Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/985b59c8-a923-4d73-afff-2650138ef0c2.roa
File:                     985b59c8-a923-4d73-afff-2650138ef0c2.roa (raw, json)
Hash identifier:          I7wWqzoYv++9or/6IN6XgPAfFCXAhqKWpcsnyfEOfgk=
Subject key identifier:   47:A9:C1:1D:FE:00:2F:0C:8C:42:CF:F3:7C:21:CB:A4:95:E4:CA:4D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       31F6044EF98ED205BD1A687F8D30F986399A5CED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/985b59c8-a923-4d73-afff-2650138ef0c2.roa
Signing time:             Tue 07 Oct 2025 00:12:32 +0000
ROA not before:           Tue 07 Oct 2025 00:12:32 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.216.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:f6:04:4e:f9:8e:d2:05:bd:1a:68:7f:8d:30:f9:86:39:9a:5c:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:12:32 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=c1ee1936643cacb08cdf1df7ad89eeaca73bf727254c774b8941a78ce264715f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8e:30:d4:56:29:73:fe:9b:6d:07:ca:5b:43:
                    dc:79:39:9a:63:e2:82:dd:83:02:cf:10:e3:1e:ad:
                    51:15:f8:a5:ad:6c:33:50:58:ea:38:aa:a9:e8:d7:
                    4f:0b:3b:7b:cd:e5:2b:ae:20:31:ba:a9:82:fb:18:
                    24:53:c2:be:84:c6:b2:9c:fe:2d:0d:be:ce:f8:22:
                    65:bc:00:ec:18:1a:28:db:c1:65:51:08:a0:a0:56:
                    c1:fc:34:bd:c4:dc:1e:16:ca:f8:c0:28:27:6b:00:
                    8d:f7:27:07:e8:06:0b:cf:0b:51:28:e2:64:3b:b1:
                    71:82:76:53:f1:9e:73:71:af:0e:7e:68:35:18:a6:
                    c5:be:45:09:12:45:4f:88:14:4d:68:ec:8f:4d:8f:
                    8f:b9:34:23:68:74:28:ab:4a:7d:6d:48:d4:b0:fc:
                    d8:c1:0b:c0:04:df:1d:2b:c6:80:8c:bf:16:21:10:
                    84:e8:be:93:47:05:97:46:a3:de:47:08:7d:bd:9f:
                    64:38:a0:c5:76:8b:06:b2:1e:7e:1b:bc:d4:4e:3c:
                    07:6e:30:1e:2c:0b:cf:54:39:80:23:52:fd:d6:f2:
                    39:ee:a8:60:82:39:d6:5c:32:b9:54:e3:6b:74:ec:
                    78:a6:86:74:a2:85:49:4a:fd:d0:b3:74:50:aa:e7:
                    a8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:A9:C1:1D:FE:00:2F:0C:8C:42:CF:F3:7C:21:CB:A4:95:E4:CA:4D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/985b59c8-a923-4d73-afff-2650138ef0c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.216.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         68:27:3b:f4:af:23:41:65:d2:a9:36:80:31:93:a9:27:22:b6:
         c4:53:f3:25:f2:ab:c7:c8:ce:48:c4:55:36:dd:97:d5:40:4e:
         bf:ca:d3:10:f9:ee:e6:97:c6:ea:e4:b6:57:52:f9:2b:f0:2a:
         d4:96:a2:a6:c4:ec:68:d5:a1:d7:cb:7e:6a:87:2a:42:68:89:
         07:35:50:d7:d2:ed:c1:1e:80:77:d5:8e:4f:fa:7b:3d:e2:f2:
         dc:f0:7e:78:40:91:f6:2c:39:ef:23:2a:a3:cf:2c:10:75:fd:
         07:66:1a:ba:1c:67:8d:c9:16:91:a8:1e:11:07:94:51:70:33:
         d0:45:08:83:17:e2:dc:4d:48:20:90:15:ed:61:66:d6:a3:45:
         ca:e7:69:9c:b6:51:f2:8c:f7:42:2d:2a:e9:e2:b0:63:a4:a8:
         5d:34:be:b2:1e:64:e8:31:fc:91:31:a8:fe:ef:5c:82:b0:70:
         44:f6:f8:fc:7a:74:aa:26:d1:42:5e:da:ad:92:af:bf:18:3d:
         69:0c:51:d5:ff:1e:4d:fd:c3:f5:f1:a2:04:fe:da:0b:0b:26:
         e1:51:cd:28:bf:0e:ca:26:91:7e:80:76:e3:2d:65:d3:3c:d4:
         c9:d1:3c:db:7e:cf:3f:10:e5:db:95:3c:82:b4:b8:36:28:21:
         69:97:f9:3c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMfYETvmO0gW9Gmh/jTD5hjmaXO0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDAxMjMyWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMWVlMTkzNjY0M2NhY2IwOGNkZjFkZjdhZDg5ZWVhY2E3
M2JmNzI3MjU0Yzc3NGI4OTQxYTc4Y2UyNjQ3MTVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9jjDUVilz/pttB8pbQ9x5OZpj4oLdgwLPEOMerVEV+KWt
bDNQWOo4qqno108LO3vN5SuuIDG6qYL7GCRTwr6ExrKc/i0Nvs74ImW8AOwYGijb
wWVRCKCgVsH8NL3E3B4WyvjAKCdrAI33JwfoBgvPC1Eo4mQ7sXGCdlPxnnNxrw5+
aDUYpsW+RQkSRU+IFE1o7I9Nj4+5NCNodCirSn1tSNSw/NjBC8AE3x0rxoCMvxYh
EITovpNHBZdGo95HCH29n2Q4oMV2iwayHn4bvNROPAduMB4sC89UOYAjUv3W8jnu
qGCCOdZcMrlU42t07HimhnSihUlK/dCzdFCq56jPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUR6nBHf4ALwyMQs/zfCHLpJXkyk0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4NWI1OWM4LWE5MjMtNGQ3My1hZmZmLTI2NTAxMzhlZjBjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFo2DANBgkqhkiG9w0BAQsFAAOCAQEAaCc79K8jQWXSqTaAMZOpJyK2xFPz
JfKrx8jOSMRVNt2X1UBOv8rTEPnu5pfG6uS2V1L5K/Aq1JaipsTsaNWh18t+aocq
QmiJBzVQ19LtwR6Ad9WOT/p7PeLy3PB+eECR9iw57yMqo88sEHX9B2YauhxnjckW
kageEQeUUXAz0EUIgxfi3E1IIJAV7WFm1qNFyudpnLZR8oz3Qi0q6eKwY6SoXTS+
sh5k6DH8kTGo/u9cgrBwRPb4/Hp0qibRQl7arZKvvxg9aQxR1f8eTf3D9fGiBP7a
Cwsm4VHNKL8OyiaRfoB24y1l0zzUydE8237PPxDl25U8grS4NighaZf5PA==
-----END CERTIFICATE-----