Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa
File:                     ef392e95-5697-4675-a401-25d090055bed.roa (raw, json)
Hash identifier:          Opk6RAIXUXAuF8T14nAUDYANSaGHXQ8cGyfzFm4OfOc=
Subject key identifier:   54:54:5D:58:7B:05:3B:FC:83:F4:18:22:9E:03:A6:9F:A6:27:83:08
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14925662F7F96EE1721398CBD9A0A9C78FB103DE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa
Signing time:             Sat 11 Oct 2025 00:42:38 +0000
ROA not before:           Sat 11 Oct 2025 00:42:38 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.87.208.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:92:56:62:f7:f9:6e:e1:72:13:98:cb:d9:a0:a9:c7:8f:b1:03:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:42:38 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=de7168a6b34c9f42ce2a565949fcc16e8dc3e55236f120605ed3df2001aefe34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:29:84:31:01:f5:71:fb:59:5b:9b:d3:aa:6a:
                    cf:69:9b:ac:8d:00:ba:7d:4b:30:71:ee:dc:e1:a2:
                    71:f3:2a:a1:32:e3:79:2d:12:c1:94:0a:80:81:07:
                    63:cd:38:b9:13:fa:4f:62:ab:4d:1e:fd:ba:5e:35:
                    73:3d:5f:3c:64:85:c6:05:0a:61:93:12:7d:f0:3f:
                    9e:eb:3e:4d:c0:8f:00:39:ff:90:1a:23:6e:0a:d7:
                    c4:43:67:f3:aa:db:2c:06:6b:7a:17:6f:b7:00:88:
                    8e:7f:5c:9b:57:de:df:b2:bf:ba:a5:08:2f:99:f6:
                    36:c4:7a:08:10:1f:87:cb:cb:74:f9:db:23:85:fa:
                    59:9b:c7:83:92:d4:96:ec:f5:a4:9b:9b:1f:5d:3c:
                    6a:6f:3b:89:2b:d6:cc:6e:e3:8f:de:32:14:41:c7:
                    5c:63:80:db:a3:52:6d:5f:4b:5a:ea:de:bf:8f:69:
                    84:ee:6c:66:d0:9e:51:67:02:4c:07:2c:25:7e:80:
                    28:43:76:0e:87:19:ff:16:c4:21:ee:a0:62:4d:41:
                    b6:f4:8a:3f:16:f7:2f:ba:89:9e:45:c0:d3:90:d9:
                    be:3d:43:73:07:2a:ed:00:73:ab:e5:40:35:ee:d1:
                    25:cf:97:33:f3:53:fc:e1:15:58:e3:13:4b:86:ef:
                    24:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:54:5D:58:7B:05:3B:FC:83:F4:18:22:9E:03:A6:9F:A6:27:83:08
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.87.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8e:0e:7e:1a:d1:0d:8f:79:67:f4:63:18:3a:78:dc:87:a8:ee:
         ef:37:c3:10:df:e1:e1:da:a6:d1:06:57:91:e4:50:ac:dd:49:
         ae:7d:cc:f3:1b:da:5f:0a:dc:35:9d:9a:45:23:94:e8:27:0d:
         4a:e5:ca:56:50:bb:36:0f:27:80:d8:fb:73:1e:b9:fd:66:2d:
         f1:21:35:a2:95:0d:05:a3:29:dd:ec:9d:7a:68:d6:da:03:eb:
         0b:6d:ed:8c:84:f8:64:26:80:80:f7:52:fb:58:f3:06:f1:47:
         d1:24:9b:da:ed:07:82:fb:9a:91:d4:c9:b1:00:f1:8e:41:98:
         e3:ec:c4:40:73:43:a3:1d:ad:69:45:5f:0a:34:44:3d:07:7e:
         e3:17:38:2a:de:e7:2f:67:3f:a7:03:97:d3:28:ba:0c:99:95:
         8a:03:a3:0d:73:ca:b9:f5:04:ad:39:81:67:ef:ae:9b:21:48:
         93:fc:43:4b:8d:22:74:42:ec:61:d6:de:05:f1:ba:90:a7:b9:
         e3:2e:21:f1:cc:24:5d:bc:d0:b8:b9:d2:01:0e:c2:fb:f5:9b:
         e7:38:73:76:45:b1:e3:e7:0a:2d:9f:35:8d:9d:20:aa:b0:04:
         72:e9:18:c8:9e:cd:d0:17:a6:05:0f:94:24:29:88:34:ec:8f:
         c7:53:ac:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFJJWYvf5buFyE5jL2aCpx4+xA94wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDA0MjM4WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTcxNjhhNmIzNGM5ZjQyY2UyYTU2NTk0OWZjYzE2ZThk
YzNlNTUyMzZmMTIwNjA1ZWQzZGYyMDAxYWVmZTM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1KYQxAfVx+1lbm9Oqas9pm6yNALp9SzBx7tzhonHzKqEy
43ktEsGUCoCBB2PNOLkT+k9iq00e/bpeNXM9XzxkhcYFCmGTEn3wP57rPk3AjwA5
/5AaI24K18RDZ/Oq2ywGa3oXb7cAiI5/XJtX3t+yv7qlCC+Z9jbEeggQH4fLy3T5
2yOF+lmbx4OS1Jbs9aSbmx9dPGpvO4kr1sxu44/eMhRBx1xjgNujUm1fS1rq3r+P
aYTubGbQnlFnAkwHLCV+gChDdg6HGf8WxCHuoGJNQbb0ij8W9y+6iZ5FwNOQ2b49
Q3MHKu0Ac6vlQDXu0SXPlzPzU/zhFVjjE0uG7yRDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVFRdWHsFO/yD9BgingOmn6YngwgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmMzkyZTk1LTU2OTctNDY3NS1hNDAxLTI1ZDA5MDA1NWJlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPYV9AwDQYJKoZIhvcNAQELBQADggEBAI4OfhrRDY95Z/RjGDp43Ieo7u83
wxDf4eHaptEGV5HkUKzdSa59zPMb2l8K3DWdmkUjlOgnDUrlylZQuzYPJ4DY+3Me
uf1mLfEhNaKVDQWjKd3snXpo1toD6wtt7YyE+GQmgID3UvtY8wbxR9Ekm9rtB4L7
mpHUybEA8Y5BmOPsxEBzQ6MdrWlFXwo0RD0HfuMXOCre5y9nP6cDl9MougyZlYoD
ow1zyrn1BK05gWfvrpshSJP8Q0uNInRC7GHW3gXxupCnueMuIfHMJF280Li50gEO
wvv1m+c4c3ZFsePnCi2fNY2dIKqwBHLpGMiezdAXpgUPlCQpiDTsj8dTrO8=
-----END CERTIFICATE-----