Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01aaad2b-8349-48b0-beda-23e6cb0363d7.roa
File:                     01aaad2b-8349-48b0-beda-23e6cb0363d7.roa (raw, json)
Hash identifier:          5UOg1g3gI9jnQp0fGhy072KIbXtk1BGeG/Hn30HrmtI=
Subject key identifier:   77:BA:4C:8D:AF:13:1E:72:8F:AF:35:49:72:CE:60:71:72:B2:A4:E5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FBEFAF3AE0BD375DE44918A1BD5DCCB800C14A6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01aaad2b-8349-48b0-beda-23e6cb0363d7.roa
Signing time:             Sat 11 Oct 2025 00:38:39 +0000
ROA not before:           Sat 11 Oct 2025 00:38:39 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.230.92.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:be:fa:f3:ae:0b:d3:75:de:44:91:8a:1b:d5:dc:cb:80:0c:14:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:38:39 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=e06fd14c3846c564aac24eefbbfad131ed7379692001e26c42f8973c9cf729bc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8c:57:41:1a:89:52:65:00:18:6e:13:37:1b:
                    1c:17:ad:ea:13:81:f7:62:b7:31:02:68:3d:0f:48:
                    b4:61:08:37:0d:b3:7d:e3:94:ac:ee:4a:4a:68:3e:
                    84:ce:c0:c5:bc:5d:a4:66:be:7c:6f:c5:6a:12:86:
                    6a:cd:44:5b:74:3f:77:88:90:54:8b:3a:17:6d:5a:
                    ea:21:30:3f:9c:d8:7c:95:8a:c9:8d:58:21:1c:ca:
                    1f:49:b3:73:72:28:cd:76:c6:c2:36:2d:7f:f1:21:
                    05:be:b0:91:ed:0c:04:36:ad:b8:2a:73:1d:a6:4d:
                    ea:da:24:aa:a1:78:d4:55:8c:70:5f:6d:49:62:e7:
                    c3:80:75:83:75:9c:da:e2:28:f0:69:8b:4a:db:e6:
                    79:8e:f4:2c:93:1a:05:de:ac:0b:b4:26:b7:e5:1b:
                    83:e0:e4:e7:59:ac:39:f7:bf:60:6e:25:93:7c:42:
                    06:79:34:86:6f:bf:6c:7b:4d:68:c0:57:15:1a:1e:
                    d6:1e:bb:bb:49:9e:3f:c3:4c:11:01:98:d7:c4:9d:
                    ba:ce:c8:9b:77:45:8e:74:7b:23:d8:e4:ed:e0:68:
                    10:71:10:89:9a:e6:a8:01:df:3f:b2:f0:9d:c2:f1:
                    9f:0d:82:c6:b2:7a:23:ac:ea:4d:f4:e8:62:c2:18:
                    b3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:BA:4C:8D:AF:13:1E:72:8F:AF:35:49:72:CE:60:71:72:B2:A4:E5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01aaad2b-8349-48b0-beda-23e6cb0363d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.230.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:14:03:ca:4a:39:1f:68:62:c5:00:46:5c:7b:40:5a:92:72:
         86:b0:47:ab:61:01:95:9e:9d:39:8f:81:ea:fb:91:35:fd:cd:
         74:27:e8:a1:51:a9:9c:f6:57:0c:5b:3b:97:ac:1b:9a:79:ae:
         75:f7:af:fe:1e:a3:90:5d:7d:96:b5:97:9d:e6:fa:be:4f:57:
         d2:6f:72:89:02:80:60:9f:41:74:37:8a:91:de:eb:02:fd:b4:
         b7:ff:31:c9:4b:fc:39:91:b2:85:61:7d:4c:93:92:6e:30:71:
         4e:01:b2:f0:80:f8:85:42:1c:80:8c:13:90:48:dd:1d:24:04:
         b2:8f:b9:a2:8c:d4:8c:ee:c8:60:bd:43:cf:a9:9c:b8:89:75:
         fa:04:49:73:11:17:f3:ff:de:ee:8a:75:40:5b:51:6b:7e:b2:
         f0:37:1e:0b:97:9a:e3:60:e1:33:ea:62:f3:4b:07:97:a2:4a:
         d0:76:c9:2c:e5:97:1a:b0:dc:ba:7c:7b:e7:59:60:b6:08:c9:
         31:25:a8:a4:a5:3c:89:be:82:ef:14:86:31:ed:b2:7c:0d:37:
         d5:57:41:65:7f:50:62:ee:c6:d6:dd:8e:7c:9e:f3:9b:a4:a4:
         4c:e8:ca:10:62:89:21:24:1e:cb:23:8f:aa:3c:1a:82:98:1a:
         8e:77:b2:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP776864L03XeRJGKG9Xcy4AMFKYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAzODM5WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMDZmZDE0YzM4NDZjNTY0YWFjMjRlZWZiYmZhZDEzMWVk
NzM3OTY5MjAwMWUyNmM0MmY4OTczYzljZjcyOWJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZjFdBGolSZQAYbhM3GxwXreoTgfditzECaD0PSLRhCDcN
s33jlKzuSkpoPoTOwMW8XaRmvnxvxWoShmrNRFt0P3eIkFSLOhdtWuohMD+c2HyV
ismNWCEcyh9Js3NyKM12xsI2LX/xIQW+sJHtDAQ2rbgqcx2mTeraJKqheNRVjHBf
bUli58OAdYN1nNriKPBpi0rb5nmO9CyTGgXerAu0JrflG4Pg5OdZrDn3v2BuJZN8
QgZ5NIZvv2x7TWjAVxUaHtYeu7tJnj/DTBEBmNfEnbrOyJt3RY50eyPY5O3gaBBx
EIma5qgB3z+y8J3C8Z8NgsayeiOs6k306GLCGLNlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUd7pMja8THnKPrzVJcs5gcXKypOUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAxYWFhZDJiLTgzNDktNDhiMC1iZWRhLTIzZTZjYjAzNjNkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADY5lwwDQYJKoZIhvcNAQELBQADggEBADEUA8pKOR9oYsUARlx7QFqScoaw
R6thAZWenTmPger7kTX9zXQn6KFRqZz2VwxbO5esG5p5rnX3r/4eo5BdfZa1l53m
+r5PV9JvcokCgGCfQXQ3ipHe6wL9tLf/MclL/DmRsoVhfUyTkm4wcU4BsvCA+IVC
HICME5BI3R0kBLKPuaKM1IzuyGC9Q8+pnLiJdfoESXMRF/P/3u6KdUBbUWt+svA3
HguXmuNg4TPqYvNLB5eiStB2ySzllxqw3Lp8e+dZYLYIyTElqKSlPIm+gu8UhjHt
snwNN9VXQWV/UGLuxtbdjnye85ukpEzoyhBiiSEkHssjj6o8GoKYGo53siU=
-----END CERTIFICATE-----