Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fddf1e97-cd5a-4958-b315-7541e5e380c2.roa
File:                     fddf1e97-cd5a-4958-b315-7541e5e380c2.roa (raw, json)
Hash identifier:          o521V/TDxdH5/Rci1tyGMcy2WmGYglp4JjI7NCo+CfQ=
Subject key identifier:   FB:C5:D7:22:A6:20:44:3C:A0:63:F3:13:65:F1:D7:99:32:CA:17:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       470D0F838DA25DC8F2F0F0D435A7F00DE4BD36D9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fddf1e97-cd5a-4958-b315-7541e5e380c2.roa
Signing time:             Mon 06 Oct 2025 16:39:18 +0000
ROA not before:           Mon 06 Oct 2025 16:39:18 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.18.112.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:0d:0f:83:8d:a2:5d:c8:f2:f0:f0:d4:35:a7:f0:0d:e4:bd:36:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:39:18 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=f6f68146796fdac8dbfc081a07b47d688488b12421b2c699da035301990371d1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:36:f4:d1:c3:e5:4b:be:7a:aa:47:6b:91:83:
                    c6:04:9a:6d:69:fb:e5:01:39:cc:a2:f0:a2:af:fe:
                    6a:25:d7:c3:52:59:07:4b:8f:4f:94:6f:f3:6b:7d:
                    a0:a7:cc:f6:05:98:37:96:ce:6d:c2:eb:a6:63:43:
                    e7:59:ba:f7:3b:28:c2:6f:d7:10:f9:97:96:34:a2:
                    ce:8a:b0:db:29:cf:98:d6:df:b6:3d:7e:45:df:17:
                    fb:c4:9b:c1:4d:90:8b:47:c3:b5:28:72:5c:8e:59:
                    48:62:b4:04:88:50:3a:2f:7f:44:45:4d:82:20:06:
                    0f:3c:c2:82:46:0a:67:79:57:f8:cf:cc:bb:6f:e9:
                    1a:69:be:1e:ba:19:06:f8:88:62:fa:94:6a:89:b9:
                    f5:1c:c5:2d:92:ab:2a:85:5a:9b:43:50:61:61:99:
                    0f:d3:69:9e:34:79:d9:f4:72:f7:eb:6d:50:bb:dd:
                    0a:db:6e:39:f2:67:e1:e6:31:63:f7:7c:93:77:1f:
                    24:90:7d:35:19:71:db:e4:96:bf:8d:49:21:85:eb:
                    6a:f5:7f:ae:04:95:82:ab:0a:99:ee:ba:d1:86:a6:
                    22:7c:fe:b9:5c:4e:e6:56:3b:23:cc:ed:ea:a2:f0:
                    63:4c:45:82:a4:88:51:ec:c7:ce:c9:52:77:13:93:
                    c2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:C5:D7:22:A6:20:44:3C:A0:63:F3:13:65:F1:D7:99:32:CA:17:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fddf1e97-cd5a-4958-b315-7541e5e380c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.18.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         27:79:f2:2f:39:be:8f:2d:f7:0b:2b:47:56:a2:c8:e2:75:e1:
         f3:17:ce:fe:c5:ca:80:f5:74:8f:fe:4a:b8:89:e1:db:42:2d:
         87:e9:77:ff:3e:73:b0:69:5e:aa:29:fe:fa:58:39:05:e3:a1:
         dc:e6:23:32:8a:db:de:42:b1:3e:a8:80:bc:2a:51:f6:a3:53:
         51:bd:f2:8e:76:ab:7f:b0:1a:1a:41:62:9c:7d:52:6a:3f:7f:
         8a:48:ae:7f:62:f9:3b:2a:e2:0f:0d:a0:e0:1e:a8:07:bb:03:
         c8:36:e4:7d:b6:81:83:00:79:48:b5:17:ce:8a:4f:3b:77:39:
         21:82:87:99:16:5d:92:aa:5d:df:79:5d:2c:a7:56:83:81:c8:
         d9:be:26:7d:33:de:45:c3:8a:af:f8:02:50:91:22:f4:64:b8:
         9b:df:3f:c6:df:80:d6:66:d3:76:fd:5a:28:12:4b:f7:c1:30:
         a8:93:fc:0f:19:8f:be:80:90:7f:2e:9d:e2:10:e5:aa:bc:74:
         61:f3:27:8c:c7:fe:18:f4:5b:aa:48:ff:12:17:0b:fe:ff:80:
         ae:c4:b2:11:57:dd:0b:47:d4:06:cc:fa:38:ab:f5:84:61:06:
         a9:4f:72:c9:1b:3e:ae:e8:53:2b:29:f5:6a:3b:31:c2:8a:e5:
         80:f8:05:bf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURw0Pg42iXcjy8PDUNafwDeS9NtkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYzOTE4WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNmY2ODE0Njc5NmZkYWM4ZGJmYzA4MWEwN2I0N2Q2ODg0
ODhiMTI0MjFiMmM2OTlkYTAzNTMwMTk5MDM3MWQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpNvTRw+VLvnqqR2uRg8YEmm1p++UBOcyi8KKv/mol18NS
WQdLj0+Ub/NrfaCnzPYFmDeWzm3C66ZjQ+dZuvc7KMJv1xD5l5Y0os6KsNspz5jW
37Y9fkXfF/vEm8FNkItHw7UoclyOWUhitASIUDovf0RFTYIgBg88woJGCmd5V/jP
zLtv6Rppvh66GQb4iGL6lGqJufUcxS2SqyqFWptDUGFhmQ/TaZ40edn0cvfrbVC7
3QrbbjnyZ+HmMWP3fJN3HySQfTUZcdvklr+NSSGF62r1f64ElYKrCpnuutGGpiJ8
/rlcTuZWOyPM7eqi8GNMRYKkiFHsx87JUncTk8LpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+8XXIqYgRDygY/MTZfHXmTLKFwAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZkZGYxZTk3LWNkNWEtNDk1OC1iMzE1LTc1NDFlNWUzODBjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQyEnAwDQYJKoZIhvcNAQELBQADggEBACd58i85vo8t9wsrR1aiyOJ14fMX
zv7FyoD1dI/+SriJ4dtCLYfpd/8+c7BpXqop/vpYOQXjodzmIzKK295CsT6ogLwq
UfajU1G98o52q3+wGhpBYpx9Umo/f4pIrn9i+Tsq4g8NoOAeqAe7A8g25H22gYMA
eUi1F86KTzt3OSGCh5kWXZKqXd95XSynVoOByNm+Jn0z3kXDiq/4AlCRIvRkuJvf
P8bfgNZm03b9WigSS/fBMKiT/A8Zj76AkH8uneIQ5aq8dGHzJ4zH/hj0W6pI/xIX
C/7/gK7EshFX3QtH1AbM+jir9YRhBqlPcskbPq7oUysp9Wo7McKK5YD4Bb8=
-----END CERTIFICATE-----