Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38e5c8f2-c974-43b5-8f46-5ca289b283ae.roa
File:                     38e5c8f2-c974-43b5-8f46-5ca289b283ae.roa (raw, json)
Hash identifier:          9xkSLexxvuMkUlja0sjpsWB2VFFtoDEEesGHfn0t+QI=
Subject key identifier:   B1:51:16:11:59:AC:7D:5C:23:7C:91:20:4F:5A:F7:8A:F2:94:70:40
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       25751704AEF4F9426CA09CC9412D5CA25BD881C3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38e5c8f2-c974-43b5-8f46-5ca289b283ae.roa
Signing time:             Mon 13 Oct 2025 15:51:11 +0000
ROA not before:           Mon 13 Oct 2025 15:51:11 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.91.15.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:75:17:04:ae:f4:f9:42:6c:a0:9c:c9:41:2d:5c:a2:5b:d8:81:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 13 15:51:11 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=44a56ca8e15a65291bb98e2a101473965603dba1635f5eec845fa5c3ddee1234, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:77:53:03:2a:2a:c9:77:c4:0a:87:2f:33:4b:
                    e1:35:93:fc:e5:d4:60:e3:4f:02:85:eb:ce:1a:b2:
                    9e:1e:59:74:cb:97:54:93:69:4a:59:0f:71:6c:50:
                    66:6c:49:cf:81:a3:4d:1b:05:65:4f:38:08:c5:07:
                    24:c4:79:95:70:7e:63:fe:2a:7b:98:f6:84:8e:fb:
                    49:5d:0c:b6:d9:8d:01:99:c9:95:a2:3f:19:ee:50:
                    c0:e0:20:8a:15:f3:93:87:50:6a:a8:15:db:ef:02:
                    fd:40:04:a8:08:82:0b:00:67:41:34:8a:19:63:a3:
                    0d:77:55:04:62:5b:a2:6f:b3:7c:eb:70:e2:46:b3:
                    a3:c2:bc:18:aa:1e:dc:f5:3a:57:56:b7:57:41:e6:
                    3d:aa:e5:12:05:ec:dd:63:86:a3:07:4b:da:b4:24:
                    1b:83:d3:83:bc:b3:48:e9:8d:9f:6f:e3:89:83:4c:
                    72:de:5a:4b:fa:0b:c1:60:08:41:87:ca:78:58:ea:
                    f8:68:5a:be:ef:4f:4a:a1:11:57:eb:d0:4b:1b:0c:
                    fb:d2:f4:77:28:5b:4f:02:6e:33:18:ed:16:49:93:
                    89:cf:e7:25:20:02:8e:41:b7:8c:2e:ef:f4:36:fb:
                    8e:a9:33:80:94:b7:c9:69:a9:f3:67:1d:8d:c8:e8:
                    63:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:51:16:11:59:AC:7D:5C:23:7C:91:20:4F:5A:F7:8A:F2:94:70:40
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38e5c8f2-c974-43b5-8f46-5ca289b283ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.91.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:7f:47:41:6b:97:e7:89:e8:a9:99:9e:6c:a6:16:b6:f2:2f:
         ac:31:d8:0c:b7:df:2e:6f:a6:cc:02:94:e7:ec:de:c1:ae:9a:
         68:93:40:a6:38:ea:27:5f:71:fc:be:90:f7:59:18:bc:c9:d6:
         2d:4c:2d:17:4b:68:05:38:43:8d:b2:e0:87:e4:c4:30:95:2f:
         4a:04:ed:89:51:a8:3b:cf:68:fb:75:41:78:71:31:9f:83:72:
         df:2a:c5:b9:4b:41:97:51:8e:81:87:cc:90:bb:96:17:7d:f8:
         68:f1:05:a0:55:d3:31:17:bd:04:38:82:2f:be:0c:ed:c9:ac:
         6b:68:24:6c:a5:74:2e:e1:56:5a:09:c6:45:de:6c:e9:4f:ce:
         24:65:8e:cf:20:23:af:f0:73:4c:d2:ec:e2:46:bc:53:35:03:
         61:31:ce:9a:9b:f4:1d:c2:02:75:6c:99:38:ad:d6:36:e4:aa:
         5b:7b:54:34:4e:a3:b4:2b:53:31:ef:cb:55:02:43:d6:5b:be:
         75:1f:c3:4e:f8:2b:01:f7:a3:0c:4e:4b:24:ad:a1:40:be:13:
         76:50:d4:14:ce:06:89:41:86:b2:6c:a7:96:a1:82:6c:40:4f:
         01:34:14:41:b3:0c:96:10:88:a6:aa:47:8b:62:c3:8b:85:19:
         47:e6:24:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJXUXBK70+UJsoJzJQS1colvYgcMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEzMTU1MTExWhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NGE1NmNhOGUxNWE2NTI5MWJiOThlMmExMDE0NzM5NjU2
MDNkYmExNjM1ZjVlZWM4NDVmYTVjM2RkZWUxMjM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvd1MDKirJd8QKhy8zS+E1k/zl1GDjTwKF684asp4eWXTL
l1STaUpZD3FsUGZsSc+Bo00bBWVPOAjFByTEeZVwfmP+KnuY9oSO+0ldDLbZjQGZ
yZWiPxnuUMDgIIoV85OHUGqoFdvvAv1ABKgIggsAZ0E0ihljow13VQRiW6Jvs3zr
cOJGs6PCvBiqHtz1OldWt1dB5j2q5RIF7N1jhqMHS9q0JBuD04O8s0jpjZ9v44mD
THLeWkv6C8FgCEGHynhY6vhoWr7vT0qhEVfr0EsbDPvS9HcoW08CbjMY7RZJk4nP
5yUgAo5Bt4wu7/Q2+46pM4CUt8lpqfNnHY3I6GNXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsVEWEVmsfVwjfJEgT1r3ivKUcEAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4ZTVjOGYyLWM5NzQtNDNiNS04ZjQ2LTVjYTI4OWIyODNhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXWw8wDQYJKoZIhvcNAQELBQADggEBAAx/R0Frl+eJ6KmZnmymFrbyL6wx
2Ay33y5vpswClOfs3sGummiTQKY46idfcfy+kPdZGLzJ1i1MLRdLaAU4Q42y4Ifk
xDCVL0oE7YlRqDvPaPt1QXhxMZ+Dct8qxblLQZdRjoGHzJC7lhd9+GjxBaBV0zEX
vQQ4gi++DO3JrGtoJGyldC7hVloJxkXebOlPziRljs8gI6/wc0zS7OJGvFM1A2Ex
zpqb9B3CAnVsmTit1jbkqlt7VDROo7QrUzHvy1UCQ9ZbvnUfw074KwH3owxOSySt
oUC+E3ZQ1BTOBolBhrJsp5ahgmxATwE0FEGzDJYQiKaqR4tiw4uFGUfmJCE=
-----END CERTIFICATE-----