Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa
File:                     d845b310-ed3d-4505-8597-970be13c03af.roa (raw, json)
Hash identifier:          rWWkbJd32P/1gn7FWvsv/gSvX3hwLqbpwn3L/1qzIAg=
Subject key identifier:   F3:F9:48:63:49:72:6F:EF:71:53:70:FB:16:BC:D9:C6:F0:AE:85:DD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18D3D90D64AAD44B4B0A38E162A01AB877B70E48
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa
Signing time:             Thu 13 Nov 2025 00:30:45 +0000
ROA not before:           Thu 13 Nov 2025 00:30:45 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        156.4.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:d3:d9:0d:64:aa:d4:4b:4b:0a:38:e1:62:a0:1a:b8:77:b7:0e:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:30:45 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=ac3c72a09086aafb87ca41dff523aa53e7dbfa8a7339b10055998165e67ad635, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:74:ea:fd:c3:db:5d:8d:36:af:78:d3:9c:46:
                    83:b0:bf:07:de:1c:1d:06:44:5f:ae:89:44:45:3a:
                    e1:df:55:17:a6:ee:65:b7:db:ac:b6:1b:3a:4b:c4:
                    aa:d7:34:e0:90:b4:7b:79:91:a4:c5:49:0d:ab:ec:
                    14:8e:a6:f0:ba:d0:75:75:e7:b9:10:50:b8:7c:ef:
                    be:ed:d2:74:8a:9d:ed:ce:5f:de:43:2f:59:83:0e:
                    7d:c8:99:d9:a1:61:6e:36:04:25:6d:4a:df:e4:e9:
                    23:ea:46:ad:67:c0:0b:fe:3d:97:45:0b:25:82:c3:
                    92:98:8e:a6:07:de:c5:1b:f3:2b:1c:5c:dd:3a:36:
                    1e:4e:92:10:e1:4c:c4:a6:89:cd:49:68:d6:83:98:
                    2f:73:4c:08:a0:c4:ec:93:ce:5b:53:ce:b4:fa:3e:
                    28:5c:e6:de:3d:86:f6:d7:53:e5:2a:a1:50:ec:cc:
                    e1:18:e2:c9:ee:6a:53:8f:20:85:25:b3:65:47:5e:
                    8b:51:e0:be:a2:30:4f:3f:81:2e:29:9f:ec:7e:33:
                    e9:87:90:14:e1:5d:77:81:2a:e7:b7:a0:54:af:e0:
                    ec:c2:38:48:1c:81:03:72:41:c7:f3:2e:18:7f:6a:
                    c0:e7:13:7b:af:24:e5:0f:37:0a:cc:19:c8:23:be:
                    6c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F9:48:63:49:72:6F:EF:71:53:70:FB:16:BC:D9:C6:F0:AE:85:DD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.4.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         ce:0c:1a:cf:9d:9f:5b:10:18:0e:25:e7:69:b5:8c:3b:10:6d:
         4d:c4:b6:7e:be:5d:94:1a:98:fb:ce:02:e0:5a:a2:bb:19:d4:
         3a:eb:38:2d:2c:32:f6:71:09:19:91:a4:16:5d:a8:de:41:a5:
         89:60:0a:09:bc:19:f6:eb:33:f7:1d:83:13:1c:85:c7:1e:0e:
         ba:05:83:c5:1f:60:bd:e0:70:5a:50:f4:01:91:bc:31:4c:6b:
         27:9c:e7:38:cd:6b:42:33:c8:2e:1a:0f:fa:7c:f1:a9:f5:50:
         ac:bd:97:6c:bf:b2:c4:be:b7:b3:55:20:00:66:41:ff:fb:9f:
         ba:90:7f:68:da:c8:d3:d6:ce:aa:9f:aa:3f:51:7a:91:0e:ec:
         c2:e5:d4:7b:42:92:32:50:52:1f:e8:ae:13:0b:56:e8:26:40:
         9d:bc:8c:a5:d9:45:59:ee:d2:9a:77:ce:ed:fa:65:7a:00:d2:
         40:b1:3b:f2:01:38:60:b0:c3:58:80:37:f3:3e:0d:2a:22:48:
         c0:2b:1f:a4:9d:bd:3f:5c:e0:51:34:9b:02:99:89:fb:55:2f:
         88:e1:f0:44:e7:37:4e:73:19:e8:d6:8c:c7:32:84:ba:ac:36:
         37:cc:68:84:d3:5a:b8:1a:04:b3:ab:60:2f:0d:23:7b:c5:c5:
         cd:89:6a:9f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGNPZDWSq1EtLCjjhYqAauHe3DkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAzMDQ1WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzNjNzJhMDkwODZhYWZiODdjYTQxZGZmNTIzYWE1M2U3
ZGJmYThhNzMzOWIxMDA1NTk5ODE2NWU2N2FkNjM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCydOr9w9tdjTaveNOcRoOwvwfeHB0GRF+uiURFOuHfVRem
7mW326y2GzpLxKrXNOCQtHt5kaTFSQ2r7BSOpvC60HV157kQULh8777t0nSKne3O
X95DL1mDDn3ImdmhYW42BCVtSt/k6SPqRq1nwAv+PZdFCyWCw5KYjqYH3sUb8ysc
XN06Nh5OkhDhTMSmic1JaNaDmC9zTAigxOyTzltTzrT6Pihc5t49hvbXU+UqoVDs
zOEY4snualOPIIUls2VHXotR4L6iME8/gS4pn+x+M+mHkBThXXeBKue3oFSv4OzC
OEgcgQNyQcfzLhh/asDnE3uvJOUPNwrMGcgjvmz3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8/lIY0lyb+9xU3D7FrzZxvCuhd0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4NDViMzEwLWVkM2QtNDUwNS04NTk3LTk3MGJlMTNjMDNhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwGcBDANBgkqhkiG9w0BAQsFAAOCAQEAzgwaz52fWxAYDiXnabWMOxBtTcS2
fr5dlBqY+84C4FqiuxnUOus4LSwy9nEJGZGkFl2o3kGliWAKCbwZ9usz9x2DExyF
xx4OugWDxR9gveBwWlD0AZG8MUxrJ5znOM1rQjPILhoP+nzxqfVQrL2XbL+yxL63
s1UgAGZB//ufupB/aNrI09bOqp+qP1F6kQ7swuXUe0KSMlBSH+iuEwtW6CZAnbyM
pdlFWe7SmnfO7fplegDSQLE78gE4YLDDWIA38z4NKiJIwCsfpJ29P1zgUTSbApmJ
+1UviOHwROc3TnMZ6NaMxzKEuqw2N8xohNNauBoEs6tgLw0je8XFzYlqnw==
-----END CERTIFICATE-----