Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3aa518aa-6564-426d-96b0-6a8cafb51670.roa
File:                     3aa518aa-6564-426d-96b0-6a8cafb51670.roa (raw, json)
Hash identifier:          7hsbQvifTWiu1QbJSPTBxwv699vDTe1tHF/skq7mnxQ=
Subject key identifier:   6B:29:06:7A:84:68:96:42:7E:05:63:42:01:D7:44:B4:88:09:95:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F6F2C06F9E48C82941130B65567732E1AF2D4E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3aa518aa-6564-426d-96b0-6a8cafb51670.roa
Signing time:             Fri 17 Oct 2025 00:42:38 +0000
ROA not before:           Fri 17 Oct 2025 00:42:38 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.193.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:6f:2c:06:f9:e4:8c:82:94:11:30:b6:55:67:73:2e:1a:f2:d4:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:42:38 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=d117e958bbf32bddb69642f7ffe930c76d64ed86058d993bf8af4d361a0cdd40, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ab:89:3f:2b:d7:21:f1:c5:22:72:20:8c:de:
                    b7:4d:1f:69:1e:20:77:6b:0e:1a:9a:32:4e:b4:c7:
                    50:85:bf:1e:9e:c8:92:1c:a2:df:df:da:cf:c2:8c:
                    10:2f:97:a5:fc:be:e9:44:f4:fc:62:83:cc:5a:8b:
                    d2:1e:d6:46:29:05:b1:63:e7:66:91:c9:40:da:6f:
                    26:a3:ef:2c:42:ba:5e:d0:9d:a6:19:f4:f3:bd:1f:
                    51:f0:2e:04:e5:8d:5c:45:b4:b8:1f:d6:ba:9b:e0:
                    81:74:0e:ba:9c:2e:55:4d:5d:7b:77:cb:29:01:02:
                    9c:03:1a:cc:33:1d:3c:01:6e:85:69:cc:88:d4:d4:
                    94:98:d4:b1:7e:63:d8:b9:97:73:69:b7:9a:fd:f0:
                    47:c3:a2:9b:0e:c8:dd:10:37:36:2b:9c:cb:20:14:
                    00:d5:e6:37:1b:11:f1:02:9d:e1:fd:b7:ed:80:d7:
                    9f:9e:68:8d:0a:87:3a:97:2e:e5:ce:dc:13:76:39:
                    6b:81:f2:7c:46:df:fd:94:24:70:cb:84:07:9a:b2:
                    44:cd:65:54:31:6e:f0:31:20:28:a9:43:21:b2:8b:
                    82:d9:a2:5f:31:2a:c9:82:c7:3e:01:49:dc:50:e6:
                    32:8a:c3:df:ed:48:df:84:13:00:95:c7:51:4a:83:
                    df:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:29:06:7A:84:68:96:42:7E:05:63:42:01:D7:44:B4:88:09:95:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3aa518aa-6564-426d-96b0-6a8cafb51670.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.193.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         56:d3:dd:0a:97:2b:e0:c9:b1:43:05:b7:a7:f3:a9:9c:6b:99:
         ed:29:b9:7d:1c:d9:99:95:b2:85:05:0d:30:b3:01:f9:64:b4:
         0d:15:33:27:76:f8:01:a0:5d:51:ff:c1:36:a6:1c:36:54:f1:
         15:5e:7b:88:26:b1:05:88:e9:e4:92:fb:38:b7:38:01:db:e7:
         a3:03:59:4f:11:9b:f9:a2:65:ac:68:c5:94:ef:5a:7b:e7:87:
         e5:0e:81:89:75:45:00:29:82:f6:7a:cf:13:01:32:d0:d3:f0:
         7a:de:0a:21:ad:bd:a0:96:10:79:f7:6d:0e:31:14:4d:57:af:
         1b:3c:ec:3c:5c:32:43:46:d7:d0:d7:02:96:d0:47:a3:43:00:
         b2:f9:96:26:a4:72:c4:95:46:1e:18:b1:96:83:21:49:e7:4a:
         7e:a2:fb:66:ef:87:c5:52:07:3f:fc:1f:fc:e4:5e:a8:ca:57:
         da:55:a3:9c:12:61:5d:d3:73:50:1a:7f:40:b2:51:ef:5b:84:
         12:a9:16:14:d0:06:96:c6:33:f7:af:64:61:e0:c4:08:ec:f8:
         b5:14:6c:43:09:5d:77:0e:92:64:b0:30:e9:b3:0c:8f:5b:79:
         4f:6b:bf:b2:11:74:d3:f7:c8:77:3d:65:75:b7:5d:57:71:34:
         98:af:8b:77
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUb28sBvnkjIKUETC2VWdzLhry1OUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDA0MjM4WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTE3ZTk1OGJiZjMyYmRkYjY5NjQyZjdmZmU5MzBjNzZk
NjRlZDg2MDU4ZDk5M2JmOGFmNGQzNjFhMGNkZDQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMq4k/K9ch8cUiciCM3rdNH2keIHdrDhqaMk60x1CFvx6e
yJIcot/f2s/CjBAvl6X8vulE9Pxig8xai9Ie1kYpBbFj52aRyUDabyaj7yxCul7Q
naYZ9PO9H1HwLgTljVxFtLgf1rqb4IF0DrqcLlVNXXt3yykBApwDGswzHTwBboVp
zIjU1JSY1LF+Y9i5l3Npt5r98EfDopsOyN0QNzYrnMsgFADV5jcbEfECneH9t+2A
15+eaI0KhzqXLuXO3BN2OWuB8nxG3/2UJHDLhAeaskTNZVQxbvAxICipQyGyi4LZ
ol8xKsmCxz4BSdxQ5jKKw9/tSN+EEwCVx1FKg99LAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUaykGeoRolkJ+BWNCAddEtIgJlX8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNhYTUxOGFhLTY1NjQtNDI2ZC05NmIwLTZhOGNhZmI1MTY3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwANwTANBgkqhkiG9w0BAQsFAAOCAQEAVtPdCpcr4MmxQwW3p/OpnGuZ7Sm5
fRzZmZWyhQUNMLMB+WS0DRUzJ3b4AaBdUf/BNqYcNlTxFV57iCaxBYjp5JL7OLc4
AdvnowNZTxGb+aJlrGjFlO9ae+eH5Q6BiXVFACmC9nrPEwEy0NPwet4KIa29oJYQ
efdtDjEUTVevGzzsPFwyQ0bX0NcCltBHo0MAsvmWJqRyxJVGHhixloMhSedKfqL7
Zu+HxVIHP/wf/OReqMpX2lWjnBJhXdNzUBp/QLJR71uEEqkWFNAGlsYz969kYeDE
COz4tRRsQwlddw6SZLAw6bMMj1t5T2u/shF00/fIdz1ldbddV3E0mK+Ldw==
-----END CERTIFICATE-----