Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a645d1e4-bdce-433f-af8a-d1e1c1010b26.roa
File:                     a645d1e4-bdce-433f-af8a-d1e1c1010b26.roa (raw, json)
Hash identifier:          qk/1N1tCTveXr2CDHJk4uagkchKJXS9FUMkYcWuVlgs=
Subject key identifier:   33:38:A8:9C:1C:FC:70:8A:68:27:43:BB:C4:77:13:5D:D2:31:8C:09
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       352B84B6BC8D05F4AAD0220D10BB07D53D424F36
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a645d1e4-bdce-433f-af8a-d1e1c1010b26.roa
Signing time:             Sun 19 Oct 2025 01:31:50 +0000
ROA not before:           Sun 19 Oct 2025 01:31:50 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.157.21.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:2b:84:b6:bc:8d:05:f4:aa:d0:22:0d:10:bb:07:d5:3d:42:4f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 01:31:50 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=400bcd0e9470571dbb7f5a5b8969738898b2f1f6425464d16599ddacebc610a1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f9:5f:38:84:65:86:97:a5:91:28:e5:61:92:
                    3b:9b:ef:8d:e0:35:c3:b2:71:08:60:19:c4:55:ba:
                    a3:c8:5f:43:64:a8:4f:b6:11:e2:2c:90:1a:14:ca:
                    a0:53:ce:bb:2d:30:08:7b:a8:9a:5c:58:93:af:2e:
                    eb:fd:a7:4e:fd:64:7d:72:75:2f:f2:91:8f:eb:d4:
                    5d:ef:87:a0:a4:68:f1:54:46:0d:7c:e6:6a:c4:71:
                    f5:13:7c:8c:26:2e:0c:d1:bb:e5:53:cc:37:ed:6e:
                    6d:03:5a:0b:43:76:62:f6:86:6a:4e:51:e7:ea:35:
                    27:d8:23:01:d5:5e:9c:78:db:bb:1b:b6:28:90:dc:
                    e4:5f:43:e6:06:de:54:fa:3d:d9:b7:08:ba:19:55:
                    eb:a2:02:80:f6:f9:12:76:bb:a4:79:d0:80:5e:62:
                    3b:0c:f1:a4:1e:3d:d9:aa:ce:0a:f4:5f:25:b7:c6:
                    b5:6d:d9:0f:bc:39:4a:c0:6f:7e:40:c0:19:36:4b:
                    cf:72:01:c0:13:f8:e4:4c:ac:30:09:98:16:a3:b0:
                    d2:4f:f8:56:96:02:c3:85:cd:50:2c:a5:6b:e7:26:
                    33:ca:b2:cd:1a:45:a9:52:1b:e2:9e:07:dc:ad:38:
                    0f:7f:fc:1e:f1:75:b7:c1:83:93:e4:5e:2f:ab:6d:
                    04:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:38:A8:9C:1C:FC:70:8A:68:27:43:BB:C4:77:13:5D:D2:31:8C:09
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a645d1e4-bdce-433f-af8a-d1e1c1010b26.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.157.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:a7:2c:87:dd:1a:0a:30:40:a8:a8:c0:c1:e9:be:a8:52:55:
         32:37:cf:f2:71:0d:39:f2:7e:68:fe:19:34:9d:4f:29:bb:c4:
         83:b1:ea:8d:9e:98:25:ef:78:8b:14:b2:45:81:f8:88:9b:38:
         65:70:9f:87:c6:07:e8:c9:2e:8f:74:ca:9f:3e:47:98:13:c0:
         44:a8:43:0f:eb:60:f3:8c:cd:aa:af:47:d6:4d:ab:0c:2c:0d:
         5d:e6:21:79:bc:80:2e:5e:d1:af:d1:a8:1d:cb:28:80:51:af:
         f3:50:d8:2e:ee:f3:4a:3e:e9:d8:bc:8f:2a:53:31:cf:40:47:
         62:2d:11:ab:4c:17:4c:72:68:e4:1c:20:eb:d4:0d:8b:00:e3:
         ef:e4:e2:27:c4:96:b3:a9:46:22:5a:95:cf:81:9f:5a:6d:ee:
         a4:e0:f9:81:22:ae:9b:b9:cf:2e:94:15:19:20:d3:fa:ac:8c:
         35:a4:63:e3:37:c7:9f:2a:87:4e:7d:6d:05:2d:c8:4c:71:09:
         bf:c6:4f:4b:2c:5c:69:e2:77:5c:1c:bf:ff:9a:7a:d3:e8:79:
         dc:16:48:ea:7c:73:f6:0c:eb:71:5e:7c:20:da:0a:94:dc:58:
         db:6a:97:d6:b8:01:e5:8e:47:5a:1e:d3:80:4b:64:99:ef:ee:
         e5:28:d9:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNSuEtryNBfSq0CINELsH1T1CTzYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDEzMTUwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDBiY2QwZTk0NzA1NzFkYmI3ZjVhNWI4OTY5NzM4ODk4
YjJmMWY2NDI1NDY0ZDE2NTk5ZGRhY2ViYzYxMGExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw+V84hGWGl6WRKOVhkjub743gNcOycQhgGcRVuqPIX0Nk
qE+2EeIskBoUyqBTzrstMAh7qJpcWJOvLuv9p079ZH1ydS/ykY/r1F3vh6CkaPFU
Rg185mrEcfUTfIwmLgzRu+VTzDftbm0DWgtDdmL2hmpOUefqNSfYIwHVXpx427sb
tiiQ3ORfQ+YG3lT6Pdm3CLoZVeuiAoD2+RJ2u6R50IBeYjsM8aQePdmqzgr0XyW3
xrVt2Q+8OUrAb35AwBk2S89yAcAT+ORMrDAJmBajsNJP+FaWAsOFzVAspWvnJjPK
ss0aRalSG+KeB9ytOA9//B7xdbfBg5PkXi+rbQTbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMzionBz8cIpoJ0O7xHcTXdIxjAkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E2NDVkMWU0LWJkY2UtNDMzZi1hZjhhLWQxZTFjMTAxMGIyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADYnRUwDQYJKoZIhvcNAQELBQADggEBAHOnLIfdGgowQKiowMHpvqhSVTI3
z/JxDTnyfmj+GTSdTym7xIOx6o2emCXveIsUskWB+IibOGVwn4fGB+jJLo90yp8+
R5gTwESoQw/rYPOMzaqvR9ZNqwwsDV3mIXm8gC5e0a/RqB3LKIBRr/NQ2C7u80o+
6di8jypTMc9AR2ItEatMF0xyaOQcIOvUDYsA4+/k4ifElrOpRiJalc+Bn1pt7qTg
+YEirpu5zy6UFRkg0/qsjDWkY+M3x58qh059bQUtyExxCb/GT0ssXGnid1wcv/+a
etPoedwWSOp8c/YM63FefCDaCpTcWNtql9a4AeWOR1oe04BLZJnv7uUo2aQ=
-----END CERTIFICATE-----