Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4259474a-bf94-4fce-960e-600c8e86c25b.roa
File:                     4259474a-bf94-4fce-960e-600c8e86c25b.roa (raw, json)
Hash identifier:          +VS3YBciXayV4vF3Z5CYyOVJXr6Q9lvqtHpotvNc5is=
Subject key identifier:   71:B5:E8:07:DC:B9:C2:59:96:08:62:E2:1A:0B:04:22:29:2A:85:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02BAEEC6E9CF05847743AE9F4421C9472141CAC2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4259474a-bf94-4fce-960e-600c8e86c25b.roa
Signing time:             Tue 07 Oct 2025 00:21:35 +0000
ROA not before:           Tue 07 Oct 2025 00:21:35 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.102.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ba:ee:c6:e9:cf:05:84:77:43:ae:9f:44:21:c9:47:21:41:ca:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:21:35 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=457f4c742d238d02ec672322dfc6fdca5f0b5c272b35e1a5fc48ed584d0964ee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4e:1a:6b:0e:83:c2:ef:b4:81:d5:18:7c:8b:
                    b5:a9:0c:d4:09:88:56:df:6e:5c:9e:f6:91:f3:54:
                    22:7e:56:43:fd:4d:4a:c4:58:93:9e:52:55:f3:22:
                    68:ef:1b:95:5b:43:ba:a8:46:13:b3:80:b5:41:7c:
                    92:d0:0d:7e:f2:80:87:9e:aa:de:c0:e2:42:3d:1d:
                    86:a2:d1:7a:cb:b3:2a:08:89:48:6d:4d:4d:d4:66:
                    f4:ac:9d:a7:05:9c:fc:9a:5c:ac:a3:e7:f5:c1:e2:
                    cd:8e:63:3b:c6:75:82:b8:6c:3e:fa:bd:08:c3:8b:
                    c1:1d:c1:11:45:bb:2f:29:4f:0b:fb:70:48:5c:3c:
                    18:39:12:79:3b:71:1d:b8:73:29:2a:d2:76:63:45:
                    a6:74:1a:2e:81:7a:92:74:77:59:f9:6c:3a:80:2e:
                    96:95:68:9f:24:d7:29:f8:bf:f5:77:70:97:7f:0b:
                    7e:a1:8e:9b:35:83:dc:26:51:36:16:91:45:0b:59:
                    25:b0:81:9d:21:d3:b5:36:93:44:78:cb:b8:c5:68:
                    61:ea:c9:5a:8f:b7:6b:d8:10:c9:fb:93:00:c6:04:
                    75:51:0f:76:fa:70:22:87:b9:07:af:46:c2:ce:1a:
                    95:b1:cc:89:b9:9c:a4:33:ec:fe:02:2d:65:20:24:
                    20:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B5:E8:07:DC:B9:C2:59:96:08:62:E2:1A:0B:04:22:29:2A:85:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4259474a-bf94-4fce-960e-600c8e86c25b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.102.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:30:35:03:88:54:f4:36:0a:cb:64:83:24:c2:b1:6b:93:37:
         d0:07:2f:2d:e7:ad:ab:fd:d4:81:bf:0f:59:7b:5c:78:2b:aa:
         cd:85:e5:57:28:39:ef:43:0c:4c:4b:a5:a6:30:83:f5:72:c1:
         1d:4f:7b:b8:d3:0c:1e:3d:12:fc:eb:a4:48:17:ad:5c:95:b2:
         80:5b:2c:87:e2:9d:59:3c:a4:d7:fe:cc:99:41:41:a7:47:f1:
         31:8d:02:3d:af:ae:a8:a0:87:88:93:bd:0d:00:b6:2c:ca:c9:
         38:28:cb:0d:9a:99:1f:9a:ab:11:ff:23:be:3f:75:ff:fb:da:
         f4:88:ef:97:81:71:7e:df:86:80:d2:49:2d:4b:ee:11:d5:08:
         06:df:8e:a4:e9:34:c3:b0:4b:5c:84:d9:fa:36:87:be:22:32:
         8e:36:cf:aa:8b:4b:dd:b0:66:28:e9:46:97:46:ac:19:f1:ba:
         7e:9d:4e:12:11:9d:ee:64:63:f1:65:06:d2:e6:af:d7:b1:9f:
         d5:91:4b:e4:ce:ff:dc:fa:4c:a5:14:35:59:15:05:27:0a:29:
         3f:46:2a:75:18:f7:11:2c:79:d3:01:07:3b:db:8a:5e:da:c1:
         ef:c7:6f:5b:56:6d:ce:bb:da:ac:a4:fc:8e:5c:12:00:c5:4d:
         32:d9:de:fe
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUArruxunPBYR3Q66fRCHJRyFBysIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDAyMTM1WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTdmNGM3NDJkMjM4ZDAyZWM2NzIzMjJkZmM2ZmRjYTVm
MGI1YzI3MmIzNWUxYTVmYzQ4ZWQ1ODRkMDk2NGVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9ThprDoPC77SB1Rh8i7WpDNQJiFbfblye9pHzVCJ+VkP9
TUrEWJOeUlXzImjvG5VbQ7qoRhOzgLVBfJLQDX7ygIeeqt7A4kI9HYai0XrLsyoI
iUhtTU3UZvSsnacFnPyaXKyj5/XB4s2OYzvGdYK4bD76vQjDi8EdwRFFuy8pTwv7
cEhcPBg5Enk7cR24cykq0nZjRaZ0Gi6BepJ0d1n5bDqALpaVaJ8k1yn4v/V3cJd/
C36hjps1g9wmUTYWkUULWSWwgZ0h07U2k0R4y7jFaGHqyVqPt2vYEMn7kwDGBHVR
D3b6cCKHuQevRsLOGpWxzIm5nKQz7P4CLWUgJCA5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcbXoB9y5wlmWCGLiGgsEIikqhTMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyNTk0NzRhLWJmOTQtNGZjZS05NjBlLTYwMGM4ZTg2YzI1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCWZjANBgkqhkiG9w0BAQsFAAOCAQEAJzA1A4hU9DYKy2SDJMKxa5M30Acv
Leetq/3Ugb8PWXtceCuqzYXlVyg570MMTEulpjCD9XLBHU97uNMMHj0S/OukSBet
XJWygFssh+KdWTyk1/7MmUFBp0fxMY0CPa+uqKCHiJO9DQC2LMrJOCjLDZqZH5qr
Ef8jvj91//va9Ijvl4Fxft+GgNJJLUvuEdUIBt+OpOk0w7BLXITZ+jaHviIyjjbP
qotL3bBmKOlGl0asGfG6fp1OEhGd7mRj8WUG0uav17Gf1ZFL5M7/3PpMpRQ1WRUF
JwopP0YqdRj3ESx50wEHO9uKXtrB78dvW1ZtzrvarKT8jlwSAMVNMtne/g==
-----END CERTIFICATE-----