Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24b5120f-9da8-4835-9d8b-0c7948eafa35.roa
File:                     24b5120f-9da8-4835-9d8b-0c7948eafa35.roa (raw, json)
Hash identifier:          5909miE40jyfOn8IVv0vYY7sk+R9QQT2uL06ob+6sU8=
Subject key identifier:   94:73:03:F9:DA:CD:DD:F5:92:A2:2E:99:11:FD:82:91:E8:CC:75:E9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5DC18E43B0E11CF1375051B0F861418B6785CE9F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24b5120f-9da8-4835-9d8b-0c7948eafa35.roa
Signing time:             Mon 06 Oct 2025 15:40:50 +0000
ROA not before:           Mon 06 Oct 2025 15:40:50 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.162.72.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:c1:8e:43:b0:e1:1c:f1:37:50:51:b0:f8:61:41:8b:67:85:ce:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:40:50 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=80eed41b21c3376c22f7e1b154027e470c55405ed3f77335886d8c7c82abcba5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:49:16:41:c7:1a:5a:f0:5d:d7:51:9d:6d:18:
                    f8:3e:78:d4:46:db:ba:3e:1d:6e:8b:6c:18:a0:79:
                    e3:90:d9:0b:2d:82:26:ed:45:01:af:00:fb:70:25:
                    42:4b:19:dd:d2:6c:8f:86:35:be:24:05:bd:37:aa:
                    25:6b:a0:f0:06:cd:47:20:ce:0c:e8:1c:fb:16:7b:
                    58:18:6f:e5:b8:05:3f:d3:96:a6:52:cf:97:50:52:
                    1c:8a:3b:bf:36:22:1a:ac:e3:31:b4:43:fc:9e:3e:
                    e1:3b:cd:95:d1:7e:b3:b5:eb:54:ee:fa:2c:68:6c:
                    78:c7:71:98:d7:40:5e:54:54:6e:83:d5:82:5d:3e:
                    c6:fc:7e:5d:5b:33:ab:4f:46:62:79:e7:1d:f5:5e:
                    63:bd:75:8c:b2:e3:6a:6a:5f:5a:22:f0:68:14:95:
                    d3:e6:b4:6e:62:d9:2f:79:e0:51:12:82:23:76:e8:
                    07:81:f2:00:90:03:8f:6b:bd:34:d4:78:92:d2:e6:
                    4b:4a:94:63:49:c4:f4:80:c8:f9:54:eb:f6:26:4f:
                    28:f1:05:39:36:9e:1f:73:74:97:a9:67:dd:36:cb:
                    fe:56:46:7a:66:d7:09:4d:30:6e:ae:7d:59:c3:18:
                    bc:e7:d3:ee:2c:f5:bd:69:28:44:04:64:89:41:c0:
                    e3:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:73:03:F9:DA:CD:DD:F5:92:A2:2E:99:11:FD:82:91:E8:CC:75:E9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24b5120f-9da8-4835-9d8b-0c7948eafa35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.162.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bf:24:ed:f9:cc:8d:51:25:87:42:be:1e:26:c2:98:26:2a:7d:
         69:8c:77:22:57:69:e3:a5:95:26:0f:69:40:43:54:00:43:10:
         c5:3c:3a:c4:a1:ce:cc:44:b2:d2:3d:23:77:f0:f2:08:7f:96:
         ad:87:fa:30:11:39:cc:76:8e:86:f1:08:cc:15:ef:cd:2b:07:
         48:bc:04:01:85:e3:9a:78:ce:c0:30:37:de:91:53:d8:b8:9d:
         d6:d1:a1:3a:bc:23:f3:a7:98:3e:74:47:fc:bf:6c:83:85:43:
         5c:32:25:cf:d3:3e:d9:22:00:42:d7:90:49:4d:20:5f:23:4a:
         01:9e:f9:28:6a:19:f0:de:9b:ad:04:27:ad:bb:9a:e9:49:ad:
         4c:27:5e:8a:e8:09:92:54:ea:eb:6a:8f:73:72:fe:52:46:10:
         60:3f:ec:4f:66:bc:4f:c4:c1:6d:b4:c7:0e:70:68:75:62:86:
         bf:37:ad:fb:97:11:67:1b:d9:60:01:61:14:62:d6:84:cb:c6:
         0b:55:5d:c7:9d:ae:a7:1e:af:ce:8c:ee:76:bd:54:40:b1:28:
         c2:92:18:50:51:a2:6e:c7:b8:88:00:e5:b0:78:1d:39:3a:59:
         04:c7:9a:7c:1b:16:5e:10:c0:9a:95:3b:7d:b1:19:3b:be:0c:
         58:32:6e:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXcGOQ7DhHPE3UFGw+GFBi2eFzp8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTU0MDUwWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MGVlZDQxYjIxYzMzNzZjMjJmN2UxYjE1NDAyN2U0NzBj
NTU0MDVlZDNmNzczMzU4ODZkOGM3YzgyYWJjYmE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcSRZBxxpa8F3XUZ1tGPg+eNRG27o+HW6LbBigeeOQ2Qst
gibtRQGvAPtwJUJLGd3SbI+GNb4kBb03qiVroPAGzUcgzgzoHPsWe1gYb+W4BT/T
lqZSz5dQUhyKO782Ihqs4zG0Q/yePuE7zZXRfrO161Tu+ixobHjHcZjXQF5UVG6D
1YJdPsb8fl1bM6tPRmJ55x31XmO9dYyy42pqX1oi8GgUldPmtG5i2S954FESgiN2
6AeB8gCQA49rvTTUeJLS5ktKlGNJxPSAyPlU6/YmTyjxBTk2nh9zdJepZ902y/5W
Rnpm1wlNMG6ufVnDGLzn0+4s9b1pKEQEZIlBwOMjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlHMD+drN3fWSoi6ZEf2CkejMdekwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI0YjUxMjBmLTlkYTgtNDgzNS05ZDhiLTBjNzk0OGVhZmEzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMNokgwDQYJKoZIhvcNAQELBQADggEBAL8k7fnMjVElh0K+HibCmCYqfWmM
dyJXaeOllSYPaUBDVABDEMU8OsShzsxEstI9I3fw8gh/lq2H+jAROcx2jobxCMwV
780rB0i8BAGF45p4zsAwN96RU9i4ndbRoTq8I/OnmD50R/y/bIOFQ1wyJc/TPtki
AELXkElNIF8jSgGe+ShqGfDem60EJ627mulJrUwnXoroCZJU6utqj3Ny/lJGEGA/
7E9mvE/EwW20xw5waHVihr83rfuXEWcb2WABYRRi1oTLxgtVXcedrqcer86M7na9
VECxKMKSGFBRom7HuIgA5bB4HTk6WQTHmnwbFl4QwJqVO32xGTu+DFgybrk=
-----END CERTIFICATE-----