Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/408bfdaa-b91c-4b0b-b2cc-d19587d1ff46.roa
File:                     408bfdaa-b91c-4b0b-b2cc-d19587d1ff46.roa (raw, json)
Hash identifier:          mZQvAx7c/d6beAgbSCU3KU2djl6t09mY0aT4T46mX2M=
Subject key identifier:   5A:9D:3C:67:FF:D4:1B:B3:4D:73:26:EF:C6:50:62:1D:F9:28:0F:4C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       11191A4A85EBFA7A85E97035CC31B3009E4AEAA8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/408bfdaa-b91c-4b0b-b2cc-d19587d1ff46.roa
Signing time:             Mon 06 Oct 2025 15:40:42 +0000
ROA not before:           Mon 06 Oct 2025 15:40:42 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.152.0.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:19:1a:4a:85:eb:fa:7a:85:e9:70:35:cc:31:b3:00:9e:4a:ea:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:40:42 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=31da6a5117df253459d053e5433c9678abb09d1528bcfd9edd6d7ce7aca088d6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:51:24:83:d5:1f:9d:c5:e4:70:6c:4a:2f:50:
                    94:fd:c9:6b:49:b9:02:6c:f4:42:5e:35:fc:79:b5:
                    2a:75:ce:68:ae:81:8f:db:07:8b:bf:32:fc:57:d5:
                    ef:76:08:80:d1:62:de:81:a8:81:f9:90:8f:3b:55:
                    27:7d:9a:df:10:97:d4:73:c6:30:56:c3:f1:82:4c:
                    6e:15:f0:e7:f6:6f:db:32:bd:2e:80:45:2a:dd:69:
                    10:c2:3f:59:24:a2:bc:fa:9f:e4:55:8e:ee:30:b6:
                    ce:81:ab:b1:02:82:37:c6:24:94:c6:f8:6d:59:a7:
                    b9:1c:d5:42:1e:af:21:5f:cb:87:64:de:ad:b5:b9:
                    60:52:9a:20:59:91:16:de:05:df:c3:61:7a:d6:e3:
                    e4:c5:e7:c3:2c:e1:96:e8:5f:99:0c:c0:df:15:e8:
                    15:a3:90:bb:be:c2:26:a0:89:06:a6:9e:fc:4e:af:
                    27:54:0c:0a:a6:45:d7:8d:fe:59:ab:33:0b:41:d5:
                    66:fc:1d:41:53:ef:73:61:87:8f:37:18:48:f7:7c:
                    50:1d:ef:ad:bb:05:40:a0:60:16:8a:4d:c6:71:7c:
                    db:5f:e7:0b:dc:8a:b6:cc:67:7b:0b:cb:94:fa:57:
                    22:7d:bb:1d:56:5b:f5:86:6a:e5:60:f9:6c:83:b0:
                    91:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:9D:3C:67:FF:D4:1B:B3:4D:73:26:EF:C6:50:62:1D:F9:28:0F:4C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/408bfdaa-b91c-4b0b-b2cc-d19587d1ff46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.152.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         19:6d:86:bd:70:15:68:6d:e2:9a:ac:7b:22:0e:3e:42:98:94:
         81:31:5c:0e:52:3f:e8:4c:38:31:65:b7:08:7c:6a:0a:c3:21:
         94:71:05:98:09:a8:97:ee:ed:46:10:3a:b3:88:1b:20:54:4e:
         a9:be:e9:cd:4f:f3:58:ce:3e:07:b3:d0:76:b0:17:37:dd:85:
         b4:6b:af:3c:95:4d:2d:06:02:df:17:54:0b:2c:8d:36:fb:31:
         75:36:5c:a9:cd:22:52:00:55:e6:75:7d:ed:ae:32:fe:d4:37:
         6d:e9:72:57:4d:c5:82:03:77:bd:fd:5a:9f:cf:94:6b:8a:bf:
         23:77:b9:84:dc:bb:8c:76:4a:37:c2:78:99:66:db:35:f9:07:
         72:28:d1:df:21:a7:38:4f:b3:01:c6:bc:cd:dc:81:d1:aa:dc:
         9d:84:88:a1:6f:ca:e8:3a:b2:05:42:57:48:1f:e1:e9:ea:2b:
         cf:ac:fa:10:f6:fb:0b:ec:82:d2:94:05:2f:d4:ac:1e:0d:fa:
         38:7b:88:f4:88:98:ae:21:04:48:b6:ad:da:18:11:1e:86:1f:
         c2:96:8f:da:ca:d3:5a:6a:36:64:70:48:14:f6:43:1e:49:e6:
         12:eb:d4:78:36:76:a6:f6:d8:ac:9f:86:c3:db:2b:ed:20:96:
         f9:01:97:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUERkaSoXr+nqF6XA1zDGzAJ5K6qgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTU0MDQyWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMWRhNmE1MTE3ZGYyNTM0NTlkMDUzZTU0MzNjOTY3OGFi
YjA5ZDE1MjhiY2ZkOWVkZDZkN2NlN2FjYTA4OGQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzUSSD1R+dxeRwbEovUJT9yWtJuQJs9EJeNfx5tSp1zmiu
gY/bB4u/MvxX1e92CIDRYt6BqIH5kI87VSd9mt8Ql9RzxjBWw/GCTG4V8Of2b9sy
vS6ARSrdaRDCP1kkorz6n+RVju4wts6Bq7ECgjfGJJTG+G1Zp7kc1UIeryFfy4dk
3q21uWBSmiBZkRbeBd/DYXrW4+TF58Ms4ZboX5kMwN8V6BWjkLu+wiagiQamnvxO
rydUDAqmRdeN/lmrMwtB1Wb8HUFT73Nhh483GEj3fFAd7627BUCgYBaKTcZxfNtf
5wvcirbMZ3sLy5T6VyJ9ux1WW/WGauVg+WyDsJGzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWp08Z//UG7NNcybvxlBiHfkoD0wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQwOGJmZGFhLWI5MWMtNGIwYi1iMmNjLWQxOTU4N2QxZmY0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQNmAAwDQYJKoZIhvcNAQELBQADggEBABlthr1wFWht4pqseyIOPkKYlIEx
XA5SP+hMODFltwh8agrDIZRxBZgJqJfu7UYQOrOIGyBUTqm+6c1P81jOPgez0Haw
FzfdhbRrrzyVTS0GAt8XVAssjTb7MXU2XKnNIlIAVeZ1fe2uMv7UN23pcldNxYID
d739Wp/PlGuKvyN3uYTcu4x2SjfCeJlm2zX5B3Io0d8hpzhPswHGvM3cgdGq3J2E
iKFvyug6sgVCV0gf4enqK8+s+hD2+wvsgtKUBS/UrB4N+jh7iPSImK4hBEi2rdoY
ER6GH8KWj9rK01pqNmRwSBT2Qx5J5hLr1Hg2dqb22KyfhsPbK+0glvkBl/E=
-----END CERTIFICATE-----