Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85990add-2190-4b72-b762-5667ee04b800.roa
File:                     85990add-2190-4b72-b762-5667ee04b800.roa (raw, json)
Hash identifier:          QWcpaNrBGNEfCJ8B+0tt8q3/7+qsAd7OG/epFMaxpmE=
Subject key identifier:   26:30:B5:5F:FE:B0:3C:F3:0C:BD:8F:5A:21:F3:EB:A7:04:33:03:C8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1ABB69AE88889242CC41DFA2A9E3B14E0B432922
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85990add-2190-4b72-b762-5667ee04b800.roa
Signing time:             Mon 06 Oct 2025 15:22:36 +0000
ROA not before:           Mon 06 Oct 2025 15:22:36 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        13.130.8.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:bb:69:ae:88:88:92:42:cc:41:df:a2:a9:e3:b1:4e:0b:43:29:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:22:36 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=f9a5066d75b2c6abcda1115e0d03ab5defe167fd7f58af4b7bfeeeb5b39dfcbb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ab:29:69:13:85:ee:7a:80:b0:9c:24:5e:3f:
                    6f:21:59:5e:02:03:0d:e6:f0:20:c9:79:7c:59:db:
                    6d:e0:08:91:6d:7a:28:f2:e8:17:38:e9:b4:30:35:
                    e8:cd:c8:75:5a:d1:cf:51:3a:54:5e:2a:80:5e:3a:
                    80:00:c2:08:e8:c0:95:32:26:a6:77:a0:b2:91:ff:
                    04:cd:00:a8:6c:03:36:a4:b7:f2:de:43:81:c7:b6:
                    19:73:8b:f8:32:b3:94:33:40:8a:70:95:a5:a5:31:
                    e6:f2:19:8d:2e:ba:ef:fb:e2:c7:17:76:96:2a:38:
                    99:bb:e8:9c:f4:55:a5:4a:df:3d:b9:17:40:90:9e:
                    86:d8:f9:d3:7a:a3:bc:63:d2:79:ce:85:da:50:18:
                    1d:b1:05:33:c5:dc:26:68:96:fd:c2:13:77:21:41:
                    25:d1:e5:b7:7a:c8:33:ed:5f:0c:66:b7:d8:47:ee:
                    10:25:25:28:b1:32:df:b2:83:87:38:c4:78:87:b6:
                    1c:d6:33:7f:b8:6d:c5:d5:3d:4f:f7:d4:17:46:81:
                    e8:cf:3e:fc:b0:7e:61:aa:01:35:91:87:2a:6c:1e:
                    30:fa:77:46:96:d5:dc:c7:33:20:75:94:b3:84:c4:
                    99:0a:36:94:36:4a:c7:e1:2f:d2:6f:b9:46:c7:33:
                    b9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:30:B5:5F:FE:B0:3C:F3:0C:BD:8F:5A:21:F3:EB:A7:04:33:03:C8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85990add-2190-4b72-b762-5667ee04b800.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.130.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         84:89:36:17:50:91:55:ad:44:d4:29:c6:86:0f:bc:4b:bd:c5:
         a5:fd:cd:61:2b:c2:10:e9:46:ec:00:6e:bc:74:ad:b6:35:3e:
         57:37:58:fa:b5:fb:3e:9c:f9:a4:6c:24:13:25:d7:b5:63:51:
         f0:2c:0e:8e:e3:d6:7f:b5:78:da:7e:ff:51:8e:23:81:10:85:
         ef:8f:9d:b3:79:69:ae:23:d6:cd:1d:d9:c9:03:5c:3a:32:05:
         11:9d:36:06:89:59:17:53:59:2e:9a:a6:2b:98:a8:39:79:f3:
         96:8e:a8:51:2d:68:f1:d7:4c:cd:31:d2:e4:15:2d:c9:c8:13:
         b8:60:1e:cc:96:20:e2:b2:ba:b9:7a:a6:eb:40:b5:41:df:bb:
         77:cf:5d:16:94:1f:c9:85:bf:c3:ee:89:bf:7c:b2:92:c0:ce:
         50:ee:6a:a0:eb:25:e9:5f:f2:12:81:5d:84:64:62:58:6e:12:
         03:7e:37:c4:ef:67:3f:7a:30:9a:ea:ad:2b:2e:37:63:99:8d:
         1f:35:f2:df:20:63:3f:20:4d:6d:98:bb:05:d2:69:1e:72:54:
         bc:49:15:85:5a:f0:0b:93:dd:f5:f6:98:eb:12:bf:23:fc:44:
         9c:ae:94:f9:37:55:0a:fb:b2:e9:e6:e8:f2:52:70:10:0b:a0:
         50:d9:77:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGrtproiIkkLMQd+iqeOxTgtDKSIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTUyMjM2WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOWE1MDY2ZDc1YjJjNmFiY2RhMTExNWUwZDAzYWI1ZGVm
ZTE2N2ZkN2Y1OGFmNGI3YmZlZWViNWIzOWRmY2JiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8qylpE4XueoCwnCReP28hWV4CAw3m8CDJeXxZ223gCJFt
eijy6Bc46bQwNejNyHVa0c9ROlReKoBeOoAAwgjowJUyJqZ3oLKR/wTNAKhsAzak
t/LeQ4HHthlzi/gys5QzQIpwlaWlMebyGY0uuu/74scXdpYqOJm76Jz0VaVK3z25
F0CQnobY+dN6o7xj0nnOhdpQGB2xBTPF3CZolv3CE3chQSXR5bd6yDPtXwxmt9hH
7hAlJSixMt+yg4c4xHiHthzWM3+4bcXVPU/31BdGgejPPvywfmGqATWRhypsHjD6
d0aW1dzHMyB1lLOExJkKNpQ2SsfhL9JvuUbHM7nlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJjC1X/6wPPMMvY9aIfPrpwQzA8gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg1OTkwYWRkLTIxOTAtNGI3Mi1iNzYyLTU2NjdlZTA0YjgwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMNgggwDQYJKoZIhvcNAQELBQADggEBAISJNhdQkVWtRNQpxoYPvEu9xaX9
zWErwhDpRuwAbrx0rbY1Plc3WPq1+z6c+aRsJBMl17VjUfAsDo7j1n+1eNp+/1GO
I4EQhe+PnbN5aa4j1s0d2ckDXDoyBRGdNgaJWRdTWS6apiuYqDl585aOqFEtaPHX
TM0x0uQVLcnIE7hgHsyWIOKyurl6putAtUHfu3fPXRaUH8mFv8Puib98spLAzlDu
aqDrJelf8hKBXYRkYlhuEgN+N8TvZz96MJrqrSsuN2OZjR818t8gYz8gTW2YuwXS
aR5yVLxJFYVa8AuT3fX2mOsSvyP8RJyulPk3VQr7sunm6PJScBALoFDZd/8=
-----END CERTIFICATE-----