Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2a82e51-505a-4886-af9b-6d40cb2ba521.roa
File:                     f2a82e51-505a-4886-af9b-6d40cb2ba521.roa (raw, json)
Hash identifier:          ozHTP/jrPTdA/AXfmuXeH3gRzFCY7ICeZKkNK0Wf6z4=
Subject key identifier:   3A:4A:B9:93:08:E3:D8:5E:E6:1C:F8:E9:21:9B:3C:29:D3:DC:2C:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C178A5A142509D8F08AA643C8D20F4745A088CF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2a82e51-505a-4886-af9b-6d40cb2ba521.roa
Signing time:             Fri 17 Oct 2025 00:22:11 +0000
ROA not before:           Fri 17 Oct 2025 00:22:11 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.21.208.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:17:8a:5a:14:25:09:d8:f0:8a:a6:43:c8:d2:0f:47:45:a0:88:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:22:11 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=3519e920c05796d11600e1f564b76d9d30a286a9e65e8d85d8f37295c83c9dc1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:10:e1:bc:1a:2c:e7:42:52:b4:0b:86:0d:6d:
                    4c:f6:19:11:f9:08:4d:d2:d8:13:76:9f:6a:eb:61:
                    21:6b:55:76:ea:a1:1e:11:b5:0c:40:5a:49:02:44:
                    0b:d7:b3:81:2d:cb:dd:15:11:d7:2a:44:b3:ee:a8:
                    8e:9a:80:ca:93:44:f2:4d:03:e5:f8:7d:61:0e:2d:
                    b8:87:48:7a:b8:ba:73:0a:62:f0:85:b9:ff:76:d4:
                    bf:c9:a3:4e:97:73:f0:55:b1:b9:04:04:41:d2:f0:
                    83:e0:b6:b0:66:9c:99:27:5f:b1:c4:85:e0:d6:0d:
                    b3:c4:b5:b5:57:d6:71:5a:dc:35:58:45:ab:af:64:
                    b0:df:52:7b:df:b0:38:00:b6:a9:01:eb:f9:a9:54:
                    e5:d0:2d:12:12:fe:3b:65:b2:54:14:6f:f9:ab:65:
                    bc:e2:be:01:9c:f8:ee:4c:79:b7:51:53:09:f2:bb:
                    e7:f4:db:0c:42:cc:45:85:3d:09:ad:63:51:e3:a3:
                    b3:6b:50:8b:33:59:7a:14:ec:86:cb:16:88:65:9e:
                    0d:9d:af:56:ff:50:a4:ef:ef:1c:7e:0a:0b:d9:44:
                    41:f2:46:8c:52:81:c3:2a:2f:f5:33:0f:5e:60:13:
                    a2:8a:b6:7c:30:6f:81:3c:c3:6c:79:ba:f5:2e:3f:
                    fd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:4A:B9:93:08:E3:D8:5E:E6:1C:F8:E9:21:9B:3C:29:D3:DC:2C:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2a82e51-505a-4886-af9b-6d40cb2ba521.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         56:ea:65:f9:08:82:56:1d:ed:12:13:c4:1a:30:8b:99:26:f8:
         ed:5c:db:e8:2a:65:75:bd:9b:d8:25:e0:e8:4f:b7:3d:e7:90:
         37:a2:c3:ac:79:55:3d:5a:c3:95:9c:16:0a:06:98:a5:07:6c:
         75:e9:15:4c:c0:ae:eb:10:78:86:ac:2b:a6:79:2d:f1:17:c8:
         7b:f8:7d:86:c1:16:3f:35:79:1f:a6:70:fb:47:03:b2:cb:f7:
         09:ec:3d:e8:0e:85:70:88:3f:f6:55:6a:fe:08:49:fb:ed:92:
         d5:23:11:0e:85:9d:47:99:c9:92:be:98:9f:bf:69:c1:6d:21:
         1c:45:02:67:9f:58:25:08:20:8b:52:f8:be:1c:7b:4b:41:c4:
         e2:11:63:03:ea:88:7e:19:b6:17:b8:6b:b6:bd:63:7b:a1:12:
         2f:fc:d9:ae:0f:63:ce:74:82:97:51:11:8f:34:bc:29:21:f4:
         9f:18:ed:5d:09:c1:71:d0:d9:6c:a9:0a:fc:8a:4b:06:79:d3:
         0b:43:b3:3f:ad:e9:7a:86:b3:7a:f0:b3:0a:eb:fa:0c:00:31:
         3b:3c:0f:ed:73:10:04:b7:1f:ff:66:96:0d:40:1e:4e:dd:b2:
         62:54:0e:cf:0c:e1:5c:48:9e:76:40:53:ed:e0:06:1e:ef:8e:
         2e:6e:17:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULBeKWhQlCdjwiqZDyNIPR0WgiM8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDAyMjExWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTE5ZTkyMGMwNTc5NmQxMTYwMGUxZjU2NGI3NmQ5ZDMw
YTI4NmE5ZTY1ZThkODVkOGYzNzI5NWM4M2M5ZGMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsEOG8GiznQlK0C4YNbUz2GRH5CE3S2BN2n2rrYSFrVXbq
oR4RtQxAWkkCRAvXs4Ety90VEdcqRLPuqI6agMqTRPJNA+X4fWEOLbiHSHq4unMK
YvCFuf921L/Jo06Xc/BVsbkEBEHS8IPgtrBmnJknX7HEheDWDbPEtbVX1nFa3DVY
RauvZLDfUnvfsDgAtqkB6/mpVOXQLRIS/jtlslQUb/mrZbzivgGc+O5MebdRUwny
u+f02wxCzEWFPQmtY1Hjo7NrUIszWXoU7IbLFohlng2dr1b/UKTv7xx+CgvZREHy
RoxSgcMqL/UzD15gE6KKtnwwb4E8w2x5uvUuP/0XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOkq5kwjj2F7mHPjpIZs8KdPcLOYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyYTgyZTUxLTUwNWEtNDg4Ni1hZjliLTZkNDBjYjJiYTUyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARrFdAwDQYJKoZIhvcNAQELBQADggEBAFbqZfkIglYd7RITxBowi5km+O1c
2+gqZXW9m9gl4OhPtz3nkDeiw6x5VT1aw5WcFgoGmKUHbHXpFUzArusQeIasK6Z5
LfEXyHv4fYbBFj81eR+mcPtHA7LL9wnsPegOhXCIP/ZVav4ISfvtktUjEQ6FnUeZ
yZK+mJ+/acFtIRxFAmefWCUIIItS+L4ce0tBxOIRYwPqiH4Zthe4a7a9Y3uhEi/8
2a4PY850gpdREY80vCkh9J8Y7V0JwXHQ2WypCvyKSwZ50wtDsz+t6XqGs3rwswrr
+gwAMTs8D+1zEAS3H/9mlg1AHk7dsmJUDs8M4VxInnZAU+3gBh7vji5uF/Y=
-----END CERTIFICATE-----