Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a3b8fad-9258-46d6-b69b-f0193aa2914e.roa
File:                     4a3b8fad-9258-46d6-b69b-f0193aa2914e.roa (raw, json)
Hash identifier:          Q7pphswHA6WkX/KtiFCEWyWch0zne16EvsZVb0dGZVo=
Subject key identifier:   40:DA:73:1C:94:70:11:83:C1:36:44:13:77:74:5F:02:A4:51:84:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       229617559ED01BA07582F77B2ECCF9F5D59B2DB6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a3b8fad-9258-46d6-b69b-f0193aa2914e.roa
Signing time:             Wed 08 Oct 2025 00:01:17 +0000
ROA not before:           Wed 08 Oct 2025 00:01:17 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        157.52.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:96:17:55:9e:d0:1b:a0:75:82:f7:7b:2e:cc:f9:f5:d5:9b:2d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:01:17 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=df3385a4a17af8773a1e7ce7e26128e112561460de6ac651e91836c47ae3d9c9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:52:18:b1:f1:02:c7:c6:68:85:97:c5:ef:0e:
                    23:22:4c:60:68:04:72:a0:83:6b:52:db:10:b9:4c:
                    27:d5:02:4c:98:45:29:3e:c5:f1:e0:6e:a8:3f:d3:
                    c6:6d:9a:96:6b:a0:83:a7:e5:dd:98:a4:96:4f:89:
                    e3:59:8e:fc:39:1d:94:a9:e4:be:52:d0:66:bd:7d:
                    5d:da:89:fa:c2:98:c8:a0:0d:04:83:dd:c1:eb:ec:
                    21:49:a2:c6:28:69:b4:dd:88:52:e7:2d:1e:7f:f5:
                    72:39:8d:51:26:71:5b:08:dc:51:b2:2a:20:e0:7a:
                    03:94:35:75:b6:cc:ec:fa:6d:2f:b7:ff:45:f4:b2:
                    d0:38:f9:f9:3a:8d:f4:7d:47:c6:15:37:6b:56:f8:
                    ba:ef:9d:66:a4:1b:b1:c7:87:8b:11:12:ca:8c:81:
                    6f:fe:8d:63:c0:1e:10:bf:fd:99:4a:ef:e2:5d:6e:
                    2e:8f:c0:ea:e5:0b:a3:42:d4:3b:ce:c5:3e:94:24:
                    25:8b:f5:4d:08:73:8e:f6:e5:fd:17:9b:24:73:4a:
                    60:fe:ea:32:78:e0:2a:5a:72:fc:72:99:a8:de:5f:
                    c0:7b:06:ab:39:a9:f6:63:62:ad:c1:2d:c7:66:b1:
                    ff:70:01:a0:a9:85:96:bd:47:5e:9c:d8:b5:5e:19:
                    5b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:DA:73:1C:94:70:11:83:C1:36:44:13:77:74:5F:02:A4:51:84:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a3b8fad-9258-46d6-b69b-f0193aa2914e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.52.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         68:81:45:eb:c2:84:b9:e2:1a:a0:aa:46:32:67:85:4c:d3:20:
         72:a6:07:99:ca:fa:59:e1:ab:4a:92:c6:e2:02:c7:84:68:3f:
         8a:f0:06:49:e1:25:c6:d0:c7:31:79:01:68:69:31:2d:ea:ef:
         11:d4:a1:8a:e5:16:65:d3:29:8e:f3:a5:ab:43:ac:3f:5e:fb:
         a8:7c:e1:c4:f6:df:00:05:96:d2:81:0b:d3:01:94:60:03:8e:
         40:44:de:d3:6b:69:9f:1e:20:2e:77:bb:8a:3f:7a:6a:8d:e6:
         13:d5:ad:e1:72:c3:50:10:d0:b1:78:e9:66:fe:de:8b:9d:91:
         be:76:75:37:58:35:9d:99:5d:37:54:1c:04:b1:99:fd:a4:ca:
         1a:84:0b:d7:ab:22:f4:b9:66:57:61:1b:7d:12:b7:a5:0b:b0:
         63:23:87:e1:60:ff:bb:88:97:a9:26:d8:84:62:6c:a8:02:de:
         fb:8f:9b:b6:0d:76:e2:8f:df:1a:8f:e5:fc:4f:6a:76:bf:77:
         d7:0e:4b:8e:3f:f4:14:12:30:a1:61:9d:9e:4a:92:57:e3:49:
         82:7f:3d:fd:f1:3f:21:93:94:ea:9f:1a:8d:c1:a8:90:59:8b:
         52:9b:c3:b2:94:57:72:89:ed:c2:ed:42:2b:e8:43:e4:a0:39:
         9f:92:af:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIpYXVZ7QG6B1gvd7Lsz59dWbLbYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAwMTE3WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjMzODVhNGExN2FmODc3M2ExZTdjZTdlMjYxMjhlMTEy
NTYxNDYwZGU2YWM2NTFlOTE4MzZjNDdhZTNkOWM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxUhix8QLHxmiFl8XvDiMiTGBoBHKgg2tS2xC5TCfVAkyY
RSk+xfHgbqg/08ZtmpZroIOn5d2YpJZPieNZjvw5HZSp5L5S0Ga9fV3aifrCmMig
DQSD3cHr7CFJosYoabTdiFLnLR5/9XI5jVEmcVsI3FGyKiDgegOUNXW2zOz6bS+3
/0X0stA4+fk6jfR9R8YVN2tW+LrvnWakG7HHh4sREsqMgW/+jWPAHhC//ZlK7+Jd
bi6PwOrlC6NC1DvOxT6UJCWL9U0Ic4725f0XmyRzSmD+6jJ44CpacvxymajeX8B7
Bqs5qfZjYq3BLcdmsf9wAaCphZa9R16c2LVeGVuLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQNpzHJRwEYPBNkQTd3RfAqRRhOswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhM2I4ZmFkLTkyNTgtNDZkNi1iNjliLWYwMTkzYWEyOTE0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAedNIAwDQYJKoZIhvcNAQELBQADggEBAGiBRevChLniGqCqRjJnhUzTIHKm
B5nK+lnhq0qSxuICx4RoP4rwBknhJcbQxzF5AWhpMS3q7xHUoYrlFmXTKY7zpatD
rD9e+6h84cT23wAFltKBC9MBlGADjkBE3tNraZ8eIC53u4o/emqN5hPVreFyw1AQ
0LF46Wb+3oudkb52dTdYNZ2ZXTdUHASxmf2kyhqEC9erIvS5ZldhG30St6ULsGMj
h+Fg/7uIl6km2IRibKgC3vuPm7YNduKP3xqP5fxPana/d9cOS44/9BQSMKFhnZ5K
klfjSYJ/Pf3xPyGTlOqfGo3BqJBZi1Kbw7KUV3KJ7cLtQivoQ+SgOZ+Sr7E=
-----END CERTIFICATE-----