Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba71b3f3-cdf6-4786-89eb-629b258ad834.roa
File:                     ba71b3f3-cdf6-4786-89eb-629b258ad834.roa (raw, json)
Hash identifier:          lvPG99yzGdbu1ouKrrKE4impXks3aB4KrOe/n8oMogc=
Subject key identifier:   16:CD:C7:31:B4:25:8B:40:1B:A4:B3:49:3C:15:20:93:43:86:67:B8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2DFAA1EDA27472F96DF57B4C50FF00432F1AAE4C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba71b3f3-cdf6-4786-89eb-629b258ad834.roa
Signing time:             Wed 01 Oct 2025 00:02:22 +0000
ROA not before:           Wed 01 Oct 2025 00:02:22 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        141.242.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:fa:a1:ed:a2:74:72:f9:6d:f5:7b:4c:50:ff:00:43:2f:1a:ae:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:02:22 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=855ddbd7d0d4f8b51c66199d65c5ccc4275965d1d501f1fe43bb9f89254a4823, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:28:a1:a2:06:d6:a7:ef:27:0c:63:22:a9:
                    3f:a1:b1:4e:37:19:c9:2e:90:c0:47:b5:88:4b:83:
                    70:50:b3:56:92:6e:58:9b:81:cb:68:47:6d:c3:92:
                    80:8d:70:df:e4:f3:fd:6c:06:d3:a8:80:e4:79:be:
                    3a:d6:ea:d0:27:87:7c:5f:1d:7a:f2:e9:8e:63:4f:
                    4f:13:64:a4:95:21:de:d4:06:92:dc:29:0d:05:04:
                    99:a0:4f:1d:96:ca:fd:07:eb:00:c3:85:8d:60:61:
                    48:c7:c5:ba:fb:ca:88:c2:84:a9:1f:21:0c:58:8e:
                    af:f0:b8:33:b7:1c:8d:8e:12:12:93:54:9f:fe:7e:
                    19:f3:0f:ad:fe:98:b6:e1:79:11:f0:f9:98:c6:cb:
                    66:3e:85:19:69:cc:14:12:eb:68:c2:1e:3f:02:cd:
                    91:4c:2d:b9:9d:d2:57:cd:86:c4:8f:e1:19:b5:60:
                    b0:a7:70:3f:bc:07:0e:ee:51:5c:da:de:70:56:c5:
                    66:8b:89:4d:55:0a:08:c5:ce:b9:cb:d8:04:7b:09:
                    ec:33:e1:13:a6:84:e9:d6:32:7c:3c:02:9f:d3:07:
                    e2:07:f0:74:33:19:84:55:7c:d5:35:6b:33:f8:08:
                    1a:66:98:4d:c2:25:14:c0:b5:6d:37:74:eb:5c:9a:
                    65:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:CD:C7:31:B4:25:8B:40:1B:A4:B3:49:3C:15:20:93:43:86:67:B8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba71b3f3-cdf6-4786-89eb-629b258ad834.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.242.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c1:27:6a:8e:eb:d7:6e:04:7e:87:0b:ad:79:00:8f:4d:f5:a3:
         1a:af:d4:db:31:fc:f7:a3:75:05:d9:b4:62:d4:30:0e:6b:84:
         24:01:9a:6a:39:26:5a:e4:30:e6:56:f1:80:a0:e5:86:53:57:
         9f:21:62:c7:df:29:7f:a6:12:be:ef:88:5c:90:db:1b:ef:7b:
         8a:08:aa:a0:a2:f2:00:31:d6:16:4b:18:f6:a2:85:08:94:bc:
         35:bc:00:5c:66:8e:fe:5c:53:15:66:83:66:5e:62:aa:89:1c:
         e1:fc:b7:6c:92:f7:18:26:f9:8b:d9:e2:d2:ce:c6:f9:04:a6:
         cc:56:d5:6a:69:44:7b:f3:e7:e3:7b:3d:b7:55:b7:79:66:15:
         9a:7e:38:0d:76:47:68:90:fe:c0:b3:0a:f2:09:c8:98:df:64:
         44:8f:c6:21:80:73:71:91:bd:4b:69:40:58:c9:5e:ad:06:ba:
         b9:f5:90:ec:cb:b6:95:70:7f:3e:84:58:04:fa:d2:b1:fb:f0:
         af:9f:25:70:bf:77:b9:f6:4c:29:0d:87:70:fe:2e:3f:0a:37:
         a8:75:f3:3f:ae:05:f3:ab:e0:4d:fb:39:7a:1b:fa:88:2f:ae:
         88:a3:ff:e2:e9:ed:33:f9:83:5c:41:76:53:4d:d1:05:6c:c6:
         e5:28:49:f5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULfqh7aJ0cvlt9XtMUP8AQy8arkwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMjIyWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTVkZGJkN2QwZDRmOGI1MWM2NjE5OWQ2NWM1Y2NjNDI3
NTk2NWQxZDUwMWYxZmU0M2JiOWY4OTI1NGE0ODIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5EyihogbWp+8nDGMiqT+hsU43GckukMBHtYhLg3BQs1aS
blibgctoR23DkoCNcN/k8/1sBtOogOR5vjrW6tAnh3xfHXry6Y5jT08TZKSVId7U
BpLcKQ0FBJmgTx2Wyv0H6wDDhY1gYUjHxbr7yojChKkfIQxYjq/wuDO3HI2OEhKT
VJ/+fhnzD63+mLbheRHw+ZjGy2Y+hRlpzBQS62jCHj8CzZFMLbmd0lfNhsSP4Rm1
YLCncD+8Bw7uUVza3nBWxWaLiU1VCgjFzrnL2AR7Cewz4ROmhOnWMnw8Ap/TB+IH
8HQzGYRVfNU1azP4CBpmmE3CJRTAtW03dOtcmmXfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFs3HMbQli0AbpLNJPBUgk0OGZ7gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhNzFiM2YzLWNkZjYtNDc4Ni04OWViLTYyOWIyNThhZDgzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCN8jANBgkqhkiG9w0BAQsFAAOCAQEAwSdqjuvXbgR+hwuteQCPTfWjGq/U
2zH896N1Bdm0YtQwDmuEJAGaajkmWuQw5lbxgKDlhlNXnyFix98pf6YSvu+IXJDb
G+97igiqoKLyADHWFksY9qKFCJS8NbwAXGaO/lxTFWaDZl5iqokc4fy3bJL3GCb5
i9ni0s7G+QSmzFbVamlEe/Pn43s9t1W3eWYVmn44DXZHaJD+wLMK8gnImN9kRI/G
IYBzcZG9S2lAWMlerQa6ufWQ7Mu2lXB/PoRYBPrSsfvwr58lcL93ufZMKQ2HcP4u
Pwo3qHXzP64F86vgTfs5ehv6iC+uiKP/4untM/mDXEF2U03RBWzG5ShJ9Q==
-----END CERTIFICATE-----