Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/783c511e-5fb0-4300-843c-c199f004156b.roa
File:                     783c511e-5fb0-4300-843c-c199f004156b.roa (raw, json)
Hash identifier:          czppUzj4JoCJZG97PkUzt1IbEV49OcN8npkTekj6288=
Subject key identifier:   CF:6D:F0:8C:6C:DE:7A:EA:8F:A6:32:14:BD:9F:DF:04:DE:32:CC:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F05463F2CA43054BABAA81CB3A124765E2C1617
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/783c511e-5fb0-4300-843c-c199f004156b.roa
Signing time:             Tue 30 Sep 2025 00:21:08 +0000
ROA not before:           Tue 30 Sep 2025 00:21:08 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        168.203.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:05:46:3f:2c:a4:30:54:ba:ba:a8:1c:b3:a1:24:76:5e:2c:16:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:21:08 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=bf3be046d45ce7220578eb47ee4437400cfcced3491cbcc0f7a4238db9b8bc30, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0a:a8:65:f7:16:41:a7:3b:4f:b0:d9:13:35:
                    de:4a:a4:68:a8:93:e2:9b:e7:73:28:7a:18:4e:c8:
                    4c:f2:7d:01:5b:c1:00:07:98:e0:ca:e1:f0:55:d4:
                    8a:f6:6f:db:21:ee:6d:3c:ec:5c:ca:04:07:26:47:
                    f1:43:04:57:1d:a1:49:d1:11:37:f6:00:54:ea:cf:
                    18:c9:cf:18:9e:26:13:d0:f3:8f:03:b9:d0:c0:c4:
                    00:c2:cc:f9:b3:f7:18:59:b2:62:8e:e2:6e:3e:da:
                    84:75:b4:32:cc:25:9d:4c:08:4a:82:b7:52:b8:f4:
                    ad:19:86:c7:b7:ec:f9:8e:f4:98:95:ba:6e:a3:6d:
                    97:f1:1b:61:df:3a:b2:6a:7e:98:ee:16:ff:f7:ed:
                    bb:04:67:45:9b:20:2b:2b:c1:21:c8:a9:5d:0c:0f:
                    25:b0:33:41:ab:3d:c9:93:4a:a0:c6:2c:9a:e3:97:
                    8d:73:99:d5:84:38:b6:95:91:03:90:8e:64:7a:b3:
                    64:d0:e8:3f:39:22:0a:c2:ca:15:1b:b5:3d:ea:ef:
                    f3:2f:a1:37:6a:c7:80:4c:b6:2f:a9:75:1b:72:e1:
                    c0:05:c4:f2:b0:4a:08:fd:0d:e0:e5:5b:89:6a:71:
                    c8:0d:c8:85:1c:48:af:e1:a6:74:ec:07:0a:f5:46:
                    2a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6D:F0:8C:6C:DE:7A:EA:8F:A6:32:14:BD:9F:DF:04:DE:32:CC:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/783c511e-5fb0-4300-843c-c199f004156b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.203.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         43:b1:48:93:5c:3b:f4:b3:70:91:ca:2e:4b:9f:97:59:f3:2f:
         5c:89:09:dd:0c:83:50:81:28:9e:27:29:3b:3a:8c:28:e6:a7:
         50:0f:7b:73:b9:59:e0:93:f7:8f:79:64:f7:c9:64:9d:2b:c6:
         e7:2b:a8:f6:74:36:dd:65:65:fe:aa:55:f6:03:0b:c8:97:f9:
         f2:2c:06:f7:1f:31:ee:1f:a4:6e:fa:4e:81:69:d1:29:d2:99:
         95:ab:4c:8c:c0:f0:0a:0b:17:22:dc:84:91:1f:6a:bb:b2:86:
         05:f1:63:81:f0:ae:d5:34:e0:0e:0e:0e:29:bb:b3:11:77:6c:
         f2:88:5c:db:b3:bb:5e:80:c5:e1:e3:a2:54:68:82:6d:69:c6:
         5f:f9:e5:ef:1e:ae:56:b2:bb:2b:e9:85:dc:47:6c:40:1d:6c:
         49:5b:8f:46:19:51:ee:89:63:21:69:e0:6f:fe:2a:10:52:5c:
         a6:97:e9:85:df:20:27:a2:53:b2:88:3f:e1:9f:91:69:51:4a:
         63:cc:38:1f:b8:18:c6:9d:71:81:a7:f2:e6:6f:f6:d5:92:b7:
         da:31:27:dd:e7:f4:93:35:00:4d:f2:92:6b:52:e8:2a:90:89:
         75:ff:03:bd:34:16:44:ba:5c:ee:e7:67:2b:7a:d1:9e:0f:96:
         80:c9:f7:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbwVGPyykMFS6uqgcs6Ekdl4sFhcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAyMTA4WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZjNiZTA0NmQ0NWNlNzIyMDU3OGViNDdlZTQ0Mzc0MDBj
ZmNjZWQzNDkxY2JjYzBmN2E0MjM4ZGI5YjhiYzMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUCqhl9xZBpztPsNkTNd5KpGiok+Kb53MoehhOyEzyfQFb
wQAHmODK4fBV1Ir2b9sh7m087FzKBAcmR/FDBFcdoUnRETf2AFTqzxjJzxieJhPQ
848DudDAxADCzPmz9xhZsmKO4m4+2oR1tDLMJZ1MCEqCt1K49K0Zhse37PmO9JiV
um6jbZfxG2HfOrJqfpjuFv/37bsEZ0WbICsrwSHIqV0MDyWwM0GrPcmTSqDGLJrj
l41zmdWEOLaVkQOQjmR6s2TQ6D85IgrCyhUbtT3q7/MvoTdqx4BMti+pdRty4cAF
xPKwSgj9DeDlW4lqccgNyIUcSK/hpnTsBwr1RiptAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz23wjGzeeuqPpjIUvZ/fBN4yzMIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4M2M1MTFlLTVmYjAtNDMwMC04NDNjLWMxOTlmMDA0MTU2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeoy4AwDQYJKoZIhvcNAQELBQADggEBAEOxSJNcO/SzcJHKLkufl1nzL1yJ
Cd0Mg1CBKJ4nKTs6jCjmp1APe3O5WeCT9495ZPfJZJ0rxucrqPZ0Nt1lZf6qVfYD
C8iX+fIsBvcfMe4fpG76ToFp0SnSmZWrTIzA8AoLFyLchJEfaruyhgXxY4HwrtU0
4A4ODim7sxF3bPKIXNuzu16AxeHjolRogm1pxl/55e8erlayuyvphdxHbEAdbElb
j0YZUe6JYyFp4G/+KhBSXKaX6YXfICeiU7KIP+GfkWlRSmPMOB+4GMadcYGn8uZv
9tWSt9oxJ93n9JM1AE3ykmtS6CqQiXX/A700FkS6XO7nZyt60Z4PloDJ99I=
-----END CERTIFICATE-----