Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81e65b55-e793-4e3c-b747-4e9f7fe5cb15.roa
File:                     81e65b55-e793-4e3c-b747-4e9f7fe5cb15.roa (raw, json)
Hash identifier:          EcamIiSag9/TujxH9ntYCHUicY2amGsvQxdx8ZhOwig=
Subject key identifier:   46:80:11:81:29:40:A5:BB:81:CD:E0:93:81:BA:C0:62:7C:BC:7C:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       435F8CAC1DF14B37B738BC7BF4B99596C8F45D1C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81e65b55-e793-4e3c-b747-4e9f7fe5cb15.roa
Signing time:             Mon 29 Sep 2025 15:02:02 +0000
ROA not before:           Mon 29 Sep 2025 15:02:02 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        129.224.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:5f:8c:ac:1d:f1:4b:37:b7:38:bc:7b:f4:b9:95:96:c8:f4:5d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 29 15:02:02 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=ec10963f8b2632e2cafe95ca806a79c2321d1b5892459c37e0ff65b983b9a2e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:db:48:9e:7a:84:8e:ca:c7:51:d8:e9:ee:1c:
                    4b:b6:20:32:7d:df:c7:61:13:ec:f7:b5:ff:ad:d2:
                    79:fb:d2:0b:68:09:47:26:1d:d6:04:98:05:14:96:
                    49:f7:e0:b4:49:6d:b2:dd:f3:48:c1:a3:17:32:9b:
                    f0:95:89:76:3d:3e:c8:61:93:ba:08:cf:4e:47:19:
                    dc:b5:ba:34:7f:8a:59:36:52:2d:9f:18:4d:41:40:
                    7d:00:f9:4d:b0:a7:4f:dd:18:3a:09:bd:b8:6c:d5:
                    2f:86:c9:d3:12:f5:ab:2c:16:ba:33:0f:f9:7a:34:
                    58:59:c0:7a:5e:0e:90:3c:e2:7e:e5:98:05:42:9c:
                    be:93:d5:9c:73:43:af:95:94:88:26:91:85:39:36:
                    77:0a:73:2b:d9:66:66:59:d7:2f:4e:9d:06:e9:38:
                    b4:a3:15:28:49:95:cb:da:11:b3:ae:f4:53:c5:6e:
                    c0:78:46:5e:b4:a1:95:90:59:6f:bf:8f:e6:4b:59:
                    11:03:42:09:db:48:44:14:8a:57:df:3e:6c:03:62:
                    f0:a9:46:cc:34:27:7a:8d:29:77:f4:6a:d9:cf:2c:
                    80:37:7d:39:bf:5a:07:95:ef:f1:81:35:da:4b:74:
                    98:d9:50:18:1c:79:45:d4:6a:94:99:bb:c8:8d:1f:
                    a9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:80:11:81:29:40:A5:BB:81:CD:E0:93:81:BA:C0:62:7C:BC:7C:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81e65b55-e793-4e3c-b747-4e9f7fe5cb15.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.224.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         56:49:0f:ac:b3:bc:bc:f4:00:7e:64:36:b9:e8:3c:39:76:a9:
         84:d4:5a:5e:bc:cb:be:3c:43:1d:6e:7c:a2:9a:7e:02:d7:52:
         d5:31:e0:82:87:f5:0f:9e:7a:e7:bf:0c:d8:18:78:31:11:59:
         07:30:1b:b0:b5:13:30:3a:f2:e7:8b:70:30:ce:74:7f:87:ac:
         dd:8f:f9:bd:bc:8b:87:ab:7f:ea:f0:fb:d8:ef:82:8b:2b:67:
         44:34:75:b3:df:c5:bb:2e:f4:68:90:00:c1:92:b3:e9:d3:48:
         ed:49:7f:02:44:df:2a:6a:fc:2d:56:5c:88:ce:c5:d4:c9:5e:
         f0:10:50:89:b5:cb:be:f0:4b:bd:fe:19:f3:e4:b0:e6:fc:ae:
         27:9b:3c:cb:c2:18:92:ff:2e:0d:83:c0:63:5c:a3:a5:c7:de:
         53:46:f7:ef:40:1c:e1:00:3f:8a:9e:52:94:c7:af:6e:8e:73:
         5d:9e:8d:90:7f:6a:6c:ee:02:6a:70:c1:48:1d:35:cb:a6:b3:
         bc:11:b1:79:d6:91:c8:66:c4:37:d3:86:f0:84:fc:df:f7:76:
         a3:ba:a7:4c:0e:a9:ac:f8:e3:53:b2:f4:c4:c8:e1:12:c9:cc:
         2b:57:87:7c:5b:ee:49:91:95:e8:a4:82:fa:f0:f2:a6:81:0e:
         96:fc:92:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ1+MrB3xSze3OLx79LmVlsj0XRwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI5MTUwMjAyWhcNMjUxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzEwOTYzZjhiMjYzMmUyY2FmZTk1Y2E4MDZhNzljMjMy
MWQxYjU4OTI0NTljMzdlMGZmNjViOTgzYjlhMmUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj20ieeoSOysdR2OnuHEu2IDJ938dhE+z3tf+t0nn70gto
CUcmHdYEmAUUlkn34LRJbbLd80jBoxcym/CViXY9Pshhk7oIz05HGdy1ujR/ilk2
Ui2fGE1BQH0A+U2wp0/dGDoJvbhs1S+GydMS9assFrozD/l6NFhZwHpeDpA84n7l
mAVCnL6T1ZxzQ6+VlIgmkYU5NncKcyvZZmZZ1y9OnQbpOLSjFShJlcvaEbOu9FPF
bsB4Rl60oZWQWW+/j+ZLWREDQgnbSEQUilffPmwDYvCpRsw0J3qNKXf0atnPLIA3
fTm/WgeV7/GBNdpLdJjZUBgceUXUapSZu8iNH6npAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURoARgSlApbuBzeCTgbrAYny8fB4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgxZTY1YjU1LWU3OTMtNGUzYy1iNzQ3LTRlOWY3ZmU1Y2IxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeB4AAwDQYJKoZIhvcNAQELBQADggEBAFZJD6yzvLz0AH5kNrnoPDl2qYTU
Wl68y748Qx1ufKKafgLXUtUx4IKH9Q+eeue/DNgYeDERWQcwG7C1EzA68ueLcDDO
dH+HrN2P+b28i4erf+rw+9jvgosrZ0Q0dbPfxbsu9GiQAMGSs+nTSO1JfwJE3ypq
/C1WXIjOxdTJXvAQUIm1y77wS73+GfPksOb8riebPMvCGJL/Lg2DwGNco6XH3lNG
9+9AHOEAP4qeUpTHr26Oc12ejZB/amzuAmpwwUgdNcums7wRsXnWkchmxDfThvCE
/N/3dqO6p0wOqaz441Oy9MTI4RLJzCtXh3xb7kmRleikgvrw8qaBDpb8khs=
-----END CERTIFICATE-----