Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5764c5f6-9fe6-46c5-b1a0-268cd76692f2.roa
File:                     5764c5f6-9fe6-46c5-b1a0-268cd76692f2.roa (raw, json)
Hash identifier:          B5KDyqGmENzWArE5zThB+QMvf0MD5Eu10U2NVHzO4vE=
Subject key identifier:   8C:2C:33:61:79:02:6A:25:50:C9:E4:F2:19:14:E1:0D:1C:4F:63:AE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02DE5E9D8D563DD5BFF93FC2FDA0FFC9BE8D0BB0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5764c5f6-9fe6-46c5-b1a0-268cd76692f2.roa
Signing time:             Sat 27 Sep 2025 00:02:21 +0000
ROA not before:           Sat 27 Sep 2025 00:02:21 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        153.42.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:de:5e:9d:8d:56:3d:d5:bf:f9:3f:c2:fd:a0:ff:c9:be:8d:0b:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:02:21 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=9d769be678fc6417cb0f1e171be551fa0a08b1d99787f08e9fba005a014bdd0c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:44:54:e1:35:b3:1c:ff:c5:b7:6e:64:9d:cd:
                    59:e6:80:0a:62:0a:61:58:37:69:28:e5:02:cf:80:
                    06:48:c0:04:70:0d:3b:e4:f8:8a:ed:7a:fc:de:74:
                    ed:c6:6b:56:34:f0:bf:5a:b3:02:5c:3b:1f:d6:92:
                    82:1c:b8:49:2b:c7:85:27:df:ce:de:37:1e:52:5f:
                    12:ad:46:24:07:d1:c3:89:d6:e0:2f:83:cc:ca:c4:
                    5c:7e:ba:ac:fc:32:7b:1a:58:0f:a3:e5:cb:a3:97:
                    85:03:54:55:52:6c:7b:37:e4:2a:c6:e9:b3:e6:3f:
                    fb:96:dc:3b:aa:4e:3a:bd:ed:94:3a:5c:aa:5e:3a:
                    10:ac:98:c4:ab:6a:95:1f:ca:bc:82:31:50:b2:dd:
                    94:30:aa:fb:24:95:0d:28:87:a1:99:2c:33:38:b9:
                    f2:de:f5:9c:3d:5c:ba:7a:d3:0c:22:78:bd:6e:42:
                    3f:3f:31:42:c0:be:88:0d:d5:2c:bf:88:68:99:7a:
                    f5:94:8c:cb:3d:6c:a5:3b:c7:ac:b9:98:5a:c6:b2:
                    c3:98:ba:3c:e8:b4:66:df:4a:95:00:44:e3:49:ad:
                    30:79:99:06:9f:93:ea:bb:5c:80:97:17:e8:33:ec:
                    40:4e:83:82:72:04:c0:23:ed:88:4d:72:66:9e:fa:
                    72:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:2C:33:61:79:02:6A:25:50:C9:E4:F2:19:14:E1:0D:1C:4F:63:AE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5764c5f6-9fe6-46c5-b1a0-268cd76692f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.42.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         32:21:4a:70:0b:5e:f7:3a:e7:2e:f9:7b:94:3f:99:44:7f:7d:
         71:39:bd:bb:aa:fc:b3:a1:09:9f:a9:f0:ae:eb:1b:42:28:a8:
         de:15:7e:95:58:99:83:60:32:3a:6b:dc:20:8a:08:10:84:bd:
         c5:c1:c8:f0:0d:67:ce:71:d4:64:88:75:d9:4f:e6:8d:c2:eb:
         d9:52:01:54:b3:ce:cf:e9:18:8f:68:7b:2e:11:f4:b8:d3:a8:
         d2:b4:1f:7b:38:5f:68:ae:25:5a:23:6d:ab:7d:d6:dd:72:5d:
         b9:eb:1c:64:f0:f3:71:48:9e:71:4a:34:e4:27:4b:a2:8f:d0:
         48:bc:ee:26:88:51:5a:fb:3d:4a:44:7a:52:6c:4c:29:1c:05:
         d5:4f:66:99:ba:40:44:7e:0b:09:80:cd:71:ae:06:e9:75:e0:
         cd:5f:15:fd:07:ae:b4:1b:4b:34:ba:81:a9:c0:61:64:51:0d:
         a5:a3:70:60:1b:0b:a0:ba:6a:63:05:d4:a4:cf:c6:6d:d6:2b:
         6a:bf:46:3f:db:33:a6:e4:f2:82:f5:c2:5a:f6:4e:15:22:13:
         4a:fc:74:cc:d7:92:b1:b7:b9:3b:8c:64:ed:84:2d:8f:ff:d5:
         30:d9:bb:97:08:5f:b3:a1:8a:34:c1:c0:a3:38:94:78:da:b3:
         d5:9b:ce:02
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAt5enY1WPdW/+T/C/aD/yb6NC7AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAwMjIxWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDc2OWJlNjc4ZmM2NDE3Y2IwZjFlMTcxYmU1NTFmYTBh
MDhiMWQ5OTc4N2YwOGU5ZmJhMDA1YTAxNGJkZDBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3RFThNbMc/8W3bmSdzVnmgApiCmFYN2ko5QLPgAZIwARw
DTvk+IrtevzedO3Ga1Y08L9aswJcOx/WkoIcuEkrx4Un387eNx5SXxKtRiQH0cOJ
1uAvg8zKxFx+uqz8MnsaWA+j5cujl4UDVFVSbHs35CrG6bPmP/uW3DuqTjq97ZQ6
XKpeOhCsmMSrapUfyryCMVCy3ZQwqvsklQ0oh6GZLDM4ufLe9Zw9XLp60wwieL1u
Qj8/MULAvogN1Sy/iGiZevWUjMs9bKU7x6y5mFrGssOYujzotGbfSpUARONJrTB5
mQafk+q7XICXF+gz7EBOg4JyBMAj7YhNcmae+nIzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjCwzYXkCaiVQyeTyGRThDRxPY64wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU3NjRjNWY2LTlmZTYtNDZjNS1iMWEwLTI2OGNkNzY2OTJmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCZKjANBgkqhkiG9w0BAQsFAAOCAQEAMiFKcAte9zrnLvl7lD+ZRH99cTm9
u6r8s6EJn6nwrusbQiio3hV+lViZg2AyOmvcIIoIEIS9xcHI8A1nznHUZIh12U/m
jcLr2VIBVLPOz+kYj2h7LhH0uNOo0rQfezhfaK4lWiNtq33W3XJduescZPDzcUie
cUo05CdLoo/QSLzuJohRWvs9SkR6UmxMKRwF1U9mmbpARH4LCYDNca4G6XXgzV8V
/QeutBtLNLqBqcBhZFENpaNwYBsLoLpqYwXUpM/GbdYrar9GP9szpuTygvXCWvZO
FSITSvx0zNeSsbe5O4xk7YQtj//VMNm7lwhfs6GKNMHAoziUeNqz1ZvOAg==
-----END CERTIFICATE-----