Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54dba2ae-fa55-448d-8286-0b2647236884.roa
File:                     54dba2ae-fa55-448d-8286-0b2647236884.roa (raw, json)
Hash identifier:          Lz/TM+c2k5UFR1M/z8X/3NL8yXVN3aqqNtNOF9AZvLA=
Subject key identifier:   3D:D6:08:DD:E5:73:E9:FD:D2:3A:60:E4:8C:6F:BB:A1:98:AD:8F:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45E30F40DDF1A84F87A84E0B8DF1A86C33759C30
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54dba2ae-fa55-448d-8286-0b2647236884.roa
Signing time:             Fri 17 Oct 2025 21:50:44 +0000
ROA not before:           Fri 17 Oct 2025 21:50:44 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        164.152.168.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:e3:0f:40:dd:f1:a8:4f:87:a8:4e:0b:8d:f1:a8:6c:33:75:9c:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 21:50:44 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=445700018206b486d93bf94602aeeecb25405031934b1a03deb8e8a172d5ab85, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f0:05:57:88:43:ab:80:35:83:88:74:65:34:
                    85:90:6a:68:e0:d3:29:3a:08:4f:9a:15:a5:fd:7e:
                    f0:a1:c0:7d:4f:ea:1f:46:32:7d:0c:12:f6:8a:ad:
                    a6:6f:47:d1:4d:1a:b1:36:7f:00:b2:be:7e:83:6a:
                    b0:5b:a5:f3:a8:eb:24:f1:32:a1:f5:c4:df:09:63:
                    18:a4:f5:83:a5:a2:24:8a:f7:3c:7a:ba:cf:d2:64:
                    be:ee:6f:b0:9a:76:91:2c:46:7d:67:47:19:d0:ac:
                    f4:11:f5:1d:2c:6a:84:6a:de:40:17:5d:23:e9:c8:
                    6a:f4:d1:6d:f9:a9:60:53:56:fe:e4:ea:4b:32:b6:
                    2a:ce:86:a4:cf:f8:24:70:3b:08:9b:5a:ef:85:0f:
                    52:2d:b3:c0:4a:cb:17:24:63:1e:bf:4d:f3:a4:b9:
                    bc:05:4e:37:f2:f5:69:e9:97:78:7f:5b:e0:33:6b:
                    4e:1b:c8:68:cb:01:92:00:dd:60:58:d4:aa:22:d3:
                    23:c9:24:03:f5:fc:68:cf:b7:43:74:37:d6:09:98:
                    5b:42:4a:52:75:d0:19:42:ed:bc:6b:e1:53:0f:8c:
                    fe:2d:10:ca:cf:50:c2:4c:a6:58:10:f6:60:7d:5b:
                    47:6c:00:0c:05:91:5a:e1:ee:eb:01:a9:77:23:05:
                    a7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D6:08:DD:E5:73:E9:FD:D2:3A:60:E4:8C:6F:BB:A1:98:AD:8F:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54dba2ae-fa55-448d-8286-0b2647236884.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         98:dc:7f:7e:ea:c9:86:44:2f:9a:27:42:b3:e1:7c:ee:a3:37:
         14:20:3a:95:47:ee:34:26:ee:97:35:62:82:83:c2:43:2d:0f:
         cc:7d:d8:42:08:bc:13:20:c2:95:15:45:6f:34:f0:01:b5:28:
         69:65:f7:99:86:70:b0:c0:6d:71:c0:f2:f8:ec:95:64:14:56:
         3d:1b:2b:0b:0c:b0:f7:95:cb:36:36:bc:84:a5:53:30:75:85:
         58:a6:63:99:0d:e1:1c:ed:a8:72:58:8d:d0:c9:6c:ef:f8:42:
         79:48:31:a0:3b:ce:9d:a8:e3:66:64:6c:71:b2:b4:1a:64:61:
         0f:46:39:de:d6:12:b8:c0:52:71:43:fb:4b:04:dd:54:4f:d4:
         ac:89:2d:34:9a:fa:50:e9:4d:08:ca:cf:50:a4:f7:e7:36:7d:
         ed:91:3e:39:26:74:00:69:70:91:af:ae:c9:66:23:f9:77:02:
         69:b7:5f:e9:13:99:6a:c0:12:e7:e3:6f:3c:56:63:f0:9c:28:
         e6:f5:df:52:b5:ba:e1:b3:01:47:92:51:2d:c2:d9:79:c2:50:
         21:bf:fd:37:0a:a2:b5:cd:55:5f:8d:21:3e:8d:69:2e:62:df:
         4b:ff:2c:01:50:08:62:f2:5d:e7:d0:5c:a0:b7:b8:31:27:54:
         1c:d9:1c:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUReMPQN3xqE+HqE4LjfGobDN1nDAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjE1MDQ0WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDU3MDAwMTgyMDZiNDg2ZDkzYmY5NDYwMmFlZWVjYjI1
NDA1MDMxOTM0YjFhMDNkZWI4ZThhMTcyZDVhYjg1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR8AVXiEOrgDWDiHRlNIWQamjg0yk6CE+aFaX9fvChwH1P
6h9GMn0MEvaKraZvR9FNGrE2fwCyvn6DarBbpfOo6yTxMqH1xN8JYxik9YOloiSK
9zx6us/SZL7ub7CadpEsRn1nRxnQrPQR9R0saoRq3kAXXSPpyGr00W35qWBTVv7k
6ksytirOhqTP+CRwOwibWu+FD1Its8BKyxckYx6/TfOkubwFTjfy9Wnpl3h/W+Az
a04byGjLAZIA3WBY1Koi0yPJJAP1/GjPt0N0N9YJmFtCSlJ10BlC7bxr4VMPjP4t
EMrPUMJMplgQ9mB9W0dsAAwFkVrh7usBqXcjBadpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPdYI3eVz6f3SOmDkjG+7oZitj2EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0ZGJhMmFlLWZhNTUtNDQ4ZC04Mjg2LTBiMjY0NzIzNjg4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOkmKgwDQYJKoZIhvcNAQELBQADggEBAJjcf37qyYZEL5onQrPhfO6jNxQg
OpVH7jQm7pc1YoKDwkMtD8x92EIIvBMgwpUVRW808AG1KGll95mGcLDAbXHA8vjs
lWQUVj0bKwsMsPeVyzY2vISlUzB1hVimY5kN4RztqHJYjdDJbO/4QnlIMaA7zp2o
42ZkbHGytBpkYQ9GOd7WErjAUnFD+0sE3VRP1KyJLTSa+lDpTQjKz1Ck9+c2fe2R
PjkmdABpcJGvrslmI/l3Amm3X+kTmWrAEufjbzxWY/CcKOb131K1uuGzAUeSUS3C
2XnCUCG//TcKorXNVV+NIT6NaS5i30v/LAFQCGLyXefQXKC3uDEnVBzZHOo=
-----END CERTIFICATE-----