Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/39987a4f-c632-4bdd-8f12-5e92d4db3be2.roa
File:                     39987a4f-c632-4bdd-8f12-5e92d4db3be2.roa (raw, json)
Hash identifier:          W4SK/4SD9ODsMkb0YQycSI8LyZ3RjyLiX6Vlfq3S2cI=
Subject key identifier:   9D:3F:40:3F:84:BE:69:62:D8:7D:AE:C9:35:CA:72:7B:AA:94:2C:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6FD72A28C1E72F67834163A18B806AF3FDF226F3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/39987a4f-c632-4bdd-8f12-5e92d4db3be2.roa
Signing time:             Fri 17 Oct 2025 00:21:14 +0000
ROA not before:           Fri 17 Oct 2025 00:21:14 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.21.200.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:d7:2a:28:c1:e7:2f:67:83:41:63:a1:8b:80:6a:f3:fd:f2:26:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:21:14 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=5c393671b07fff05dba1dac6c5065f1629f833bfac57fe39a8569953cb52040d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:4b:f7:72:72:e3:c9:db:55:a1:f3:4c:69:15:
                    cb:f3:16:53:63:af:63:95:8c:f3:33:a2:df:a5:22:
                    f0:d5:b2:19:07:91:32:fd:f2:f4:8b:bb:dc:c6:c9:
                    0a:3d:5d:94:c1:e6:06:92:a9:0e:b0:e1:39:22:14:
                    8b:53:07:ed:f2:0f:8e:e5:23:ab:f7:bc:44:17:14:
                    6a:16:ea:12:d3:2b:b2:01:5d:0d:47:1b:c8:c0:36:
                    f7:b0:e6:36:bb:cd:00:95:3f:04:b9:d3:57:df:43:
                    49:2c:74:5d:d0:75:49:48:a3:d6:83:12:cf:c8:5f:
                    96:05:6b:1d:0e:80:66:d8:bf:7d:cf:01:79:d0:37:
                    a2:af:bd:68:58:c0:9b:35:2b:a4:8c:fb:cd:14:30:
                    7c:9d:ab:42:40:6f:98:9d:ae:ac:f8:51:65:e9:7c:
                    9b:eb:15:82:38:18:cb:87:3b:92:1e:6d:5d:46:aa:
                    48:c8:e0:97:20:af:fe:79:88:62:f8:6d:cb:95:e2:
                    5f:75:21:43:bc:c6:ef:28:03:b6:eb:d0:e8:1e:98:
                    7a:57:ea:a8:8a:5e:fd:66:e6:3e:b2:a5:71:e4:b1:
                    f0:48:1f:a1:d6:f4:6e:e7:f3:9d:06:cd:77:6d:65:
                    8c:dd:c7:e9:b6:b6:e7:0c:a5:e7:3e:74:29:19:35:
                    c2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3F:40:3F:84:BE:69:62:D8:7D:AE:C9:35:CA:72:7B:AA:94:2C:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/39987a4f-c632-4bdd-8f12-5e92d4db3be2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         93:aa:30:37:72:28:99:ca:85:aa:b8:9a:c8:5a:33:fd:15:39:
         70:2c:9e:95:56:95:84:f3:2a:a3:61:7a:d2:1d:ad:0a:fe:24:
         ad:bb:e2:30:b6:82:dc:a5:f0:62:66:09:cd:a9:0e:c3:22:15:
         72:fd:59:c0:4a:47:45:06:06:6e:fe:38:90:ab:12:49:20:3b:
         49:d7:84:ea:a1:ee:67:7a:1f:d3:7a:d6:a0:68:e1:19:c7:84:
         bd:10:24:d7:9d:f1:64:28:66:7a:dd:34:b9:86:fd:a1:75:21:
         07:5b:82:fd:7f:c8:88:d5:9b:1c:c5:bd:53:c2:91:4f:c4:46:
         f1:ce:cc:0a:6e:6c:00:56:ee:79:40:e9:92:57:e1:23:e7:d1:
         d1:26:5a:ac:61:d0:f2:ab:b8:e8:7a:7e:88:1a:d2:ad:20:80:
         d1:38:5c:6d:fb:f2:71:12:04:87:4c:f4:ca:97:65:fd:b4:0e:
         f4:82:ff:0b:22:b2:4f:0a:c4:d5:db:9a:48:50:6a:55:f6:dc:
         82:35:05:c2:89:6a:03:3c:70:bb:7e:af:8e:48:a7:14:9e:80:
         51:e4:4c:e9:39:eb:99:57:8a:2f:81:41:f5:15:f6:a1:5d:52:
         41:62:3a:2c:cd:ba:e8:e3:56:98:ff:16:c5:3d:80:f7:3c:40:
         b9:8e:dc:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb9cqKMHnL2eDQWOhi4Bq8/3yJvMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDAyMTE0WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzM5MzY3MWIwN2ZmZjA1ZGJhMWRhYzZjNTA2NWYxNjI5
ZjgzM2JmYWM1N2ZlMzlhODU2OTk1M2NiNTIwNDBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlS/dycuPJ21Wh80xpFcvzFlNjr2OVjPMzot+lIvDVshkH
kTL98vSLu9zGyQo9XZTB5gaSqQ6w4TkiFItTB+3yD47lI6v3vEQXFGoW6hLTK7IB
XQ1HG8jANvew5ja7zQCVPwS501ffQ0ksdF3QdUlIo9aDEs/IX5YFax0OgGbYv33P
AXnQN6KvvWhYwJs1K6SM+80UMHydq0JAb5idrqz4UWXpfJvrFYI4GMuHO5IebV1G
qkjI4Jcgr/55iGL4bcuV4l91IUO8xu8oA7br0OgemHpX6qiKXv1m5j6ypXHksfBI
H6HW9G7n850GzXdtZYzdx+m2tucMpec+dCkZNcLbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnT9AP4S+aWLYfa7JNcpye6qULFgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM5OTg3YTRmLWM2MzItNGJkZC04ZjEyLTVlOTJkNGRiM2JlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANrFcgwDQYJKoZIhvcNAQELBQADggEBAJOqMDdyKJnKhaq4mshaM/0VOXAs
npVWlYTzKqNhetIdrQr+JK274jC2gtyl8GJmCc2pDsMiFXL9WcBKR0UGBm7+OJCr
EkkgO0nXhOqh7md6H9N61qBo4RnHhL0QJNed8WQoZnrdNLmG/aF1IQdbgv1/yIjV
mxzFvVPCkU/ERvHOzApubABW7nlA6ZJX4SPn0dEmWqxh0PKruOh6foga0q0ggNE4
XG378nESBIdM9MqXZf20DvSC/wsisk8KxNXbmkhQalX23II1BcKJagM8cLt+r45I
pxSegFHkTOk565lXii+BQfUV9qFdUkFiOizNuujjVpj/FsU9gPc8QLmO3L4=
-----END CERTIFICATE-----