Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8fadca1-ece1-4fd9-8c0c-44964044b286.roa
File:                     d8fadca1-ece1-4fd9-8c0c-44964044b286.roa (raw, json)
Hash identifier:          IP2an+zu3XXTPXxcWa2L0l/l6r0BP0752ftWy1RI0G0=
Subject key identifier:   D4:23:E9:79:50:09:05:0D:45:91:04:8F:56:24:AB:E7:43:DD:DB:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A07FDC88D579040C110950AACE7D34DA9248ACD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8fadca1-ece1-4fd9-8c0c-44964044b286.roa
Signing time:             Sat 15 Nov 2025 00:11:05 +0000
ROA not before:           Sat 15 Nov 2025 00:11:05 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        142.54.128.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:07:fd:c8:8d:57:90:40:c1:10:95:0a:ac:e7:d3:4d:a9:24:8a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:11:05 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=131fe896209bc78b4121c1868f9a88e3e8dc6e13f3a76eeb6b3cb7876cf5ebb4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e3:19:d7:ed:d0:6f:95:f9:8f:4e:9c:00:b6:
                    a1:fb:36:23:1a:e8:c0:e1:3d:dd:0c:de:93:d3:76:
                    a6:29:e7:3e:12:48:99:bd:5e:09:e8:fb:ec:89:55:
                    80:44:3b:78:03:0d:e8:fc:6d:e8:84:44:ea:3b:94:
                    68:73:3e:7c:72:a4:96:1e:de:f8:e9:11:55:14:72:
                    d4:4b:c8:30:d1:41:3f:53:6b:aa:db:6e:32:1a:3b:
                    f2:9e:3b:d4:8f:7b:e7:43:7c:18:23:c8:da:e1:49:
                    c0:83:5d:36:7a:b8:28:63:99:20:b0:37:e7:12:64:
                    7e:59:c7:4d:a7:ab:4a:e2:dc:48:3d:85:32:2e:e5:
                    b7:a7:7e:6f:25:d3:ff:dd:43:e0:75:67:3d:4d:a2:
                    3a:eb:2c:4f:a2:0d:e3:62:d5:8a:a0:40:fb:f7:18:
                    1f:87:c8:f6:c6:02:0a:ea:11:60:66:19:8c:b5:31:
                    cd:dc:da:ee:f3:92:e1:7e:d6:65:20:b1:7d:d7:aa:
                    d5:c9:39:e0:d5:e5:cb:8e:d9:0d:79:6a:a4:19:dc:
                    21:eb:ae:56:2c:b0:7f:b3:fe:4d:a8:b8:b9:70:11:
                    a9:b6:7f:9c:be:06:35:6e:21:8b:bd:51:ae:9a:05:
                    44:18:3f:9c:c3:33:09:bc:cd:b2:f7:90:fe:a1:20:
                    ce:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:23:E9:79:50:09:05:0D:45:91:04:8F:56:24:AB:E7:43:DD:DB:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8fadca1-ece1-4fd9-8c0c-44964044b286.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  142.54.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2d:19:a4:7e:59:0f:30:50:fd:cf:3e:8f:58:57:38:e2:54:29:
         e4:94:7a:84:53:ee:b9:f5:3b:6d:38:87:c9:c5:29:c8:ac:38:
         c4:cb:26:73:e4:42:0f:e3:b5:f1:32:16:ee:8c:41:ae:47:df:
         9d:d1:04:93:1a:ea:33:45:e1:16:ad:21:61:2d:ae:40:95:b6:
         de:4a:f7:72:1f:6b:38:d9:7d:e2:b6:6d:8d:3c:34:ee:d3:26:
         9e:7d:00:a1:40:8e:4a:ad:84:02:86:2f:4e:83:63:27:a3:81:
         71:b9:99:b5:02:9e:fa:50:5e:02:1d:70:d7:a9:e8:18:38:2d:
         8e:9d:5f:6f:06:ec:00:14:99:c9:93:77:9e:82:1e:32:ef:56:
         1e:0f:98:a5:2e:fc:e2:b8:ac:50:7d:d0:ca:21:b9:4f:88:71:
         16:c0:8c:e0:2e:ce:73:8a:b3:07:aa:d1:2c:90:3f:0b:62:d3:
         1e:1e:b8:38:91:cd:0c:76:e4:d0:73:b8:f5:ad:d4:60:84:a9:
         13:71:ad:d7:3f:cc:bf:82:12:77:21:d9:67:89:33:58:b9:20:
         7a:ca:da:43:8c:0f:8e:b0:ae:4a:9d:bc:b4:d8:e4:30:a7:b7:
         d9:c5:56:6d:d3:2d:15:06:32:3f:8c:67:51:e8:6f:1b:7d:71:
         92:52:14:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCgf9yI1XkEDBEJUKrOfTTakkis0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDAxMTA1WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzFmZTg5NjIwOWJjNzhiNDEyMWMxODY4ZjlhODhlM2U4
ZGM2ZTEzZjNhNzZlZWI2YjNjYjc4NzZjZjVlYmI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh4xnX7dBvlfmPTpwAtqH7NiMa6MDhPd0M3pPTdqYp5z4S
SJm9Xgno++yJVYBEO3gDDej8beiEROo7lGhzPnxypJYe3vjpEVUUctRLyDDRQT9T
a6rbbjIaO/KeO9SPe+dDfBgjyNrhScCDXTZ6uChjmSCwN+cSZH5Zx02nq0ri3Eg9
hTIu5benfm8l0//dQ+B1Zz1NojrrLE+iDeNi1YqgQPv3GB+HyPbGAgrqEWBmGYy1
Mc3c2u7zkuF+1mUgsX3XqtXJOeDV5cuO2Q15aqQZ3CHrrlYssH+z/k2ouLlwEam2
f5y+BjVuIYu9Ua6aBUQYP5zDMwm8zbL3kP6hIM6vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1CPpeVAJBQ1FkQSPViSr50Pd29MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4ZmFkY2ExLWVjZTEtNGZkOS04YzBjLTQ0OTY0MDQ0YjI4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWONoAwDQYJKoZIhvcNAQELBQADggEBAC0ZpH5ZDzBQ/c8+j1hXOOJUKeSU
eoRT7rn1O204h8nFKcisOMTLJnPkQg/jtfEyFu6MQa5H353RBJMa6jNF4RatIWEt
rkCVtt5K93IfazjZfeK2bY08NO7TJp59AKFAjkqthAKGL06DYyejgXG5mbUCnvpQ
XgIdcNep6Bg4LY6dX28G7AAUmcmTd56CHjLvVh4PmKUu/OK4rFB90MohuU+IcRbA
jOAuznOKsweq0SyQPwti0x4euDiRzQx25NBzuPWt1GCEqRNxrdc/zL+CEnch2WeJ
M1i5IHrK2kOMD46wrkqdvLTY5DCnt9nFVm3TLRUGMj+MZ1Hobxt9cZJSFO8=
-----END CERTIFICATE-----