Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1b466a2-817b-4958-ab89-444b143015d3.roa
File:                     c1b466a2-817b-4958-ab89-444b143015d3.roa (raw, json)
Hash identifier:          qFRUHN0jHpEMG3aOfy/YPw7rb9kMVGOYsqbmD5K9fIc=
Subject key identifier:   47:1A:8E:EA:67:8B:CD:D0:3A:C0:84:3B:0B:55:95:1A:4E:C8:BA:C0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FB732256FEF821BF6AD37125416ACD159EB6213
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1b466a2-817b-4958-ab89-444b143015d3.roa
Signing time:             Mon 06 Oct 2025 16:41:14 +0000
ROA not before:           Mon 06 Oct 2025 16:41:14 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.17.128.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:b7:32:25:6f:ef:82:1b:f6:ad:37:12:54:16:ac:d1:59:eb:62:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:41:14 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=e570bf7de414823eee0f0b9c28d42ba2252ab54c25121a2257482ba9c1b24de4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c8:35:2a:70:3e:22:91:0f:db:19:d5:23:fd:
                    e6:34:5c:3a:48:56:df:84:4c:2d:84:7b:4f:f3:97:
                    17:4f:84:74:61:8f:31:b0:6a:c6:04:d0:ac:de:c6:
                    13:57:84:8e:f3:7b:51:67:b4:d3:11:a2:1b:be:97:
                    27:a6:f1:12:91:21:49:f1:1a:76:01:5f:db:01:f6:
                    1f:1a:11:31:2a:33:49:a4:df:8a:77:46:31:c5:63:
                    f9:ad:69:cf:da:ec:35:2b:a9:28:28:1b:7a:7a:bc:
                    6c:4f:3e:21:a7:ad:b5:32:9e:6f:49:43:bb:38:be:
                    1b:40:1b:bd:96:c6:b5:6a:91:4c:de:22:8c:3b:20:
                    07:fe:65:b3:63:f9:b5:18:da:b4:a5:3a:14:a1:b7:
                    b9:f8:1b:06:fe:0e:9c:ef:1c:84:25:53:c4:d1:ca:
                    40:87:02:d2:23:93:38:aa:fc:13:01:ab:35:69:3b:
                    08:13:5c:0c:27:77:b4:a7:57:ff:7d:e3:9f:1c:38:
                    14:b9:e7:23:2c:5d:aa:e8:90:bb:c9:3d:ca:4c:54:
                    f6:d4:b6:cd:b6:4e:79:26:46:ba:c9:b9:fa:2c:a4:
                    77:c1:c3:ec:40:ff:fc:58:b4:74:31:f4:11:df:01:
                    09:f0:d7:ca:0b:c7:34:87:0c:4a:7b:fc:fa:e5:85:
                    3d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:1A:8E:EA:67:8B:CD:D0:3A:C0:84:3B:0B:55:95:1A:4E:C8:BA:C0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1b466a2-817b-4958-ab89-444b143015d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.17.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         07:6d:cb:8e:58:83:9a:d7:87:a5:6a:da:9b:01:c8:59:47:d0:
         57:44:d6:20:fe:13:82:b2:35:48:94:ae:0c:eb:d8:14:98:ef:
         d8:61:1a:de:b6:ab:1d:a5:e8:d0:f9:43:d8:53:7f:31:ad:75:
         f5:e5:eb:f0:56:c4:68:e0:ec:19:c9:64:21:85:27:70:ca:94:
         10:f9:ca:cc:5d:1d:9d:f2:82:29:ec:08:81:e1:cf:63:0c:ae:
         64:9d:5b:77:5e:e6:3a:97:b8:54:c3:7a:2b:1a:24:24:92:77:
         a4:df:b5:f4:2d:53:bc:09:ad:59:40:16:59:f5:f2:75:37:c3:
         18:e0:df:82:6a:3d:a1:fb:8f:a7:7c:c5:e1:aa:66:a1:a5:37:
         c7:2f:a6:d6:88:0e:74:a9:23:c9:bd:ed:e0:b2:9f:7e:9d:b8:
         da:2d:4a:5c:53:64:18:ff:46:0b:52:b1:f1:61:77:ed:76:fc:
         a2:34:a0:79:95:32:b9:19:01:39:10:2e:85:50:45:c1:4c:9f:
         a1:a8:68:bf:03:5c:0f:21:30:33:f4:8c:42:e1:50:ff:4c:26:
         73:ba:e7:77:30:e4:79:d5:0a:af:74:3f:c5:b6:64:4c:de:f8:
         5a:32:11:ee:1e:28:47:1c:df:96:a5:2a:2b:95:65:ee:77:2a:
         8d:f6:b3:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL7cyJW/vghv2rTcSVBas0VnrYhMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTY0MTE0WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTcwYmY3ZGU0MTQ4MjNlZWUwZjBiOWMyOGQ0MmJhMjI1
MmFiNTRjMjUxMjFhMjI1NzQ4MmJhOWMxYjI0ZGU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2yDUqcD4ikQ/bGdUj/eY0XDpIVt+ETC2Ee0/zlxdPhHRh
jzGwasYE0KzexhNXhI7ze1FntNMRohu+lyem8RKRIUnxGnYBX9sB9h8aETEqM0mk
34p3RjHFY/mtac/a7DUrqSgoG3p6vGxPPiGnrbUynm9JQ7s4vhtAG72WxrVqkUze
Iow7IAf+ZbNj+bUY2rSlOhSht7n4Gwb+DpzvHIQlU8TRykCHAtIjkziq/BMBqzVp
OwgTXAwnd7SnV/99458cOBS55yMsXarokLvJPcpMVPbUts22TnkmRrrJufospHfB
w+xA//xYtHQx9BHfAQnw18oLxzSHDEp7/PrlhT3FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURxqO6meLzdA6wIQ7C1WVGk7IusAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MxYjQ2NmEyLTgxN2ItNDk1OC1hYjg5LTQ0NGIxNDMwMTVkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUyEYAwDQYJKoZIhvcNAQELBQADggEBAAdty45Yg5rXh6Vq2psByFlH0FdE
1iD+E4KyNUiUrgzr2BSY79hhGt62qx2l6ND5Q9hTfzGtdfXl6/BWxGjg7BnJZCGF
J3DKlBD5ysxdHZ3yginsCIHhz2MMrmSdW3de5jqXuFTDeisaJCSSd6TftfQtU7wJ
rVlAFln18nU3wxjg34JqPaH7j6d8xeGqZqGlN8cvptaIDnSpI8m97eCyn36duNot
SlxTZBj/RgtSsfFhd+12/KI0oHmVMrkZATkQLoVQRcFMn6GoaL8DXA8hMDP0jELh
UP9MJnO653cw5HnVCq90P8W2ZEze+FoyEe4eKEcc35alKiuVZe53Ko32s6I=
-----END CERTIFICATE-----