Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e0224f-add1-4750-9889-4168c3af1743.roa
File:                     22e0224f-add1-4750-9889-4168c3af1743.roa (raw, json)
Hash identifier:          ejB1NVbVWKmrOuCySlOE2p05aSWVbRgDIvTssAz9f18=
Subject key identifier:   26:BE:C5:C6:B5:9D:2D:87:9F:9F:34:25:54:7E:D4:B3:D2:A9:85:8D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1595B699B122C3F193196A2169B9F39B7B440CBC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e0224f-add1-4750-9889-4168c3af1743.roa
Signing time:             Fri 03 Oct 2025 00:01:23 +0000
ROA not before:           Fri 03 Oct 2025 00:01:23 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.153.112.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:95:b6:99:b1:22:c3:f1:93:19:6a:21:69:b9:f3:9b:7b:44:0c:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:01:23 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=e0ae996bb45255ad0c709cf9992fb8afa18bfc9c0769296364c46ad52844d2c0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:42:f0:f4:eb:37:1d:db:d7:50:f6:10:d6:cd:
                    99:b1:17:79:5a:e7:30:58:80:f0:fb:6d:f5:cb:e5:
                    0c:7d:b3:06:e0:35:f2:5b:fc:3d:ea:ad:f4:55:e5:
                    f4:6d:2d:8e:7d:ed:5a:ce:b3:1a:3b:87:84:a7:5d:
                    3c:f2:74:e7:1b:5c:a9:ea:31:a7:4c:c1:bc:3a:b6:
                    21:0e:2d:da:7f:71:1e:1a:99:27:64:75:bd:26:2f:
                    57:24:de:60:53:67:81:7c:5a:94:f8:28:82:e0:bd:
                    1f:e3:3f:4c:9b:9f:07:c7:29:6d:09:94:68:4b:39:
                    18:ac:30:6e:0c:5f:cd:9b:f0:34:12:81:16:13:a8:
                    53:eb:74:f4:9a:dc:a2:c4:f0:0c:a8:38:2b:d9:e2:
                    61:39:4f:6d:1d:e8:1e:23:21:a8:f0:b7:24:71:71:
                    59:b9:78:ae:e2:32:ee:5d:e1:4d:72:02:8e:df:2c:
                    85:10:13:74:14:a2:5a:42:ab:54:3d:0f:f1:1b:dc:
                    b7:b9:15:04:4a:72:de:d8:32:6c:5f:e7:70:15:1b:
                    28:23:7d:a9:24:a3:50:fd:23:a0:16:e3:ee:b4:cc:
                    16:e0:54:8d:eb:82:32:a7:68:11:f5:9c:5c:c0:61:
                    f5:20:16:b3:9e:e8:80:94:44:37:32:83:a3:fc:ac:
                    93:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BE:C5:C6:B5:9D:2D:87:9F:9F:34:25:54:7E:D4:B3:D2:A9:85:8D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e0224f-add1-4750-9889-4168c3af1743.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.153.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         48:e0:ee:20:e2:8b:60:12:fe:cb:42:54:56:20:7d:ab:c1:9c:
         71:95:e7:4d:4f:3b:8c:77:dc:56:76:02:f3:ae:d6:6e:da:9e:
         9a:ef:53:fb:41:f8:a6:4c:8a:95:37:85:d3:5b:c6:eb:45:11:
         f3:52:17:b8:23:c4:bb:81:0c:25:c8:6e:01:2f:25:f7:db:57:
         23:e0:c8:e1:2d:03:7a:30:91:a3:9a:b0:2f:3a:7e:bb:f4:b6:
         74:71:4a:2d:07:34:ce:8e:51:b4:52:8a:09:29:60:4d:f6:8e:
         e7:fd:6b:8f:01:3d:ae:ec:60:44:45:ac:61:4e:46:c8:86:fa:
         4b:64:28:d1:d5:09:ca:e9:5c:75:89:76:8f:af:0f:9c:45:5c:
         b0:f2:63:99:e5:48:99:bd:68:c9:35:dc:0c:f1:7a:3e:1a:b9:
         45:2b:de:f9:46:c3:b1:e5:ad:da:e6:84:b0:25:ee:31:0a:41:
         2d:1c:e8:68:27:77:92:76:23:4b:23:d1:3d:43:3d:2f:83:31:
         b8:4f:fa:4f:98:83:5b:0a:c9:7d:85:0a:8a:bc:53:96:18:55:
         57:38:29:e5:16:1c:4e:b1:99:8a:56:fe:5f:cf:d7:4b:12:ca:
         33:f6:90:9e:11:cd:0d:0a:dd:00:9b:7a:19:16:2a:5c:03:31:
         81:40:e7:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFZW2mbEiw/GTGWohabnzm3tEDLwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAwMTIzWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMGFlOTk2YmI0NTI1NWFkMGM3MDljZjk5OTJmYjhhZmEx
OGJmYzljMDc2OTI5NjM2NGM0NmFkNTI4NDRkMmMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoQvD06zcd29dQ9hDWzZmxF3la5zBYgPD7bfXL5Qx9swbg
NfJb/D3qrfRV5fRtLY597VrOsxo7h4SnXTzydOcbXKnqMadMwbw6tiEOLdp/cR4a
mSdkdb0mL1ck3mBTZ4F8WpT4KILgvR/jP0ybnwfHKW0JlGhLORisMG4MX82b8DQS
gRYTqFPrdPSa3KLE8AyoOCvZ4mE5T20d6B4jIajwtyRxcVm5eK7iMu5d4U1yAo7f
LIUQE3QUolpCq1Q9D/Eb3Le5FQRKct7YMmxf53AVGygjfakko1D9I6AW4+60zBbg
VI3rgjKnaBH1nFzAYfUgFrOe6ICURDcyg6P8rJMFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJr7FxrWdLYefnzQlVH7Us9KphY0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIyZTAyMjRmLWFkZDEtNDc1MC05ODg5LTQxNjhjM2FmMTc0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANomXAwDQYJKoZIhvcNAQELBQADggEBAEjg7iDii2AS/stCVFYgfavBnHGV
501PO4x33FZ2AvOu1m7anprvU/tB+KZMipU3hdNbxutFEfNSF7gjxLuBDCXIbgEv
JffbVyPgyOEtA3owkaOasC86frv0tnRxSi0HNM6OUbRSigkpYE32juf9a48BPa7s
YERFrGFORsiG+ktkKNHVCcrpXHWJdo+vD5xFXLDyY5nlSJm9aMk13Azxej4auUUr
3vlGw7HlrdrmhLAl7jEKQS0c6Ggnd5J2I0sj0T1DPS+DMbhP+k+Yg1sKyX2FCoq8
U5YYVVc4KeUWHE6xmYpW/l/P10sSyjP2kJ4RzQ0K3QCbehkWKlwDMYFA57Y=
-----END CERTIFICATE-----