Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db463fe4-9f42-45f1-9854-14a5c2057405.roa
File:                     db463fe4-9f42-45f1-9854-14a5c2057405.roa (raw, json)
Hash identifier:          PBwLCzvgXS/IoeOtAcsMpWCAQaRvjK4s05dl+eppgG0=
Subject key identifier:   06:68:D6:32:80:D9:45:B1:13:C0:30:4E:62:DE:CE:EF:5A:8F:66:80
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3D9F583029DC5144D643E3705AF4E18013724C0D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db463fe4-9f42-45f1-9854-14a5c2057405.roa
Signing time:             Fri 26 Sep 2025 00:12:18 +0000
ROA not before:           Fri 26 Sep 2025 00:12:18 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        146.167.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:9f:58:30:29:dc:51:44:d6:43:e3:70:5a:f4:e1:80:13:72:4c:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:12:18 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=082d10f6f4bbd04a3b1432ce5ade4df395c86ff68b88c3bf9fdddf8845d8e10d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e9:65:fd:3c:f5:f9:cb:5f:06:40:94:f8:0c:
                    58:34:16:dc:72:9a:0a:2d:30:a5:3e:16:1e:70:41:
                    e9:8d:45:15:8c:97:50:25:97:6f:58:ff:cc:dc:45:
                    25:69:7d:e4:bc:da:9b:c7:37:9b:50:c3:e5:de:0a:
                    ea:eb:85:b5:1b:92:43:2f:bb:7b:f4:67:b2:8d:2a:
                    5c:2e:d0:e3:2a:8d:5e:bb:8a:fa:62:d0:aa:2f:70:
                    3b:33:99:49:a5:66:40:cd:c1:64:f5:a9:9c:f7:8b:
                    54:a2:b1:f9:19:b1:e2:10:98:f0:1d:aa:35:f9:47:
                    52:79:92:17:07:10:6d:ee:5e:6f:3d:dc:f4:33:4e:
                    b5:37:7a:45:23:36:31:a1:41:e5:f5:10:c3:77:87:
                    7d:a8:19:b0:63:8d:2a:48:5c:56:51:7d:8a:23:c6:
                    e9:7b:2d:c1:2c:a2:80:69:10:76:af:46:7c:02:c2:
                    79:6c:c2:2a:69:d5:54:cb:8c:8e:95:3f:95:31:62:
                    05:57:f2:a7:18:27:60:c9:66:c8:09:6c:cb:f5:65:
                    45:9a:47:69:e1:09:a8:c2:72:c4:ae:6a:08:ff:20:
                    df:12:1d:16:f9:77:59:82:6c:15:1f:c7:e0:83:9b:
                    40:52:a0:ca:3d:71:f5:bd:61:38:38:51:2f:aa:63:
                    01:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:68:D6:32:80:D9:45:B1:13:C0:30:4E:62:DE:CE:EF:5A:8F:66:80
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db463fe4-9f42-45f1-9854-14a5c2057405.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.167.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5f:0c:b9:49:a2:82:dc:ed:13:19:a7:27:7e:56:ec:6a:4a:ef:
         88:11:d0:b4:82:f7:f2:9c:7a:8f:c8:df:97:88:04:8a:4a:6f:
         9e:bf:7a:ed:0e:06:0c:b7:e9:76:c7:c7:3c:fe:6c:8c:4d:32:
         df:7e:42:11:7a:a4:4e:4c:83:cb:1a:5f:35:a9:c6:49:d4:78:
         0f:3a:51:78:13:ac:8a:01:7e:0f:b8:9d:b2:1e:8e:35:51:ca:
         41:36:36:cb:3f:8e:3d:53:6b:c4:ec:8f:e0:83:9a:dc:8a:19:
         5b:a5:e1:ae:ef:cb:d9:23:03:d8:df:7e:a7:03:0b:1e:7c:f4:
         b1:d5:91:5d:9e:35:98:b2:96:62:84:c7:2d:3d:6b:a0:af:4f:
         32:da:4f:42:45:9d:d6:a3:60:ed:d4:f4:f3:af:c6:49:b9:4a:
         55:a6:6e:59:65:bd:e6:45:15:80:1a:21:e7:0d:00:3c:2c:24:
         11:ba:ab:8a:c6:b6:e0:83:8b:b9:2e:ea:83:f7:c3:31:de:89:
         38:8d:98:0d:a4:25:6d:31:e2:29:11:e6:a6:bc:e1:46:ef:c7:
         10:cc:53:df:7a:93:af:98:4c:d6:e9:14:d9:7b:1d:fc:e0:d9:
         69:4b:05:b9:f1:85:a2:a9:b8:7a:f6:e8:08:af:39:3e:bf:d6:
         95:37:5d:00
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPZ9YMCncUUTWQ+NwWvThgBNyTA0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAxMjE4WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwODJkMTBmNmY0YmJkMDRhM2IxNDMyY2U1YWRlNGRmMzk1
Yzg2ZmY2OGI4OGMzYmY5ZmRkZGY4ODQ1ZDhlMTBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh6WX9PPX5y18GQJT4DFg0FtxymgotMKU+Fh5wQemNRRWM
l1All29Y/8zcRSVpfeS82pvHN5tQw+XeCurrhbUbkkMvu3v0Z7KNKlwu0OMqjV67
ivpi0KovcDszmUmlZkDNwWT1qZz3i1SisfkZseIQmPAdqjX5R1J5khcHEG3uXm89
3PQzTrU3ekUjNjGhQeX1EMN3h32oGbBjjSpIXFZRfYojxul7LcEsooBpEHavRnwC
wnlswipp1VTLjI6VP5UxYgVX8qcYJ2DJZsgJbMv1ZUWaR2nhCajCcsSuagj/IN8S
HRb5d1mCbBUfx+CDm0BSoMo9cfW9YTg4US+qYwENAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUBmjWMoDZRbETwDBOYt7O71qPZoAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiNDYzZmU0LTlmNDItNDVmMS05ODU0LTE0YTVjMjA1NzQwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCSpzANBgkqhkiG9w0BAQsFAAOCAQEAXwy5SaKC3O0TGacnflbsakrviBHQ
tIL38px6j8jfl4gEikpvnr967Q4GDLfpdsfHPP5sjE0y335CEXqkTkyDyxpfNanG
SdR4DzpReBOsigF+D7idsh6ONVHKQTY2yz+OPVNrxOyP4IOa3IoZW6Xhru/L2SMD
2N9+pwMLHnz0sdWRXZ41mLKWYoTHLT1roK9PMtpPQkWd1qNg7dT086/GSblKVaZu
WWW95kUVgBoh5w0APCwkEbqrisa24IOLuS7qg/fDMd6JOI2YDaQlbTHiKRHmprzh
Ru/HEMxT33qTr5hM1ukU2Xsd/ODZaUsFufGFoqm4evboCK85Pr/WlTddAA==
-----END CERTIFICATE-----