Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/039a5967-2b5f-4316-9dd1-35af5965b5a7.roa
File:                     039a5967-2b5f-4316-9dd1-35af5965b5a7.roa (raw, json)
Hash identifier:          xI7pyw4nbsbSA66j1emKv9eYzpgpJxKRYjJInzjcvZc=
Subject key identifier:   30:82:B1:01:6E:B4:E9:C6:02:9A:AF:01:EB:CC:B8:00:41:78:69:D0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4B208B2EA8C1CE6D8A75CC6512DE72C885CC816B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/039a5967-2b5f-4316-9dd1-35af5965b5a7.roa
Signing time:             Fri 31 Oct 2025 01:00:39 +0000
ROA not before:           Fri 31 Oct 2025 01:00:39 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.157.32.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:20:8b:2e:a8:c1:ce:6d:8a:75:cc:65:12:de:72:c8:85:cc:81:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:00:39 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=5126d96cc8974e529532a5574c21963a4596e64a28a4e0af6cc4da6039cb73d7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f2:c7:62:f8:19:87:af:bc:66:fd:ca:78:f4:
                    19:56:a8:95:a8:b6:3d:ce:f8:ef:12:44:2b:38:19:
                    b2:c8:76:8c:d4:62:6f:e5:7c:84:d5:25:da:e7:6c:
                    33:fb:27:6b:02:2f:70:50:6d:fa:b0:1b:5d:0b:89:
                    fc:c1:4a:d8:f9:55:61:31:d3:b4:62:f2:3e:2d:7a:
                    19:78:14:21:02:6c:94:b7:ce:b3:ad:a4:5a:6e:8f:
                    c7:71:99:46:20:9b:f5:5a:e1:7e:bb:06:bb:31:92:
                    2d:22:ad:cb:5c:7a:8c:ba:7d:fc:88:6e:d0:ca:9c:
                    48:cf:5d:3a:0a:0f:73:b9:d9:0c:1c:c8:fd:90:c0:
                    98:7d:dc:09:73:72:f2:3a:2e:2e:93:ec:c1:47:a8:
                    bb:3a:16:31:35:54:69:ab:1c:d6:de:4a:4d:90:87:
                    3b:bf:7f:ab:3c:d8:14:ce:be:10:16:e3:3a:20:80:
                    0e:0b:10:a5:f0:cb:c6:37:a8:ab:a4:5d:e4:43:6e:
                    84:5c:ee:a8:13:4f:91:e2:1e:58:6d:cb:a9:26:6d:
                    2c:d1:41:93:e2:cc:6d:53:2b:a5:23:4b:2d:d8:de:
                    ab:f1:b1:2d:7b:4a:07:70:f5:b4:ed:51:85:2b:15:
                    27:31:2c:e1:de:a1:7a:8a:b5:cb:df:ec:e1:02:eb:
                    8a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:82:B1:01:6E:B4:E9:C6:02:9A:AF:01:EB:CC:B8:00:41:78:69:D0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/039a5967-2b5f-4316-9dd1-35af5965b5a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.157.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:82:38:37:95:f5:c8:a8:73:7a:2b:da:b7:aa:c6:e5:bb:c8:
         c4:67:85:c0:61:13:4b:0a:c9:85:65:61:88:c2:84:65:d7:e5:
         28:46:f0:f2:9f:6a:b0:1d:76:62:ca:13:9b:bb:d8:2a:55:e7:
         7c:a4:e7:f9:37:ae:26:0b:97:a4:24:75:2a:ae:6a:18:19:d6:
         52:2a:1e:85:81:c1:a9:09:4b:9a:5d:41:bc:1c:57:9b:bf:3f:
         ea:e4:71:c0:ff:cd:99:4a:e6:36:49:f3:3f:54:c5:5b:d3:a4:
         f6:23:a9:d7:ac:ea:0e:39:8f:69:8d:06:8a:13:bc:a5:29:1a:
         45:dc:4f:30:97:94:2b:d8:ff:43:eb:81:6e:8d:54:34:40:fd:
         bd:a8:67:03:ff:79:0f:69:c9:14:eb:b4:5f:3a:83:b2:24:35:
         0a:e2:f4:2e:f7:1a:68:c3:79:2b:e4:53:51:b1:a6:05:bb:2b:
         91:69:aa:de:58:66:00:3e:ff:fe:2c:d4:86:07:f3:37:b6:85:
         17:45:e4:49:66:06:cf:0d:1a:26:88:60:2b:91:71:e2:a0:a0:
         c9:ae:ed:da:04:e4:76:0b:8a:5c:11:9c:22:0b:63:7a:63:12:
         ff:18:4c:7c:1a:45:f1:59:bb:87:8a:11:cf:e9:97:92:0c:ed:
         c2:bb:d1:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSyCLLqjBzm2KdcxlEt5yyIXMgWswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMDM5WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTI2ZDk2Y2M4OTc0ZTUyOTUzMmE1NTc0YzIxOTYzYTQ1
OTZlNjRhMjhhNGUwYWY2Y2M0ZGE2MDM5Y2I3M2Q3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC28sdi+BmHr7xm/cp49BlWqJWotj3O+O8SRCs4GbLIdozU
Ym/lfITVJdrnbDP7J2sCL3BQbfqwG10LifzBStj5VWEx07Ri8j4tehl4FCECbJS3
zrOtpFpuj8dxmUYgm/Va4X67Brsxki0irctceoy6ffyIbtDKnEjPXToKD3O52Qwc
yP2QwJh93AlzcvI6Li6T7MFHqLs6FjE1VGmrHNbeSk2Qhzu/f6s82BTOvhAW4zog
gA4LEKXwy8Y3qKukXeRDboRc7qgTT5HiHlhty6kmbSzRQZPizG1TK6UjSy3Y3qvx
sS17Sgdw9bTtUYUrFScxLOHeoXqKtcvf7OEC64pJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMIKxAW606cYCmq8B68y4AEF4adAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzOWE1OTY3LTJiNWYtNDMxNi05ZGQxLTM1YWY1OTY1YjVhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALAnSAwDQYJKoZIhvcNAQELBQADggEBAKaCODeV9cioc3or2reqxuW7yMRn
hcBhE0sKyYVlYYjChGXX5ShG8PKfarAddmLKE5u72CpV53yk5/k3riYLl6QkdSqu
ahgZ1lIqHoWBwakJS5pdQbwcV5u/P+rkccD/zZlK5jZJ8z9UxVvTpPYjqdes6g45
j2mNBooTvKUpGkXcTzCXlCvY/0PrgW6NVDRA/b2oZwP/eQ9pyRTrtF86g7IkNQri
9C73GmjDeSvkU1GxpgW7K5Fpqt5YZgA+//4s1IYH8ze2hRdF5ElmBs8NGiaIYCuR
ceKgoMmu7doE5HYLilwRnCILY3pjEv8YTHwaRfFZu4eKEc/pl5IM7cK70VY=
-----END CERTIFICATE-----