-4ed7-bdeb-771152f3e853.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.68.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         49:73:8f:90:b0:50:fe:34:03:1a:de:90:cc:80:75:44:80:4c:
         b1:90:07:e4:29:62:98:6a:ec:ab:e1:a2:f2:83:19:b0:e9:86:
         99:6c:b2:36:42:78:16:11:cf:07:76:e6:f0:34:dc:62:bd:e0:
         8f:59:3e:3b:f3:0b:bd:b7:71:b6:53:f9:ff:43:32:39:04:3b:
         c1:11:74:3c:5f:b7:9c:e7:4d:78:e5:90:79:96:b4:57:e4:42:
         f3:f5:ac:3a:6e:46:28:34:de:3d:7e:0c:98:2e:8b:6c:c9:a1:
         62:e9:22:77:27:13:9c:44:71:8e:06:bd:4f:d7:6e:66:6c:71:
         f5:1c:c1:58:10:f6:2c:db:75:2c:b4:9a:6b:b7:64:5f:5f:21:
         dc:53:2d:df:92:76:27:c3:0b:7b:c9:d2:67:68:d3:6a:fa:f7:
         ba:03:4d:b8:ad:01:60:d0:27:fd:dd:28:5d:9a:22:b1:d2:a4:
         73:79:e8:f6:1d:3c:0a:52:ad:82:2e:08:14:71:b1:99:53:fc:
         99:90:7c:9e:c4:1e:72:b3:d8:f5:77:76:75:ac:32:f6:02:03:
         29:dc:af:3e:48:58:b9:86:d7:dc:f7:b8:68:1d:64:a4:db:72:
         20:73:67:65:3f:d6:07:de:f5:71:52:e9:01:a1:6a:10:3d:36:
         c5:dc:8a:bc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVK8jRj6Qejm4knnXUWFkd4oK7iswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDA1MTU2WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjJkMjYyNGY2ZTFjNDliYTkzMThhMGQ5OWRjMTRiZWY0
NjE3YjBlOWFlY2UwY2M0ZGQ4ZGYyMDE1M2FmYzk0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgkIBvM9cIXPXCxv5p8LjRaroKHht9NBTOAtA4ZWfqZVIM
AZljS9EiY6AmdRCpShD7MPO1WBBUUiyy/uyG5VHZiUSJafUn4MU+lA/+cRKYhkJC
+tPQBWVUEXwPKmece+kd6zWOMwjnvf/08WBkVSsuAjpviuPISEMAUkgeVEljM9X6
TvWcChdhhWZZyLFUhnIGFgVUMLEG/e13ETRPcNPncutRlir+bJSSTKwhZuhqxYK4
SO/AlEiRXd9XCeBfqn9F6k0Mk8SzePI5HhBhBaJWQvUhYlyqeS56fGH0QsvINFn4
W/N1qq04S3clVeTI69QEzLeia31xbsbPKcymN5H3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUI0e7bGQsBLMU700w8fHXbdrWjK0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0NjcwMzVlLWFjMjItNGVkNy1iZGViLTc3MTE1MmYzZTg1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCqRDANBgkqhkiG9w0BAQsFAAOCAQEASXOPkLBQ/jQDGt6QzIB1RIBMsZAH
5ClimGrsq+Gi8oMZsOmGmWyyNkJ4FhHPB3bm8DTcYr3gj1k+O/MLvbdxtlP5/0My
OQQ7wRF0PF+3nOdNeOWQeZa0V+RC8/WsOm5GKDTePX4MmC6LbMmhYukidycTnERx
jga9T9duZmxx9RzBWBD2LNt1LLSaa7dkX18h3FMt35J2J8MLe8nSZ2jTavr3ugNN
uK0BYNAn/d0oXZoisdKkc3no9h08ClKtgi4IFHGxmVP8mZB8nsQecrPY9Xd2dawy
9gIDKdyvPkhYuYbX3Pe4aB1kpNtyIHNnZT/WB971cVLpAaFqED02xdyKvA==
-----END CERTIFICATE-----