Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a068b29a-2587-45c9-a0fb-b9a7111f2897.roa
File:                     a068b29a-2587-45c9-a0fb-b9a7111f2897.roa (raw, json)
Hash identifier:          0X0dU4dMgX/nujpc/87oHAGlaUDBIPPGTyGWsTc6JCU=
Subject key identifier:   38:2A:62:84:84:99:8C:93:44:82:2A:5D:BC:49:13:A8:1D:66:80:6C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CA75C959DF4D128C9AD2A2DFB1D0D201558A7A4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a068b29a-2587-45c9-a0fb-b9a7111f2897.roa
Signing time:             Mon 06 Oct 2025 16:42:24 +0000
ROA not before:           Mon 06 Oct 2025 16:42:24 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.18.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:a7:5c:95:9d:f4:d1:28:c9:ad:2a:2d:fb:1d:0d:20:15:58:a7:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:42:24 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=a9a24887b1901247bdf378b3ca96169eae6764b13a067b2d8b6a14ba9077499e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bd:50:61:b1:16:87:06:3f:6a:00:35:5d:75:
                    90:82:18:90:bd:5d:3f:15:5c:92:6d:e4:3a:a3:c0:
                    5e:f1:0a:10:3a:a2:5f:4e:1d:40:b2:ae:df:b3:88:
                    47:0a:d7:74:63:41:7b:8b:39:71:f9:02:24:b6:6b:
                    5d:77:6f:c8:73:c5:2d:e1:44:55:e0:2c:95:fc:e2:
                    9f:20:57:f1:9d:96:ef:05:c6:0a:84:a3:e2:e2:63:
                    fe:f7:5e:9c:d8:32:58:0a:b8:32:31:28:3c:69:2f:
                    ef:12:9d:e3:48:b9:24:e5:19:e5:90:29:7c:0d:c0:
                    87:ef:8d:a6:a2:e2:c2:96:dc:6a:c2:cf:52:14:e2:
                    d5:e3:e9:6c:58:18:4e:27:b8:1c:f0:1d:37:94:7d:
                    fc:3f:a2:0c:54:cc:09:66:ba:9a:02:ac:89:b1:5c:
                    c7:6c:e1:67:ba:ef:81:75:59:24:1c:c4:1b:97:50:
                    55:95:6e:44:85:8d:bf:34:b1:b2:67:83:62:5e:71:
                    04:a3:94:20:5d:f2:ab:ec:bf:4f:97:57:45:21:ca:
                    12:5c:ed:f0:da:1b:30:a7:02:08:be:41:62:01:54:
                    c6:e0:9f:fc:d0:07:c5:65:3d:f5:d1:0a:94:50:89:
                    99:b0:f0:70:70:bf:5d:da:e0:22:16:6d:bf:f0:a6:
                    dd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:2A:62:84:84:99:8C:93:44:82:2A:5D:BC:49:13:A8:1D:66:80:6C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a068b29a-2587-45c9-a0fb-b9a7111f2897.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.18.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ab:2f:02:d0:47:80:74:b6:dc:7a:a0:e3:20:a3:a9:7b:ce:33:
         1f:d7:d5:9a:50:4f:db:f2:a2:cc:6a:02:bd:b2:bc:57:66:e0:
         83:0d:89:39:ee:48:4e:bc:2e:5b:1b:25:77:f4:94:d6:42:55:
         1b:ed:f3:d3:82:bf:10:b4:d1:93:29:e6:3d:d2:8f:ea:9d:d9:
         0f:17:1d:e0:ac:b2:a9:56:2c:b0:ee:f8:03:1f:e5:40:2d:0c:
         35:ea:08:4b:66:17:a1:b1:a7:61:1f:7e:3c:6f:23:0d:47:dc:
         70:36:be:07:a0:90:4e:37:bb:4f:f8:51:0d:02:19:49:01:cf:
         5f:9c:e6:c4:96:0a:14:92:03:61:67:c6:e3:b8:fc:36:cc:ee:
         12:81:7a:53:19:6b:d0:8e:e5:64:cd:a2:d0:cd:8d:18:17:90:
         dd:d3:8a:dc:b1:68:9c:cb:ed:a9:92:e4:c7:91:35:57:1c:01:
         69:b5:2e:04:13:1d:49:ac:c8:79:46:1b:bb:b5:a4:5e:9c:e1:
         ba:63:fe:30:25:9b:7d:5a:3f:99:6c:fb:3a:3e:0d:e8:d8:f4:
         6b:2b:32:63:03:92:c8:5c:b1:ae:32:84:4b:b0:d0:3f:21:71:
         57:03:0e:58:86:0c:ba:f8:25:13:b3:27:db:7e:10:b9:72:54:
         b5:fe:3e:d9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXKdclZ300SjJrSot+x0NIBVYp6QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTY0MjI0WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWEyNDg4N2IxOTAxMjQ3YmRmMzc4YjNjYTk2MTY5ZWFl
Njc2NGIxM2EwNjdiMmQ4YjZhMTRiYTkwNzc0OTllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDvVBhsRaHBj9qADVddZCCGJC9XT8VXJJt5DqjwF7xChA6
ol9OHUCyrt+ziEcK13RjQXuLOXH5AiS2a113b8hzxS3hRFXgLJX84p8gV/Gdlu8F
xgqEo+LiY/73XpzYMlgKuDIxKDxpL+8SneNIuSTlGeWQKXwNwIfvjaai4sKW3GrC
z1IU4tXj6WxYGE4nuBzwHTeUffw/ogxUzAlmupoCrImxXMds4We674F1WSQcxBuX
UFWVbkSFjb80sbJng2JecQSjlCBd8qvsv0+XV0UhyhJc7fDaGzCnAgi+QWIBVMbg
n/zQB8VlPfXRCpRQiZmw8HBwv13a4CIWbb/wpt0LAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOCpihISZjJNEgipdvEkTqB1mgGwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EwNjhiMjlhLTI1ODctNDVjOS1hMGZiLWI5YTcxMTFmMjg5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAyEjANBgkqhkiG9w0BAQsFAAOCAQEAqy8C0EeAdLbceqDjIKOpe84zH9fV
mlBP2/KizGoCvbK8V2bggw2JOe5ITrwuWxsld/SU1kJVG+3z04K/ELTRkynmPdKP
6p3ZDxcd4KyyqVYssO74Ax/lQC0MNeoIS2YXobGnYR9+PG8jDUfccDa+B6CQTje7
T/hRDQIZSQHPX5zmxJYKFJIDYWfG47j8NszuEoF6Uxlr0I7lZM2i0M2NGBeQ3dOK
3LFonMvtqZLkx5E1VxwBabUuBBMdSazIeUYbu7WkXpzhumP+MCWbfVo/mWz7Oj4N
6Nj0aysyYwOSyFyxrjKES7DQPyFxVwMOWIYMuvglE7Mn234QuXJUtf4+2Q==
-----END CERTIFICATE-----