Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6180f79d-50dd-4657-b089-a4ff5a8e575b.roa
File:                     6180f79d-50dd-4657-b089-a4ff5a8e575b.roa (raw, json)
Hash identifier:          VsOaJqKMXz3S3+lS3/bGhqfIM2ufDv1JLDkPA80hvps=
Subject key identifier:   03:FF:C2:24:8C:9D:F2:F4:AD:17:42:E5:DB:F0:25:2C:B2:6F:B1:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17730FEECCD743D69752A47D583A17A0988370DB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6180f79d-50dd-4657-b089-a4ff5a8e575b.roa
Signing time:             Mon 06 Oct 2025 15:22:35 +0000
ROA not before:           Mon 06 Oct 2025 15:22:35 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.128.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:73:0f:ee:cc:d7:43:d6:97:52:a4:7d:58:3a:17:a0:98:83:70:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:22:35 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=08d534375ab9fd71925c76a6d08a5df44517ee36d2b71832d42dad795f151b91, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:2f:35:51:09:6e:98:80:60:76:8b:c4:07:a7:
                    08:b7:dc:f5:de:a8:94:c4:df:c0:ac:c8:c9:92:de:
                    92:d8:c1:d0:57:f5:3d:ab:05:cb:0b:d3:ec:87:95:
                    2f:fa:76:0b:30:25:48:b4:14:00:fc:f4:a4:12:9d:
                    cb:29:50:a2:df:e7:ae:aa:a0:c0:a1:bf:18:3a:f1:
                    85:9b:31:8b:dd:fa:06:87:3a:c7:0b:54:81:2d:d2:
                    80:9a:55:71:98:da:c5:b9:9c:cd:ab:8f:a4:f0:dd:
                    94:30:82:35:f2:53:c8:d5:d2:10:27:11:d6:f9:f4:
                    2f:8d:6d:fc:a5:c5:90:c4:a5:87:4e:96:95:77:38:
                    86:65:32:70:8e:1a:98:ce:7e:5e:e9:d3:db:9b:40:
                    da:37:c3:a0:88:fc:8e:ec:3e:24:7d:8d:64:eb:bc:
                    75:d2:10:d0:cc:a0:3a:85:6f:fc:0c:31:c7:f5:ba:
                    82:95:55:0b:bd:02:ae:eb:bf:d1:6d:41:96:ed:f9:
                    a4:1f:07:83:3a:99:0f:60:49:dc:8b:79:59:bc:06:
                    e5:ab:f9:5d:db:3c:0a:d0:00:57:a5:23:8d:67:2d:
                    a5:c7:bf:bb:e2:1a:25:92:bb:6c:32:ab:0b:28:b9:
                    bf:f7:90:97:0c:56:70:dd:18:55:e1:fc:65:77:a8:
                    a6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:FF:C2:24:8C:9D:F2:F4:AD:17:42:E5:DB:F0:25:2C:B2:6F:B1:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6180f79d-50dd-4657-b089-a4ff5a8e575b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.128.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3a:98:44:fc:ea:77:b7:59:53:3f:69:75:5e:10:6e:59:b6:83:
         b3:f3:d4:54:af:4f:a8:b4:c0:a7:13:2d:83:5a:0d:f2:aa:e9:
         0f:20:d2:5a:70:e2:70:b9:da:15:db:df:49:fa:14:e4:67:94:
         3a:c5:aa:a3:91:89:a8:a3:71:aa:72:28:d5:f3:70:87:9f:ed:
         c5:15:c3:22:a2:fe:15:72:9f:db:8d:cf:06:1c:f2:80:6a:53:
         c9:a4:57:b9:7e:0e:d7:e3:94:93:db:bd:12:96:3b:f8:9d:e4:
         6e:88:ef:c8:b7:b8:fc:50:32:bd:7d:ad:bb:fa:85:26:8c:6c:
         a7:92:65:7b:f0:23:c6:39:10:8f:3f:2b:6f:03:cb:16:52:63:
         6b:18:2c:96:9c:8b:0d:48:c6:11:ed:24:3a:d1:65:89:5e:25:
         4f:79:39:31:87:86:dc:1d:d6:16:61:73:93:20:5d:4c:37:42:
         86:9b:a8:2e:1f:ff:20:f6:81:8b:0f:76:20:9d:a1:08:d4:aa:
         a7:0a:ef:00:60:44:b0:a2:43:be:91:a5:ca:2c:14:5a:79:53:
         26:51:fd:e5:8b:58:16:52:4f:15:f5:f1:81:32:69:9d:5c:03:
         16:0c:97:59:52:a1:5d:90:58:2f:a0:1d:51:94:12:25:e4:ed:
         92:8d:0b:63
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF3MP7szXQ9aXUqR9WDoXoJiDcNswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTUyMjM1WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwOGQ1MzQzNzVhYjlmZDcxOTI1Yzc2YTZkMDhhNWRmNDQ1
MTdlZTM2ZDJiNzE4MzJkNDJkYWQ3OTVmMTUxYjkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD8LzVRCW6YgGB2i8QHpwi33PXeqJTE38CsyMmS3pLYwdBX
9T2rBcsL0+yHlS/6dgswJUi0FAD89KQSncspUKLf566qoMChvxg68YWbMYvd+gaH
OscLVIEt0oCaVXGY2sW5nM2rj6Tw3ZQwgjXyU8jV0hAnEdb59C+NbfylxZDEpYdO
lpV3OIZlMnCOGpjOfl7p09ubQNo3w6CI/I7sPiR9jWTrvHXSENDMoDqFb/wMMcf1
uoKVVQu9Aq7rv9FtQZbt+aQfB4M6mQ9gSdyLeVm8BuWr+V3bPArQAFelI41nLaXH
v7viGiWSu2wyqwsoub/3kJcMVnDdGFXh/GV3qKYRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUA//CJIyd8vStF0Ll2/AlLLJvsa0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxODBmNzlkLTUwZGQtNDY1Ny1iMDg5LWE0ZmY1YThlNTc1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUNgKAwDQYJKoZIhvcNAQELBQADggEBADqYRPzqd7dZUz9pdV4Qblm2g7Pz
1FSvT6i0wKcTLYNaDfKq6Q8g0lpw4nC52hXb30n6FORnlDrFqqORiaijcapyKNXz
cIef7cUVwyKi/hVyn9uNzwYc8oBqU8mkV7l+DtfjlJPbvRKWO/id5G6I78i3uPxQ
Mr19rbv6hSaMbKeSZXvwI8Y5EI8/K28DyxZSY2sYLJaciw1IxhHtJDrRZYleJU95
OTGHhtwd1hZhc5MgXUw3QoabqC4f/yD2gYsPdiCdoQjUqqcK7wBgRLCiQ76Rpcos
FFp5UyZR/eWLWBZSTxX18YEyaZ1cAxYMl1lSoV2QWC+gHVGUEiXk7ZKNC2M=
-----END CERTIFICATE-----