Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a168d90-2841-493c-9062-7688b3e332a6.roa
File:                     6a168d90-2841-493c-9062-7688b3e332a6.roa (raw, json)
Hash identifier:          QgJv2ybsfjWXV1rvO2N2hpWs+C5tpue44mrVTmrp0Ko=
Subject key identifier:   64:92:83:E0:11:49:7B:C4:5C:88:CB:5A:D4:D1:2D:F6:6C:24:14:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       19A06F6E2B9D9D1A762AA63880DDDD17ABEC9611
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a168d90-2841-493c-9062-7688b3e332a6.roa
Signing time:             Fri 17 Oct 2025 00:21:11 +0000
ROA not before:           Fri 17 Oct 2025 00:21:11 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.21.80.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:a0:6f:6e:2b:9d:9d:1a:76:2a:a6:38:80:dd:dd:17:ab:ec:96:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:21:11 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=9593bf62d230d047056e3ee1a9d57903f4ab3c19290afb081b1034aa5cae72be, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ed:27:61:2d:36:69:04:f1:60:11:62:c8:f7:
                    58:70:ea:b1:b3:18:a7:04:3f:dd:f9:6a:38:7e:a6:
                    d9:8c:84:b5:fa:9a:b5:2b:05:10:78:61:8e:3d:27:
                    9f:8c:40:b5:fd:26:8b:3a:0a:3e:31:78:1d:08:49:
                    81:72:91:3b:b2:cf:3d:e3:9d:18:3f:1f:8a:21:d5:
                    b9:09:c8:76:30:b9:c4:f7:65:ee:c0:49:c4:35:c6:
                    38:83:ba:67:a1:8a:fd:25:bb:a3:d2:c0:f2:63:8e:
                    c1:33:87:a7:21:e0:ff:44:5a:74:17:41:24:56:82:
                    d1:1e:e2:71:79:69:27:43:c9:30:95:b4:48:38:17:
                    a6:a3:29:a3:af:ed:08:ac:35:3b:52:3d:f1:96:5f:
                    e8:e2:da:b1:84:4a:2a:db:c9:0e:66:b1:94:47:a0:
                    d2:9f:d3:ef:2b:f0:93:47:29:33:23:1c:ad:2c:12:
                    8e:7b:b1:06:1b:c5:af:e0:52:9f:d1:a3:4a:5a:12:
                    7d:7c:ee:c9:fe:7d:fb:08:e6:e3:20:0d:61:ce:44:
                    c2:94:75:89:18:06:4b:84:8d:8c:ea:8e:38:0f:a2:
                    03:c1:73:f0:98:f1:e7:11:c2:3f:1a:eb:29:c9:81:
                    00:da:09:dc:25:cc:a7:21:cf:17:85:52:f9:59:19:
                    f0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:92:83:E0:11:49:7B:C4:5C:88:CB:5A:D4:D1:2D:F6:6C:24:14:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a168d90-2841-493c-9062-7688b3e332a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:de:20:b7:f9:59:1d:e4:86:d9:40:11:68:a9:36:82:19:3e:
         4d:9d:12:03:d8:75:51:f7:27:a6:67:0a:3f:fc:1c:c4:44:7f:
         2f:f0:9b:ab:ff:69:45:4e:8d:21:08:a8:52:87:9c:fe:f8:36:
         be:c0:86:3d:8c:c5:b1:94:bb:fe:92:29:a4:5b:fd:d5:9b:df:
         33:eb:e7:0b:84:c0:cd:4f:d3:21:50:1f:44:2f:e2:c3:95:7b:
         69:2d:1a:d8:cc:d0:ce:95:9a:2d:98:cb:b3:2b:69:ee:16:d5:
         74:4c:5d:84:ed:bd:c0:a4:19:39:d3:d3:ad:a5:87:f1:69:a4:
         c0:00:3c:0b:d6:f6:ba:a2:17:6c:10:fb:97:5c:97:f0:dd:b5:
         48:59:76:d5:05:a5:be:0d:26:50:f1:15:6d:2c:e9:6d:19:09:
         d9:63:64:40:3e:43:1e:b9:5d:81:16:dd:dd:50:61:61:b4:f3:
         dd:2d:58:c3:1e:49:9f:02:ea:63:93:ff:62:2a:6e:63:8b:02:
         14:ff:ca:4f:a0:72:46:3c:e0:50:e6:b4:a7:4c:ef:29:5f:1a:
         71:bb:49:fe:0c:56:68:ac:a9:53:62:0e:5f:30:eb:a0:24:eb:
         f7:f9:fe:e6:7e:e2:1c:f8:25:e1:80:56:b6:a2:da:74:13:46:
         39:ed:6e:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGaBvbiudnRp2KqY4gN3dF6vslhEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDAyMTExWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NTkzYmY2MmQyMzBkMDQ3MDU2ZTNlZTFhOWQ1NzkwM2Y0
YWIzYzE5MjkwYWZiMDgxYjEwMzRhYTVjYWU3MmJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/7SdhLTZpBPFgEWLI91hw6rGzGKcEP935ajh+ptmMhLX6
mrUrBRB4YY49J5+MQLX9Jos6Cj4xeB0ISYFykTuyzz3jnRg/H4oh1bkJyHYwucT3
Ze7AScQ1xjiDumehiv0lu6PSwPJjjsEzh6ch4P9EWnQXQSRWgtEe4nF5aSdDyTCV
tEg4F6ajKaOv7QisNTtSPfGWX+ji2rGESirbyQ5msZRHoNKf0+8r8JNHKTMjHK0s
Eo57sQYbxa/gUp/Ro0paEn187sn+ffsI5uMgDWHORMKUdYkYBkuEjYzqjjgPogPB
c/CY8ecRwj8a6ynJgQDaCdwlzKchzxeFUvlZGfBNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZJKD4BFJe8RciMta1NEt9mwkFKYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhMTY4ZDkwLTI4NDEtNDkzYy05MDYyLTc2ODhiM2UzMzJhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANrFVAwDQYJKoZIhvcNAQELBQADggEBAJXeILf5WR3khtlAEWipNoIZPk2d
EgPYdVH3J6ZnCj/8HMREfy/wm6v/aUVOjSEIqFKHnP74Nr7Ahj2MxbGUu/6SKaRb
/dWb3zPr5wuEwM1P0yFQH0Qv4sOVe2ktGtjM0M6Vmi2Yy7Mrae4W1XRMXYTtvcCk
GTnT062lh/FppMAAPAvW9rqiF2wQ+5dcl/DdtUhZdtUFpb4NJlDxFW0s6W0ZCdlj
ZEA+Qx65XYEW3d1QYWG0890tWMMeSZ8C6mOT/2IqbmOLAhT/yk+gckY84FDmtKdM
7ylfGnG7Sf4MVmisqVNiDl8w66Ak6/f5/uZ+4hz4JeGAVrai2nQTRjntbsI=
-----END CERTIFICATE-----