Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5752b4d6-9da4-44b3-80c5-238c0eccb401.roa
File:                     5752b4d6-9da4-44b3-80c5-238c0eccb401.roa (raw, json)
Hash identifier:          VQtdq38gGXJj9oMWm0w/3pnTJ5O6ClEw1XGow5xwQfE=
Subject key identifier:   6E:26:23:89:34:CF:55:9E:47:A7:DA:0E:65:3F:91:3A:C2:86:D3:F0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F2AEBF1DEC979F34CF285D7BCFB7C807C0F6A48
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5752b4d6-9da4-44b3-80c5-238c0eccb401.roa
Signing time:             Mon 29 Sep 2025 15:13:32 +0000
ROA not before:           Mon 29 Sep 2025 15:13:32 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        142.4.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:2a:eb:f1:de:c9:79:f3:4c:f2:85:d7:bc:fb:7c:80:7c:0f:6a:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 29 15:13:32 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=0e5177a03915a3fd31bd8a993181006e233c1d442da17625ee256372bd581651, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:76:05:65:d1:af:ce:5f:06:89:80:fd:cf:24:
                    d9:1f:ae:13:ea:11:29:f2:57:35:12:f9:e6:35:af:
                    03:41:03:09:fe:4d:a5:e9:86:3a:b6:77:82:7b:ac:
                    38:6c:cf:89:33:01:b2:9d:1e:a1:d3:31:ba:18:fb:
                    4b:1c:2d:35:51:de:55:73:10:05:d4:35:d3:ab:66:
                    df:ab:23:2d:82:f9:bb:be:9e:1f:de:5e:ce:48:e7:
                    66:e9:8c:22:3b:46:f4:98:1d:66:23:e7:62:08:72:
                    a0:e1:24:03:65:2c:ff:05:18:c0:25:78:0c:51:0d:
                    6b:ab:d7:37:1d:90:5d:99:81:40:b6:1a:38:d8:17:
                    84:d6:73:14:07:94:0f:60:3c:9e:be:0a:63:29:76:
                    64:24:74:f0:70:05:46:a9:07:34:0e:21:7d:3f:03:
                    da:9c:27:55:e0:60:c9:7c:c1:31:e5:a2:2d:e6:0a:
                    ec:26:5c:ea:21:19:9f:54:c5:ee:d3:11:50:a8:8e:
                    da:d6:4f:ce:bd:70:86:d4:7f:06:90:99:d6:88:6f:
                    a5:3e:06:1b:97:36:99:96:6c:fc:00:22:6b:d2:6e:
                    f4:2b:a2:a8:4c:fd:39:f3:a8:94:0a:4b:f0:50:99:
                    ff:50:72:e1:3e:50:d3:6e:94:c8:17:72:b6:fc:ad:
                    fb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:26:23:89:34:CF:55:9E:47:A7:DA:0E:65:3F:91:3A:C2:86:D3:F0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5752b4d6-9da4-44b3-80c5-238c0eccb401.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  142.4.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         57:a6:81:22:ea:a6:98:0b:2d:8e:52:25:aa:ce:8b:f1:bd:53:
         0b:93:da:cd:1b:0e:bb:39:c7:e0:bf:65:c5:b4:ef:f3:fd:2b:
         25:92:dc:3e:60:52:81:41:76:ad:b4:c6:41:5d:02:e5:a3:b1:
         ec:ff:f0:36:e4:c8:5c:7a:f8:6e:94:8d:03:6e:8b:08:8e:9c:
         cd:f3:a8:72:88:c8:19:59:38:c3:43:55:bf:46:22:c4:0d:2c:
         5e:98:dc:ef:54:61:26:5d:e7:e2:ac:05:0a:82:9a:4d:f1:c6:
         2c:33:00:b9:a1:43:fe:7c:c3:c3:af:da:f1:56:7d:30:53:01:
         d3:cb:5e:7e:56:86:90:46:f7:f8:11:94:36:c6:43:ce:cf:8c:
         1c:76:c1:ed:e1:5b:5c:f7:f6:a8:f0:96:fd:a8:57:fe:9d:b1:
         bb:28:c0:b8:4a:c1:31:08:f0:1e:32:14:4b:fa:9c:ec:3a:01:
         b7:dd:63:41:52:a7:40:a3:5c:b1:a5:c9:ef:af:fc:0a:b1:d3:
         c4:1f:a4:91:d3:4b:6b:ff:59:89:50:7e:ca:b1:99:27:6b:91:
         87:80:36:d2:16:7e:42:a5:1b:8b:3f:f0:e6:f0:cf:ab:68:5f:
         b7:b3:1b:86:15:88:f5:59:a1:7d:a1:fc:70:72:cb:ec:c1:6e:
         d5:4b:31:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfyrr8d7JefNM8oXXvPt8gHwPakgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI5MTUxMzMyWhcNMjUxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTUxNzdhMDM5MTVhM2ZkMzFiZDhhOTkzMTgxMDA2ZTIz
M2MxZDQ0MmRhMTc2MjVlZTI1NjM3MmJkNTgxNjUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1dgVl0a/OXwaJgP3PJNkfrhPqESnyVzUS+eY1rwNBAwn+
TaXphjq2d4J7rDhsz4kzAbKdHqHTMboY+0scLTVR3lVzEAXUNdOrZt+rIy2C+bu+
nh/eXs5I52bpjCI7RvSYHWYj52IIcqDhJANlLP8FGMAleAxRDWur1zcdkF2ZgUC2
GjjYF4TWcxQHlA9gPJ6+CmMpdmQkdPBwBUapBzQOIX0/A9qcJ1XgYMl8wTHloi3m
CuwmXOohGZ9Uxe7TEVCojtrWT869cIbUfwaQmdaIb6U+BhuXNpmWbPwAImvSbvQr
oqhM/TnzqJQKS/BQmf9QcuE+UNNulMgXcrb8rfufAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbiYjiTTPVZ5Hp9oOZT+ROsKG0/AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU3NTJiNGQ2LTlkYTQtNDRiMy04MGM1LTIzOGMwZWNjYjQwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWOBKAwDQYJKoZIhvcNAQELBQADggEBAFemgSLqppgLLY5SJarOi/G9UwuT
2s0bDrs5x+C/ZcW07/P9KyWS3D5gUoFBdq20xkFdAuWjsez/8DbkyFx6+G6UjQNu
iwiOnM3zqHKIyBlZOMNDVb9GIsQNLF6Y3O9UYSZd5+KsBQqCmk3xxiwzALmhQ/58
w8Ov2vFWfTBTAdPLXn5WhpBG9/gRlDbGQ87PjBx2we3hW1z39qjwlv2oV/6dsbso
wLhKwTEI8B4yFEv6nOw6AbfdY0FSp0CjXLGlye+v/Aqx08QfpJHTS2v/WYlQfsqx
mSdrkYeANtIWfkKlG4s/8Obwz6toX7ezG4YViPVZoX2h/HByy+zBbtVLMUE=
-----END CERTIFICATE-----