Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/557ead45-b1a7-4106-be3c-6b610ae5759c.roa
File:                     557ead45-b1a7-4106-be3c-6b610ae5759c.roa (raw, json)
Hash identifier:          a/O9dGpJp1Wj4W2Hd8OCS0uTwAmiPvwkeFtabjZQSyM=
Subject key identifier:   BA:C3:A8:F8:2F:80:66:5F:4B:99:CA:D9:0B:4F:72:85:34:4A:10:52
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5914B334A812655BF777FC21159CFA36230626E9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/557ead45-b1a7-4106-be3c-6b610ae5759c.roa
Signing time:             Sat 27 Sep 2025 00:42:25 +0000
ROA not before:           Sat 27 Sep 2025 00:42:25 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.131.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:14:b3:34:a8:12:65:5b:f7:77:fc:21:15:9c:fa:36:23:06:26:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:42:25 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=74a7b29a2271eff0530c552533846af5aa7cd847e0c5aaa1487913d3189a3b76, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:bc:09:9a:30:a7:dd:a6:9b:44:26:05:16:29:
                    a0:1c:6b:2f:fe:65:70:51:54:f7:2b:04:38:ed:0d:
                    f8:de:a5:97:c3:4a:67:a5:19:24:61:f4:36:2c:e4:
                    7c:dc:08:e7:71:56:f5:70:98:33:c9:67:f6:f9:62:
                    4d:8b:d1:7f:0c:1b:d6:2e:12:fd:2e:63:43:40:59:
                    13:0f:6d:87:b0:3b:34:15:ad:cf:1a:47:5b:b3:c3:
                    8d:91:d0:22:73:95:c3:b3:dd:eb:5f:87:bd:a1:f3:
                    60:15:af:6c:09:50:8c:37:dd:64:a6:6b:7b:93:2b:
                    7e:5f:6f:71:84:13:17:ea:37:d4:f6:36:5c:b0:01:
                    96:87:13:72:72:2b:fe:11:9a:a9:2f:54:cd:07:a0:
                    77:9f:c3:eb:7c:04:0e:b6:bd:7f:70:74:75:20:ea:
                    ae:2f:7b:39:d6:94:d5:84:62:33:5e:f8:87:35:72:
                    1f:79:9f:86:98:b4:e2:e2:de:21:f4:60:d4:54:14:
                    82:7c:24:63:4f:e8:2d:25:ee:83:c4:08:9a:dc:02:
                    70:5a:1e:d4:f2:cb:57:4f:ab:5f:f3:f0:34:a5:03:
                    c0:84:66:9f:27:71:05:ff:65:5c:71:f1:2a:82:7d:
                    e7:e8:80:3a:26:35:38:62:8a:93:ac:8e:8b:6d:b7:
                    83:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C3:A8:F8:2F:80:66:5F:4B:99:CA:D9:0B:4F:72:85:34:4A:10:52
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/557ead45-b1a7-4106-be3c-6b610ae5759c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.131.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         47:ac:34:0f:87:f0:80:18:c6:1b:d5:cf:be:ca:9d:0e:40:4d:
         45:4e:b3:ea:d7:e7:b0:9c:44:2a:4e:da:de:97:ed:46:7f:13:
         66:64:bc:95:fe:2d:b6:9e:e6:25:09:76:3b:38:2f:00:ea:d5:
         a3:f8:04:90:f1:7c:47:35:80:02:0f:b2:22:63:34:3b:3d:61:
         c6:6a:ca:10:bd:90:22:b4:a0:16:49:6f:fb:72:5e:df:3a:f7:
         03:3c:fe:92:5d:72:b9:65:8b:a9:33:3e:66:10:69:8a:12:3b:
         86:8b:fc:88:3e:2d:ad:34:ec:e4:18:bf:7c:77:bf:57:6f:7e:
         5d:3e:2f:67:f4:9f:c7:25:f8:a9:f7:54:d4:a6:ba:40:cc:3f:
         48:04:17:d2:0d:88:a4:a0:e8:de:a9:ac:45:76:f4:21:dd:0c:
         20:d5:5b:0c:e6:44:b9:5e:56:80:24:84:61:15:ec:d5:ce:64:
         b6:8a:0e:a5:28:7d:e3:13:5a:67:10:c3:7b:8c:fe:fa:c5:b2:
         a9:7b:cd:d1:46:31:63:8b:90:e0:68:a1:92:6b:c3:95:a5:f2:
         b7:80:a7:44:2d:b6:ba:6e:a8:e1:ef:1f:cb:68:87:27:dc:2f:
         5d:4a:d0:5c:b9:2b:12:68:b9:09:c1:7c:dc:8c:cc:1f:84:6a:
         a2:3e:cc:5a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWRSzNKgSZVv3d/whFZz6NiMGJukwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDA0MjI1WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NGE3YjI5YTIyNzFlZmYwNTMwYzU1MjUzMzg0NmFmNWFh
N2NkODQ3ZTBjNWFhYTE0ODc5MTNkMzE4OWEzYjc2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCEvAmaMKfdpptEJgUWKaAcay/+ZXBRVPcrBDjtDfjepZfD
SmelGSRh9DYs5HzcCOdxVvVwmDPJZ/b5Yk2L0X8MG9YuEv0uY0NAWRMPbYewOzQV
rc8aR1uzw42R0CJzlcOz3etfh72h82AVr2wJUIw33WSma3uTK35fb3GEExfqN9T2
NlywAZaHE3JyK/4RmqkvVM0HoHefw+t8BA62vX9wdHUg6q4veznWlNWEYjNe+Ic1
ch95n4aYtOLi3iH0YNRUFIJ8JGNP6C0l7oPECJrcAnBaHtTyy1dPq1/z8DSlA8CE
Zp8ncQX/ZVxx8SqCfefogDomNThiipOsjottt4NVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUusOo+C+AZl9LmcrZC09yhTRKEFIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU1N2VhZDQ1LWIxYTctNDEwNi1iZTNjLTZiNjEwYWU1NzU5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBigzANBgkqhkiG9w0BAQsFAAOCAQEAR6w0D4fwgBjGG9XPvsqdDkBNRU6z
6tfnsJxEKk7a3pftRn8TZmS8lf4ttp7mJQl2OzgvAOrVo/gEkPF8RzWAAg+yImM0
Oz1hxmrKEL2QIrSgFklv+3Je3zr3Azz+kl1yuWWLqTM+ZhBpihI7hov8iD4trTTs
5Bi/fHe/V29+XT4vZ/SfxyX4qfdU1Ka6QMw/SAQX0g2IpKDo3qmsRXb0Id0MINVb
DOZEuV5WgCSEYRXs1c5ktooOpSh94xNaZxDDe4z++sWyqXvN0UYxY4uQ4GihkmvD
laXyt4CnRC22um6o4e8fy2iHJ9wvXUrQXLkrEmi5CcF83IzMH4Rqoj7MWg==
-----END CERTIFICATE-----