Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af943350-c8ff-4828-a680-4a06a7a5abf6.roa
File:                     af943350-c8ff-4828-a680-4a06a7a5abf6.roa (raw, json)
Hash identifier:          k5YyyqQ1Dx0jbWifOcTVS+FNuNrBqvLDh71bwW5ZtRw=
Subject key identifier:   11:0B:81:61:1E:18:B0:F7:07:6C:B6:B3:DD:9B:F2:B0:D9:A5:21:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3BDB773AA50CB3B9E8C6A94A8ACD69FFF214EC69
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af943350-c8ff-4828-a680-4a06a7a5abf6.roa
Signing time:             Fri 03 Oct 2025 00:11:11 +0000
ROA not before:           Fri 03 Oct 2025 00:11:11 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.97.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:db:77:3a:a5:0c:b3:b9:e8:c6:a9:4a:8a:cd:69:ff:f2:14:ec:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:11:11 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=f12558456efc387eb3aac918402a8ad43eb414451eea0ce0b50974ff74b4ef57, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7e:c6:63:72:0d:ee:e3:49:a2:43:64:36:96:
                    8c:0b:9a:47:98:46:66:a1:c8:b4:6f:22:e3:4c:c9:
                    70:ab:7f:67:7e:60:a8:53:92:63:75:fd:87:e6:4f:
                    d8:e4:db:4f:19:b4:d6:7f:84:25:50:52:90:77:c8:
                    6a:34:d5:4a:76:bd:72:cf:86:dd:89:b2:14:3e:0d:
                    b7:df:75:92:0a:b9:39:f3:91:a2:36:32:b8:44:18:
                    8b:20:15:61:2c:35:ec:20:58:e2:91:c6:23:86:7f:
                    a0:13:68:ee:4a:07:00:37:53:31:6b:04:18:72:8e:
                    85:67:c0:c1:ce:ac:6f:dc:4b:72:1f:f0:05:3b:65:
                    2f:db:2f:e2:32:20:be:34:be:b5:93:f2:77:22:a2:
                    17:6c:c1:40:c9:3a:3b:c3:9d:af:48:0a:5a:cf:a6:
                    57:99:e3:ba:11:8c:91:d6:05:c2:a2:ac:23:1b:31:
                    8a:a1:19:6c:d4:07:cd:d7:de:cb:44:58:4f:3c:69:
                    81:5c:78:d3:b5:29:2a:a0:9f:81:da:42:e5:68:25:
                    9f:3b:41:db:92:50:f8:22:b1:6b:cb:00:1f:2a:68:
                    d8:d0:e2:c6:2c:c7:20:c2:9d:7b:a3:2a:a0:71:1f:
                    2d:c3:a2:b6:32:c3:bc:02:ee:ed:6b:91:2b:1b:d2:
                    4a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:0B:81:61:1E:18:B0:F7:07:6C:B6:B3:DD:9B:F2:B0:D9:A5:21:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af943350-c8ff-4828-a680-4a06a7a5abf6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.97.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         1f:d8:7a:06:90:6c:f1:91:66:91:a7:df:23:80:8e:1f:a8:cc:
         50:99:f6:49:8e:ab:d8:66:a1:30:f1:80:ac:c8:89:cf:33:13:
         4d:f9:5d:be:41:94:14:75:f7:07:50:35:d5:d1:80:66:1a:7e:
         d7:12:43:89:ef:08:76:ba:21:c8:02:83:f8:bc:4b:ac:19:24:
         0e:29:b1:5b:4e:2d:b7:03:e7:1c:00:78:d0:1f:4c:66:a9:05:
         b8:c1:62:56:93:65:ed:a5:8d:10:95:e2:6b:d1:fc:c9:6e:36:
         78:27:6c:5b:d3:19:ab:c5:62:9a:cd:5a:e5:e2:7f:34:c5:dc:
         06:d7:ab:db:9c:e4:82:3e:70:4f:62:7b:90:01:ec:6b:6c:e8:
         08:1d:7b:40:98:6a:f0:69:bf:25:db:e2:55:c4:e5:e8:4f:ee:
         0e:9c:ef:b5:b4:14:1f:10:a3:34:be:3b:66:43:38:d4:8e:fb:
         5e:9a:f1:4b:76:ab:f3:cc:a7:72:28:45:65:d9:7b:64:af:41:
         8f:d3:78:6a:a4:01:11:13:fa:3f:64:8a:fc:d1:d3:72:c0:79:
         b1:ab:6f:15:01:0a:5b:81:ec:8d:5d:f8:90:55:2e:a6:e2:72:
         8a:c7:5c:36:b3:9e:2d:bd:5d:f0:45:52:e2:f1:2d:d7:e1:f2:
         d8:14:d3:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO9t3OqUMs7noxqlKis1p//IU7GkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAxMTExWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTI1NTg0NTZlZmMzODdlYjNhYWM5MTg0MDJhOGFkNDNl
YjQxNDQ1MWVlYTBjZTBiNTA5NzRmZjc0YjRlZjU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkfsZjcg3u40miQ2Q2lowLmkeYRmahyLRvIuNMyXCrf2d+
YKhTkmN1/YfmT9jk208ZtNZ/hCVQUpB3yGo01Up2vXLPht2JshQ+DbffdZIKuTnz
kaI2MrhEGIsgFWEsNewgWOKRxiOGf6ATaO5KBwA3UzFrBBhyjoVnwMHOrG/cS3If
8AU7ZS/bL+IyIL40vrWT8nciohdswUDJOjvDna9IClrPpleZ47oRjJHWBcKirCMb
MYqhGWzUB83X3stEWE88aYFceNO1KSqgn4HaQuVoJZ87QduSUPgisWvLAB8qaNjQ
4sYsxyDCnXujKqBxHy3DorYyw7wC7u1rkSsb0kqHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEQuBYR4YsPcHbLaz3ZvysNmlIU8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmOTQzMzUwLWM4ZmYtNDgyOC1hNjgwLTRhMDZhN2E1YWJmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfYYQAwDQYJKoZIhvcNAQELBQADggEBAB/YegaQbPGRZpGn3yOAjh+ozFCZ
9kmOq9hmoTDxgKzIic8zE035Xb5BlBR19wdQNdXRgGYaftcSQ4nvCHa6IcgCg/i8
S6wZJA4psVtOLbcD5xwAeNAfTGapBbjBYlaTZe2ljRCV4mvR/MluNngnbFvTGavF
YprNWuXifzTF3AbXq9uc5II+cE9ie5AB7Gts6Agde0CYavBpvyXb4lXE5ehP7g6c
77W0FB8QozS+O2ZDONSO+16a8Ut2q/PMp3IoRWXZe2SvQY/TeGqkARET+j9kivzR
03LAebGrbxUBCluB7I1d+JBVLqbicorHXDazni29XfBFUuLxLdfh8tgU06Q=
-----END CERTIFICATE-----