Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0e4d14a5-ea9d-4174-9b05-39e291c5617a.roa
File:                     0e4d14a5-ea9d-4174-9b05-39e291c5617a.roa (raw, json)
Hash identifier:          PskbmUEUrjOxkVxN45aUtZkWlg4ryEwEWnT6PfPqehE=
Subject key identifier:   23:20:B8:C8:08:BD:63:CE:B8:DE:72:10:05:80:FB:45:00:E4:48:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1953B13136A1D4A48E653B36E5D2566C81A4F301
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0e4d14a5-ea9d-4174-9b05-39e291c5617a.roa
Signing time:             Wed 01 Oct 2025 00:11:21 +0000
ROA not before:           Wed 01 Oct 2025 00:11:21 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.113.224.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:53:b1:31:36:a1:d4:a4:8e:65:3b:36:e5:d2:56:6c:81:a4:f3:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:11:21 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=fe3071775568fc8a3c1d00b34d935edf325badadbd9389e1d5bf43e7e65a66ba, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:63:51:58:92:c7:98:c0:13:6c:4b:bf:d4:55:
                    2a:82:a9:81:b3:b4:9d:7d:99:3a:72:a9:86:69:3a:
                    44:c1:01:6f:24:3f:c8:71:40:47:16:ee:77:36:2f:
                    d0:7d:63:bc:1a:4c:18:e0:f9:af:08:27:3f:40:0a:
                    fc:b2:21:b2:94:dc:b7:8f:27:45:41:db:58:66:d8:
                    ec:8c:ae:16:ca:a1:53:4a:d1:80:7b:ee:d1:6b:23:
                    97:c3:bc:da:25:6a:09:30:23:5e:34:5e:41:35:db:
                    52:5a:41:b0:be:27:f3:4c:ea:12:bf:c9:cb:2b:72:
                    40:93:d7:6c:81:87:6a:f4:aa:51:4f:71:aa:f2:a7:
                    0b:bb:ca:2f:d0:c9:e0:14:80:4e:8d:61:c0:b7:51:
                    ac:e9:a5:57:69:18:b2:68:4a:19:54:d0:14:42:3c:
                    40:f4:79:94:92:fb:e4:1d:9a:ad:03:cb:04:e5:9c:
                    3e:77:79:34:e3:e3:9d:39:f4:2d:9c:72:5e:29:77:
                    ac:3c:d8:88:8f:34:89:6a:7a:c8:a3:41:c4:a6:13:
                    2d:04:9e:03:32:22:dc:70:dc:f2:a2:80:67:3d:1e:
                    b9:34:3c:52:b7:b3:1f:90:5e:ca:3d:3f:76:27:0f:
                    fd:44:af:2c:db:60:a3:fc:c5:a5:9a:d9:cb:18:66:
                    22:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:20:B8:C8:08:BD:63:CE:B8:DE:72:10:05:80:FB:45:00:E4:48:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0e4d14a5-ea9d-4174-9b05-39e291c5617a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.113.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         bc:ae:b3:1e:22:d6:00:55:8a:43:da:56:9b:22:3e:8e:69:a2:
         a9:ae:ec:bc:bb:d2:24:c5:05:9a:05:5f:e6:44:2a:ff:5b:46:
         3a:b4:e5:e6:08:a6:ae:16:78:03:61:6f:30:90:3e:94:ef:8e:
         df:b5:e9:b9:ed:f6:26:ab:c4:e9:5b:61:86:ed:7d:f6:56:d5:
         26:50:eb:24:15:c9:16:c1:e6:51:c5:21:7a:1c:98:6f:9e:b4:
         d6:e4:6a:6a:bb:f6:c1:9b:e2:2e:e7:78:72:ef:e5:e3:e3:27:
         a5:a7:7f:b6:3a:9b:9f:4f:dc:98:cd:4b:cd:f6:21:b0:7c:53:
         bf:fd:ba:96:de:f2:8c:37:ea:a2:1c:eb:60:40:b8:58:40:e1:
         48:f8:f0:ca:a5:4e:4f:c4:67:35:0b:ca:fa:7e:39:20:ac:c8:
         fb:fc:08:1e:84:ba:2e:bc:9b:e9:2d:6f:65:f1:cd:81:47:e6:
         58:08:3b:b6:73:46:e3:e2:3e:71:e2:ba:15:10:b5:66:50:87:
         f4:dc:ee:87:b4:75:47:8f:a7:06:f7:c6:6d:69:0a:69:ce:47:
         f5:8b:4c:2b:83:a0:ac:fb:07:dc:a5:b4:b0:f2:d2:2b:c6:61:
         65:84:be:ca:af:ec:2e:3b:c0:c6:fb:bd:b6:2b:4b:b4:89:9c:
         4f:cf:96:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGVOxMTah1KSOZTs25dJWbIGk8wEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAxMTIxWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZTMwNzE3NzU1NjhmYzhhM2MxZDAwYjM0ZDkzNWVkZjMy
NWJhZGFkYmQ5Mzg5ZTFkNWJmNDNlN2U2NWE2NmJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTY1FYkseYwBNsS7/UVSqCqYGztJ19mTpyqYZpOkTBAW8k
P8hxQEcW7nc2L9B9Y7waTBjg+a8IJz9ACvyyIbKU3LePJ0VB21hm2OyMrhbKoVNK
0YB77tFrI5fDvNolagkwI140XkE121JaQbC+J/NM6hK/ycsrckCT12yBh2r0qlFP
carypwu7yi/QyeAUgE6NYcC3UazppVdpGLJoShlU0BRCPED0eZSS++Qdmq0DywTl
nD53eTTj45059C2ccl4pd6w82IiPNIlqesijQcSmEy0EngMyItxw3PKigGc9Hrk0
PFK3sx+QXso9P3YnD/1EryzbYKP8xaWa2csYZiJlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIyC4yAi9Y8643nIQBYD7RQDkSMUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBlNGQxNGE1LWVhOWQtNDE3NC05YjA1LTM5ZTI5MWM1NjE3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXYceAwDQYJKoZIhvcNAQELBQADggEBALyusx4i1gBVikPaVpsiPo5poqmu
7Ly70iTFBZoFX+ZEKv9bRjq05eYIpq4WeANhbzCQPpTvjt+16bnt9iarxOlbYYbt
ffZW1SZQ6yQVyRbB5lHFIXocmG+etNbkamq79sGb4i7neHLv5ePjJ6Wnf7Y6m59P
3JjNS832IbB8U7/9upbe8ow36qIc62BAuFhA4Uj48MqlTk/EZzULyvp+OSCsyPv8
CB6Eui68m+ktb2XxzYFH5lgIO7ZzRuPiPnHiuhUQtWZQh/Tc7oe0dUePpwb3xm1p
CmnOR/WLTCuDoKz7B9yltLDy0ivGYWWEvsqv7C47wMb7vbYrS7SJnE/Plic=
-----END CERTIFICATE-----