Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1500b9fd-4529-4cd4-8362-2f8b99b9d9aa.roa
File:                     1500b9fd-4529-4cd4-8362-2f8b99b9d9aa.roa (raw, json)
Hash identifier:          2V6e/qXei4z7u2nWoReLeT7gT/ERDB1CIBYot1BMBrg=
Subject key identifier:   E5:51:64:80:A8:D6:63:07:08:21:80:2D:E4:6E:EC:F2:C7:B0:57:D4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       161F20AE98F15B7C9BD8693195BA4658739F32C9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1500b9fd-4529-4cd4-8362-2f8b99b9d9aa.roa
Signing time:             Wed 01 Oct 2025 00:02:23 +0000
ROA not before:           Wed 01 Oct 2025 00:02:23 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.191.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:1f:20:ae:98:f1:5b:7c:9b:d8:69:31:95:ba:46:58:73:9f:32:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:02:23 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=9dc61864f38a0e2e1e3e8e8365ad30e3538436b9a88c4cb79d3831e4970a1dee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:20:d8:d5:e8:09:b0:1f:cc:f5:e6:bc:9b:56:
                    c1:c7:d3:6d:7e:08:0b:90:f8:93:84:04:37:f3:de:
                    fd:75:16:47:a8:f5:b4:17:65:96:a8:44:9f:44:cd:
                    6c:21:de:a4:04:57:a8:03:9d:81:74:01:6c:8b:59:
                    bc:41:29:59:6e:e5:2c:9c:36:d7:68:2d:f8:a7:69:
                    0e:4d:f5:05:ba:5c:0e:b3:ac:46:f7:46:75:31:95:
                    ed:f4:07:40:21:94:6f:1d:15:64:8a:bc:ac:ad:c5:
                    b6:21:1a:d4:45:9a:dc:1a:4f:a7:d5:4d:23:69:59:
                    d2:c6:06:3d:eb:b7:1d:44:b1:1a:aa:8b:5e:bb:8e:
                    a1:2f:db:1c:c8:3d:5f:c6:46:19:af:19:f4:9f:c3:
                    d7:58:80:9f:9a:e4:73:de:2b:d2:1e:ed:4a:0d:c0:
                    33:ad:e8:e2:5b:74:69:79:9b:66:a4:9b:26:95:d5:
                    7c:f1:36:cb:70:dd:d5:8f:50:52:da:7a:14:ad:ab:
                    fa:d4:79:d6:25:39:d6:08:ab:b6:86:65:7d:a8:ce:
                    b4:f4:f3:71:58:91:da:04:c2:ee:be:f7:6c:e1:b8:
                    cf:2a:2b:5c:40:da:4e:f1:b9:09:51:8a:d7:9e:3a:
                    7c:c6:d8:32:db:37:db:eb:e9:a3:8c:4c:13:73:7c:
                    9e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:51:64:80:A8:D6:63:07:08:21:80:2D:E4:6E:EC:F2:C7:B0:57:D4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1500b9fd-4529-4cd4-8362-2f8b99b9d9aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.191.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5a:3b:bf:e2:52:5a:7d:ee:59:12:64:0a:52:12:51:3c:54:75:
         d5:78:db:00:a2:5b:6d:36:f8:6e:be:21:66:2c:fb:e4:80:d2:
         12:00:ba:dd:ef:f8:92:95:e4:ca:a4:63:30:3f:f4:bb:94:11:
         9b:78:21:8b:1b:d4:5c:cd:f3:4b:86:d2:ca:69:a1:25:5a:23:
         2d:34:68:0e:56:e5:ba:99:74:13:41:0e:48:f6:90:7d:04:27:
         18:e8:d9:97:0c:c4:e3:5e:56:df:23:51:36:1f:35:20:ce:16:
         a6:b0:ad:6a:00:51:33:0c:40:73:c5:55:f2:a4:d2:55:86:55:
         5e:43:13:64:7f:9b:cc:2b:32:2e:37:02:41:6e:86:05:d4:d4:
         0c:19:e7:d7:99:bf:22:30:0c:0c:13:fd:20:53:e5:ca:00:6a:
         ad:6a:4a:e8:6d:06:c2:0e:94:de:65:a7:9a:b1:11:d1:4b:6a:
         23:8b:24:c0:63:b2:8d:7c:6c:ce:62:0e:a1:2e:46:8c:d7:ea:
         51:21:b3:29:5e:9b:42:7d:8b:fd:cc:d3:d0:ae:2d:ea:7d:b3:
         89:3e:fd:9b:e7:8a:a7:86:d1:1a:1c:92:9a:a1:b7:9e:a4:d8:
         eb:8a:66:36:60:34:0b:a3:d5:a9:89:fe:ad:d7:03:6a:77:77:
         70:d4:ca:d5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFh8grpjxW3yb2GkxlbpGWHOfMskwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMjIzWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZGM2MTg2NGYzOGEwZTJlMWUzZThlODM2NWFkMzBlMzUz
ODQzNmI5YTg4YzRjYjc5ZDM4MzFlNDk3MGExZGVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyINjV6AmwH8z15rybVsHH021+CAuQ+JOEBDfz3v11Fkeo
9bQXZZaoRJ9EzWwh3qQEV6gDnYF0AWyLWbxBKVlu5SycNtdoLfinaQ5N9QW6XA6z
rEb3RnUxle30B0AhlG8dFWSKvKytxbYhGtRFmtwaT6fVTSNpWdLGBj3rtx1EsRqq
i167jqEv2xzIPV/GRhmvGfSfw9dYgJ+a5HPeK9Ie7UoNwDOt6OJbdGl5m2akmyaV
1XzxNstw3dWPUFLaehStq/rUedYlOdYIq7aGZX2ozrT083FYkdoEwu6+92zhuM8q
K1xA2k7xuQlRiteeOnzG2DLbN9vr6aOMTBNzfJ5rAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5VFkgKjWYwcIIYAt5G7s8sewV9QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1MDBiOWZkLTQ1MjktNGNkNC04MzYyLTJmOGI5OWI5ZDlhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCPvzANBgkqhkiG9w0BAQsFAAOCAQEAWju/4lJafe5ZEmQKUhJRPFR11Xjb
AKJbbTb4br4hZiz75IDSEgC63e/4kpXkyqRjMD/0u5QRm3ghixvUXM3zS4bSymmh
JVojLTRoDlblupl0E0EOSPaQfQQnGOjZlwzE415W3yNRNh81IM4WprCtagBRMwxA
c8VV8qTSVYZVXkMTZH+bzCsyLjcCQW6GBdTUDBnn15m/IjAMDBP9IFPlygBqrWpK
6G0Gwg6U3mWnmrER0UtqI4skwGOyjXxszmIOoS5GjNfqUSGzKV6bQn2L/czT0K4t
6n2ziT79m+eKp4bRGhySmqG3nqTY64pmNmA0C6PVqYn+rdcDand3cNTK1Q==
-----END CERTIFICATE-----