Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebaea730-5e58-4690-973d-b99a24f55ff6.roa
File:                     ebaea730-5e58-4690-973d-b99a24f55ff6.roa (raw, json)
Hash identifier:          fc7Q5lKbDAXvEwKb+wvf2mVgKtaoRVUCbryzXnCftmI=
Subject key identifier:   DB:D7:74:34:0F:AF:73:34:51:5F:05:08:10:A0:D3:C3:C0:E3:A1:02
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4AE8E1975BD5BC3BDC363EC7602C9BD0BBF3543F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebaea730-5e58-4690-973d-b99a24f55ff6.roa
Signing time:             Fri 10 Oct 2025 00:01:15 +0000
ROA not before:           Fri 10 Oct 2025 00:01:15 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.217.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:e8:e1:97:5b:d5:bc:3b:dc:36:3e:c7:60:2c:9b:d0:bb:f3:54:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:01:15 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=5554c394156a770a1638c8802b33f58ca60b73e3331ba4b3d53f0fec294a575b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:34:60:2c:5c:1e:5a:78:7b:68:63:d0:24:b0:
                    81:42:9a:e2:7a:8e:66:69:c7:8c:2b:02:01:51:a1:
                    0a:8c:ae:76:70:d9:64:58:b4:6c:2d:a0:dd:97:c8:
                    74:dd:8c:1e:bb:d9:36:e6:78:f9:d6:eb:e3:15:1b:
                    cd:d2:9b:b4:69:da:32:62:40:64:83:7a:96:4d:7f:
                    8d:3b:63:ae:34:e8:6a:8d:b2:40:d5:9e:a0:b6:d7:
                    b9:6d:2e:7e:c6:2a:e1:71:44:2c:81:18:87:06:c1:
                    89:0e:e7:b5:45:e7:ad:cc:c3:25:c2:59:f1:f6:5b:
                    cc:1d:a1:c1:ce:d4:41:ae:52:cd:b1:bd:46:e5:a6:
                    67:ea:24:2e:ca:db:63:a7:e1:fa:1d:64:9e:e6:8c:
                    e3:e3:17:96:ba:43:6c:e6:e2:e9:ed:1e:4a:80:0e:
                    e5:e4:65:f5:1b:8e:e7:11:0c:29:13:5c:f2:f8:ce:
                    a2:eb:35:fd:99:a6:f7:77:b2:7f:b5:66:91:96:da:
                    9a:a5:42:1f:e5:65:cf:9c:32:61:c6:72:aa:6c:a6:
                    79:0e:f8:a7:2d:b6:4f:dd:da:d7:82:a2:16:c9:fb:
                    65:39:36:15:b0:9d:22:14:6e:86:eb:26:0e:0d:e0:
                    d5:f2:ff:54:91:f7:26:1a:e1:eb:2d:79:4a:ef:ad:
                    3d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D7:74:34:0F:AF:73:34:51:5F:05:08:10:A0:D3:C3:C0:E3:A1:02
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebaea730-5e58-4690-973d-b99a24f55ff6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.217.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:58:f9:66:5c:b9:e2:57:64:d2:87:65:34:16:11:b6:af:d6:
         84:ee:a6:79:3a:08:0d:c3:ba:a6:84:86:f0:13:94:b0:d9:b9:
         b1:fc:8b:0c:f6:fd:e0:85:5d:c5:cc:60:d3:54:56:e0:09:30:
         1b:31:4d:b3:cd:16:d5:36:6a:89:48:c3:e2:b8:ba:2a:a4:2a:
         f4:a8:c1:67:37:c5:ce:37:2d:12:37:0e:61:08:a0:97:96:69:
         de:d1:18:ef:ce:60:cc:34:f0:d9:8d:a5:72:01:5f:82:bb:b2:
         e2:2b:01:e8:08:10:26:c9:d9:c7:21:0f:cf:09:87:0e:27:a1:
         fa:c1:19:9d:e8:53:df:ab:41:32:cb:cb:e9:d1:fa:8d:7b:f4:
         d6:3e:4a:31:d9:88:6b:23:90:0a:df:bc:0a:5b:5b:89:b1:9d:
         c2:4e:d7:36:dd:f9:95:50:7c:21:0c:90:00:be:6c:c0:93:b5:
         60:eb:99:a5:c5:c6:06:9d:c4:8b:75:05:9d:63:a3:f3:35:9f:
         44:7a:59:46:ab:92:e5:26:79:49:76:e2:c1:72:1f:0a:20:8c:
         6b:c0:0b:20:e1:9d:a0:ac:e2:2d:83:06:73:a2:fe:41:a3:d8:
         ee:a3:2f:a2:69:dc:94:2b:1e:bb:53:aa:14:28:82:33:fd:ac:
         c1:95:9a:b6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSujhl1vVvDvcNj7HYCyb0LvzVD8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAwMTE1WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTU0YzM5NDE1NmE3NzBhMTYzOGM4ODAyYjMzZjU4Y2E2
MGI3M2UzMzMxYmE0YjNkNTNmMGZlYzI5NGE1NzViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnNGAsXB5aeHtoY9AksIFCmuJ6jmZpx4wrAgFRoQqMrnZw
2WRYtGwtoN2XyHTdjB672TbmePnW6+MVG83Sm7Rp2jJiQGSDepZNf407Y6406GqN
skDVnqC217ltLn7GKuFxRCyBGIcGwYkO57VF563MwyXCWfH2W8wdocHO1EGuUs2x
vUblpmfqJC7K22On4fodZJ7mjOPjF5a6Q2zm4untHkqADuXkZfUbjucRDCkTXPL4
zqLrNf2Zpvd3sn+1ZpGW2pqlQh/lZc+cMmHGcqpspnkO+Kcttk/d2teCohbJ+2U5
NhWwnSIUbobrJg4N4NXy/1SR9yYa4esteUrvrT09AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU29d0NA+vczRRXwUIEKDTw8DjoQIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViYWVhNzMwLTVlNTgtNDY5MC05NzNkLWI5OWEyNGY1NWZmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCC2TANBgkqhkiG9w0BAQsFAAOCAQEAmFj5Zly54ldk0odlNBYRtq/WhO6m
eToIDcO6poSG8BOUsNm5sfyLDPb94IVdxcxg01RW4AkwGzFNs80W1TZqiUjD4ri6
KqQq9KjBZzfFzjctEjcOYQigl5Zp3tEY785gzDTw2Y2lcgFfgruy4isB6AgQJsnZ
xyEPzwmHDieh+sEZnehT36tBMsvL6dH6jXv01j5KMdmIayOQCt+8CltbibGdwk7X
Nt35lVB8IQyQAL5swJO1YOuZpcXGBp3Ei3UFnWOj8zWfRHpZRquS5SZ5SXbiwXIf
CiCMa8ALIOGdoKziLYMGc6L+QaPY7qMvomnclCseu1OqFCiCM/2swZWatg==
-----END CERTIFICATE-----