Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4447d57f-1c32-47e8-9850-ca8c559cea4b.roa
File:                     4447d57f-1c32-47e8-9850-ca8c559cea4b.roa (raw, json)
Hash identifier:          RUY2f8u4iXqbg1OPBVyHuV4AvUDszCQXe7e8leATiXk=
Subject key identifier:   ED:34:43:FD:4A:11:4F:CC:DC:E2:B6:FC:BF:EF:C8:69:30:A0:7F:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       16404C9FFA7ADB4699B071AE70072E2F30D02CA8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4447d57f-1c32-47e8-9850-ca8c559cea4b.roa
Signing time:             Mon 29 Sep 2025 15:02:00 +0000
ROA not before:           Mon 29 Sep 2025 15:02:00 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        128.11.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:40:4c:9f:fa:7a:db:46:99:b0:71:ae:70:07:2e:2f:30:d0:2c:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 29 15:02:00 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=5afb5e47861a5bb2c57bf2803f3b77da5b609ef1091d35ae09dc5f705c133e7a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cf:1a:9b:ed:ba:f6:7b:a7:cf:6b:20:d7:3c:
                    27:8c:1b:2e:76:15:47:aa:f1:eb:62:40:2f:4b:12:
                    9f:c4:44:67:11:87:3c:98:a6:99:bc:43:4d:11:76:
                    de:3a:09:ce:79:31:a9:63:a4:70:49:07:5e:e9:ea:
                    9b:2c:64:80:2b:83:ef:5b:87:bf:84:9b:ce:ec:5a:
                    54:5f:4b:60:a0:ae:f3:12:39:29:79:35:0f:59:2b:
                    b8:c1:12:91:a3:2d:c5:1a:9f:93:c8:7f:81:13:a3:
                    50:9e:aa:a6:a2:42:71:1b:c5:19:06:43:06:24:9b:
                    86:fe:bc:5c:81:d4:47:2c:c4:dc:89:ec:38:bd:c2:
                    ec:de:15:66:6d:05:26:81:70:e3:2e:ed:34:bb:96:
                    36:89:a1:c8:85:28:1e:1b:ec:88:3a:e7:f6:06:80:
                    24:91:03:67:2f:9e:cb:27:e8:17:2d:58:df:cd:d3:
                    af:b9:94:7b:cf:94:e8:54:62:df:2f:60:2f:4d:5a:
                    bc:57:c1:c1:8c:23:0d:df:3a:22:9e:17:dc:fe:a2:
                    7a:d9:56:de:a7:49:ea:53:20:dd:c0:1e:e8:90:ad:
                    8e:30:2e:da:73:84:1b:e9:4b:57:05:15:b9:81:b2:
                    a2:9b:c0:70:a2:5e:a0:ef:24:07:f8:03:c9:d0:bc:
                    d6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:34:43:FD:4A:11:4F:CC:DC:E2:B6:FC:BF:EF:C8:69:30:A0:7F:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4447d57f-1c32-47e8-9850-ca8c559cea4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.11.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         26:b8:90:c8:7b:c7:1b:80:a8:96:78:5c:33:08:73:f1:75:2b:
         73:1c:78:55:91:0a:ec:ae:65:e0:84:cc:06:de:3a:5b:bd:d0:
         5c:20:e9:f0:79:3a:e6:3d:de:25:d6:60:98:01:fb:e7:cf:44:
         03:b5:1e:52:87:ba:b3:db:ba:11:4a:9b:a4:3b:2d:c1:58:2a:
         21:db:9c:13:68:42:8e:c7:a7:31:c3:9d:00:5e:a1:af:9e:3b:
         d5:33:d6:67:27:87:1e:98:e4:2a:2a:49:0e:45:72:40:d9:3e:
         f3:b9:f0:aa:38:52:01:b8:c5:31:77:8a:24:5c:84:53:a1:6e:
         78:a7:10:64:c0:60:64:a9:fb:7b:9e:58:27:35:f4:12:5f:e4:
         ce:9d:53:f5:21:de:a5:66:8f:60:90:dc:d7:69:9c:d8:e2:22:
         22:0b:87:7c:dc:1c:57:d1:14:aa:a9:cf:b9:dc:25:2c:97:71:
         de:eb:ca:ee:3c:5e:e7:25:c1:29:6c:22:d0:e1:ee:bf:01:58:
         7d:7a:b1:6f:b9:10:ac:ea:a4:54:df:25:6c:6d:9c:d0:60:9c:
         44:5f:29:92:c8:88:fd:cf:c4:eb:df:42:3b:1f:73:0e:68:c8:
         f2:a1:d2:ab:3c:4d:1e:84:97:2e:b1:30:8d:cb:c1:2c:98:35:
         83:4e:4d:68
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFkBMn/p620aZsHGucAcuLzDQLKgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI5MTUwMjAwWhcNMjUxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YWZiNWU0Nzg2MWE1YmIyYzU3YmYyODAzZjNiNzdkYTVi
NjA5ZWYxMDkxZDM1YWUwOWRjNWY3MDVjMTMzZTdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCszxqb7br2e6fPayDXPCeMGy52FUeq8etiQC9LEp/ERGcR
hzyYppm8Q00Rdt46Cc55MaljpHBJB17p6pssZIArg+9bh7+Em87sWlRfS2CgrvMS
OSl5NQ9ZK7jBEpGjLcUan5PIf4ETo1CeqqaiQnEbxRkGQwYkm4b+vFyB1EcsxNyJ
7Di9wuzeFWZtBSaBcOMu7TS7ljaJociFKB4b7Ig65/YGgCSRA2cvnssn6BctWN/N
06+5lHvPlOhUYt8vYC9NWrxXwcGMIw3fOiKeF9z+onrZVt6nSepTIN3AHuiQrY4w
LtpzhBvpS1cFFbmBsqKbwHCiXqDvJAf4A8nQvNb3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7TRD/UoRT8zc4rb8v+/IaTCgf5gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ0NDdkNTdmLTFjMzItNDdlOC05ODUwLWNhOGM1NTljZWE0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCACzANBgkqhkiG9w0BAQsFAAOCAQEAJriQyHvHG4ColnhcMwhz8XUrcxx4
VZEK7K5l4ITMBt46W73QXCDp8Hk65j3eJdZgmAH7589EA7UeUoe6s9u6EUqbpDst
wVgqIducE2hCjsenMcOdAF6hr5471TPWZyeHHpjkKipJDkVyQNk+87nwqjhSAbjF
MXeKJFyEU6FueKcQZMBgZKn7e55YJzX0El/kzp1T9SHepWaPYJDc12mc2OIiIguH
fNwcV9EUqqnPudwlLJdx3uvK7jxe5yXBKWwi0OHuvwFYfXqxb7kQrOqkVN8lbG2c
0GCcRF8pksiI/c/E699COx9zDmjI8qHSqzxNHoSXLrEwjcvBLJg1g05NaA==
-----END CERTIFICATE-----