Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0c4726a-289c-4d44-8fd7-1b91e1d5da9a.roa
File:                     a0c4726a-289c-4d44-8fd7-1b91e1d5da9a.roa (raw, json)
Hash identifier:          8riu4g1Gr9iE0Euq0X0hcCWu5Gl6/DCN4B0bbUQOCO8=
Subject key identifier:   13:E2:1C:EC:3A:C1:A3:2D:AF:6D:A8:D9:D3:17:B2:5B:F4:68:9B:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A5C40E6E2EEDDC7C95580F99BECA1A3364DD315
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0c4726a-289c-4d44-8fd7-1b91e1d5da9a.roa
Signing time:             Tue 21 Oct 2025 00:30:11 +0000
ROA not before:           Tue 21 Oct 2025 00:30:11 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        153.47.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:5c:40:e6:e2:ee:dd:c7:c9:55:80:f9:9b:ec:a1:a3:36:4d:d3:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:30:11 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=05ea14d24433093a0f6d26ac4aebb605e540c1f42096fd8a080c9792f9cb8af0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8d:cc:fe:b5:53:3c:70:c6:08:cc:58:be:0b:
                    72:44:af:80:e6:94:9e:e1:91:84:0a:2f:e8:cc:d8:
                    fa:11:12:ae:7b:52:e5:18:74:5a:f7:91:7a:6d:97:
                    ed:26:80:1c:8b:b4:86:07:68:24:7a:a1:c7:c2:9e:
                    3e:df:67:13:d4:0d:9b:ca:7c:98:53:92:a1:84:ab:
                    d2:26:f9:5f:d9:e5:5d:f1:b5:d9:31:99:fd:1b:a8:
                    5a:00:97:14:50:55:3b:35:26:9d:90:22:14:e3:f4:
                    73:8f:91:cc:76:81:09:39:76:cc:79:63:f2:bc:7e:
                    6a:50:51:a9:92:03:4d:22:70:1e:3a:18:06:f5:df:
                    54:f8:29:a6:96:b7:93:90:e6:de:56:5c:1e:cb:f8:
                    83:99:56:13:82:2d:ec:bb:ad:68:86:45:26:d9:79:
                    86:34:8b:c2:43:3b:5e:13:8a:be:e2:75:8f:e9:6d:
                    4f:06:37:70:5e:91:3b:00:29:b6:d2:0d:10:e3:51:
                    eb:28:58:d2:70:85:b1:3c:9c:53:0f:5f:ee:af:f3:
                    ec:70:29:a0:b3:ac:68:0b:ea:51:fc:cd:f0:4a:53:
                    35:c7:bb:58:99:26:e4:b3:49:18:4c:47:3e:da:5b:
                    de:0b:30:62:06:54:7e:aa:5b:87:96:8f:da:c7:ee:
                    a2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:E2:1C:EC:3A:C1:A3:2D:AF:6D:A8:D9:D3:17:B2:5B:F4:68:9B:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0c4726a-289c-4d44-8fd7-1b91e1d5da9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.47.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c7:85:5d:19:cd:29:ba:66:6f:76:1d:dd:46:7c:af:6b:0e:00:
         1f:6e:08:db:35:f9:a7:b0:f5:8d:0f:ce:7c:9f:31:c2:45:b3:
         5f:74:03:1b:6f:75:0b:be:a2:7b:c0:2d:7b:4f:b9:be:1b:38:
         c2:4b:54:ee:39:4e:61:f8:2f:9c:1c:f1:e6:7d:43:9e:03:65:
         31:a5:ce:a0:c5:80:72:ca:a4:c0:3d:28:90:a7:31:0d:31:a0:
         b4:e8:bf:2d:63:73:91:b3:4c:5b:51:cf:88:24:97:7f:51:a5:
         9f:13:92:0c:76:87:91:94:69:be:06:f8:83:fb:8c:d3:c9:58:
         0c:65:11:89:ba:55:8f:75:e9:e6:ab:f8:e2:2e:2f:05:aa:a0:
         97:7a:15:d2:0a:ac:d9:60:87:37:dd:49:5a:37:d5:a1:31:d0:
         74:f3:26:6c:22:1f:d9:93:8c:f0:0c:14:4e:2e:ba:87:e4:e4:
         ee:90:f8:c2:11:07:bf:9b:42:ca:0d:fe:1f:80:7b:ed:15:e8:
         7f:60:8c:db:0a:6f:d8:14:36:16:51:43:bc:7a:2c:5b:4f:5b:
         e9:75:3a:b8:8a:f2:4d:59:62:0b:80:78:c0:77:62:d8:79:0b:
         4c:f1:20:a8:2f:dd:a9:29:f7:54:fb:98:db:01:84:2c:5d:ce:
         35:8f:37:43
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUClxA5uLu3cfJVYD5m+yhozZN0xUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAzMDExWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWVhMTRkMjQ0MzMwOTNhMGY2ZDI2YWM0YWViYjYwNWU1
NDBjMWY0MjA5NmZkOGEwODBjOTc5MmY5Y2I4YWYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDejcz+tVM8cMYIzFi+C3JEr4DmlJ7hkYQKL+jM2PoREq57
UuUYdFr3kXptl+0mgByLtIYHaCR6ocfCnj7fZxPUDZvKfJhTkqGEq9Im+V/Z5V3x
tdkxmf0bqFoAlxRQVTs1Jp2QIhTj9HOPkcx2gQk5dsx5Y/K8fmpQUamSA00icB46
GAb131T4KaaWt5OQ5t5WXB7L+IOZVhOCLey7rWiGRSbZeYY0i8JDO14Tir7idY/p
bU8GN3BekTsAKbbSDRDjUesoWNJwhbE8nFMPX+6v8+xwKaCzrGgL6lH8zfBKUzXH
u1iZJuSzSRhMRz7aW94LMGIGVH6qW4eWj9rH7qLVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUE+Ic7DrBoy2vbajZ0xeyW/Rom/4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EwYzQ3MjZhLTI4OWMtNGQ0NC04ZmQ3LTFiOTFlMWQ1ZGE5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCZLzANBgkqhkiG9w0BAQsFAAOCAQEAx4VdGc0pumZvdh3dRnyvaw4AH24I
2zX5p7D1jQ/OfJ8xwkWzX3QDG291C76ie8Ate0+5vhs4wktU7jlOYfgvnBzx5n1D
ngNlMaXOoMWAcsqkwD0okKcxDTGgtOi/LWNzkbNMW1HPiCSXf1GlnxOSDHaHkZRp
vgb4g/uM08lYDGURibpVj3Xp5qv44i4vBaqgl3oV0gqs2WCHN91JWjfVoTHQdPMm
bCIf2ZOM8AwUTi66h+Tk7pD4whEHv5tCyg3+H4B77RXof2CM2wpv2BQ2FlFDvHos
W09b6XU6uIryTVliC4B4wHdi2HkLTPEgqC/dqSn3VPuY2wGELF3ONY83Qw==
-----END CERTIFICATE-----