Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f13d14a2-c781-4f14-97b1-44c231676d28.roa
File:                     f13d14a2-c781-4f14-97b1-44c231676d28.roa (raw, json)
Hash identifier:          TeyOaTV0pmqsELrEqXdQ0jB4vv40NGKMTh6/FxQAddM=
Subject key identifier:   63:AF:92:02:5F:2E:32:25:8D:5F:A4:9A:07:1A:1F:4B:19:50:06:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20D32EE6FE015107F12F20D516B133AAD80AD205
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f13d14a2-c781-4f14-97b1-44c231676d28.roa
Signing time:             Sat 18 Oct 2025 03:01:39 +0000
ROA not before:           Sat 18 Oct 2025 03:01:39 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        167.97.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:d3:2e:e6:fe:01:51:07:f1:2f:20:d5:16:b1:33:aa:d8:0a:d2:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 03:01:39 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=7d3914bad83085974ecbbca4903f9b6873c69745db4bb711542cb2faaee79ad3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:26:cd:62:d9:aa:67:ae:7a:44:44:b6:5b:e1:
                    f9:5d:13:1f:e1:c4:5a:8f:8c:ac:85:76:aa:27:60:
                    4d:6d:26:ef:8d:94:c1:82:a6:0d:e0:ed:a3:70:fa:
                    6a:d5:c3:1d:f9:aa:8f:f5:38:08:63:18:fa:97:46:
                    e9:5f:e5:a0:4a:86:66:07:01:ad:e5:e9:53:4b:84:
                    f2:b4:e6:c5:74:b3:94:4a:9b:3f:33:a4:68:4f:c5:
                    74:78:90:46:a2:74:0c:64:fe:78:7e:cb:c8:f6:28:
                    f0:71:0d:bc:1c:d8:ac:51:19:36:40:52:73:af:1f:
                    98:5f:0f:57:0f:99:11:be:7c:35:1a:ec:33:c9:21:
                    d2:b7:f6:95:a4:fc:00:f9:b6:9e:71:d5:68:69:4d:
                    c3:48:e0:45:ea:17:57:ba:ed:7e:50:4a:3b:1f:e5:
                    d8:bd:e4:e4:a9:41:27:56:bf:95:c6:33:43:8c:ea:
                    bc:39:f8:2d:10:74:8a:b3:72:cc:92:4e:5b:3f:90:
                    4e:19:79:4b:d8:2b:2c:39:99:f7:83:c3:5c:6a:8a:
                    15:35:de:07:62:51:4d:f2:5f:5c:39:b2:8a:0e:e4:
                    80:21:e6:0b:b2:fd:42:b1:8b:db:ca:e7:56:15:dc:
                    55:b2:ae:76:cf:42:72:b1:2d:dd:4b:31:89:e6:ce:
                    af:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:AF:92:02:5F:2E:32:25:8D:5F:A4:9A:07:1A:1F:4B:19:50:06:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f13d14a2-c781-4f14-97b1-44c231676d28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.97.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9c:65:66:1f:11:09:51:e1:22:db:ed:f8:93:f1:a9:c6:6a:20:
         a6:e5:2c:ff:f9:f8:4f:8c:e4:16:31:b0:4f:aa:d3:4c:39:c2:
         68:40:3a:45:b0:2c:75:df:d5:e2:db:0b:0b:e0:72:56:7e:c4:
         51:42:1b:41:a2:8d:07:1e:38:46:22:00:e5:b8:76:14:86:f9:
         cf:1f:e3:1f:58:11:9e:67:c6:2b:df:3e:39:a4:ee:d0:a2:78:
         17:6e:8a:76:eb:07:ef:02:ca:ca:46:3d:ea:6b:1f:fe:d7:de:
         0d:7f:69:18:81:f1:b8:b3:85:58:3a:0e:39:5b:be:a6:cc:7f:
         f6:e5:0e:2e:db:52:bf:26:11:c9:d4:86:e5:5c:c0:a4:97:cd:
         4a:2f:a4:d5:ee:f4:96:f8:17:ed:53:ac:f3:72:ce:51:04:08:
         b0:b4:3a:7e:c1:2d:9e:6d:54:b4:bf:6e:18:96:78:c8:0a:1c:
         ff:3c:86:59:5a:d9:8c:a3:3a:54:6e:7e:2c:49:ed:18:00:8b:
         b3:5f:90:33:ea:4e:94:b5:d7:81:1e:96:0c:88:b2:8c:dc:0f:
         cc:0e:66:70:85:d0:16:92:ed:4c:cb:6b:14:56:54:ec:05:b7:
         96:31:1a:de:4b:78:e2:06:1f:41:42:9c:84:c6:32:6c:12:5a:
         be:4b:4e:b8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUINMu5v4BUQfxLyDVFrEzqtgK0gUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDMwMTM5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDM5MTRiYWQ4MzA4NTk3NGVjYmJjYTQ5MDNmOWI2ODcz
YzY5NzQ1ZGI0YmI3MTE1NDJjYjJmYWFlZTc5YWQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwJs1i2apnrnpERLZb4fldEx/hxFqPjKyFdqonYE1tJu+N
lMGCpg3g7aNw+mrVwx35qo/1OAhjGPqXRulf5aBKhmYHAa3l6VNLhPK05sV0s5RK
mz8zpGhPxXR4kEaidAxk/nh+y8j2KPBxDbwc2KxRGTZAUnOvH5hfD1cPmRG+fDUa
7DPJIdK39pWk/AD5tp5x1WhpTcNI4EXqF1e67X5QSjsf5di95OSpQSdWv5XGM0OM
6rw5+C0QdIqzcsySTls/kE4ZeUvYKyw5mfeDw1xqihU13gdiUU3yX1w5sooO5IAh
5guy/UKxi9vK51YV3FWyrnbPQnKxLd1LMYnmzq8RAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUY6+SAl8uMiWNX6SaBxofSxlQBgowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YxM2QxNGEyLWM3ODEtNGYxNC05N2IxLTQ0YzIzMTY3NmQyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCnYTANBgkqhkiG9w0BAQsFAAOCAQEAnGVmHxEJUeEi2+34k/GpxmogpuUs
//n4T4zkFjGwT6rTTDnCaEA6RbAsdd/V4tsLC+ByVn7EUUIbQaKNBx44RiIA5bh2
FIb5zx/jH1gRnmfGK98+OaTu0KJ4F26KdusH7wLKykY96msf/tfeDX9pGIHxuLOF
WDoOOVu+psx/9uUOLttSvyYRydSG5VzApJfNSi+k1e70lvgX7VOs83LOUQQIsLQ6
fsEtnm1UtL9uGJZ4yAoc/zyGWVrZjKM6VG5+LEntGACLs1+QM+pOlLXXgR6WDIiy
jNwPzA5mcIXQFpLtTMtrFFZU7AW3ljEa3kt44gYfQUKchMYybBJavktOuA==
-----END CERTIFICATE-----