Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f928fc8-8614-4113-b84d-7aa32406a477.roa
File:                     0f928fc8-8614-4113-b84d-7aa32406a477.roa (raw, json)
Hash identifier:          tf0rYRLomWyW7UdkVktMtC68AOswEDTq2s37/p9LxL8=
Subject key identifier:   DE:71:6C:73:42:08:1A:DE:C5:25:EB:74:23:C0:51:D0:74:D0:05:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       282916EBCE2C12DE6B9332115EB7491CF3DBE4FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f928fc8-8614-4113-b84d-7aa32406a477.roa
Signing time:             Sun 26 Oct 2025 00:11:26 +0000
ROA not before:           Sun 26 Oct 2025 00:11:26 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.7.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:29:16:eb:ce:2c:12:de:6b:93:32:11:5e:b7:49:1c:f3:db:e4:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:11:26 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=75910d9c79ece14bd5542be3acf03b55c6014f5d64a5b7fa7e85760903dd47d6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7c:33:1f:6a:63:1d:4b:20:0e:05:92:17:b1:
                    63:64:b7:e1:eb:d7:c8:12:a6:6b:59:91:3e:8a:dc:
                    49:49:30:8f:b4:94:e0:5e:e9:b2:f2:92:3a:96:e1:
                    ba:53:04:f7:58:0d:5a:de:00:86:9e:0c:2a:8d:7c:
                    17:99:1d:30:a9:83:22:56:fb:79:fc:5f:a1:4e:38:
                    e0:02:77:62:00:c5:e9:00:94:ff:a9:30:38:fc:22:
                    04:de:32:92:bb:ec:9a:02:ec:6a:2b:f1:cf:cb:6e:
                    32:a1:f8:d6:aa:f4:32:37:71:c3:df:b6:a5:5f:5c:
                    d0:8e:a9:d0:ad:26:9a:6a:13:15:e3:f4:6d:e5:26:
                    a5:91:94:37:b1:f0:81:70:b5:68:fc:65:52:de:d6:
                    5c:ba:ae:be:b9:7d:31:0a:3a:44:32:65:34:3f:cd:
                    05:9d:8b:6b:3b:15:e1:ec:c1:07:47:9a:9b:10:f6:
                    6b:66:cd:e7:b3:f3:f2:9e:88:78:eb:54:fc:eb:fb:
                    16:5d:66:17:aa:d9:c0:33:82:d8:e0:d1:88:21:86:
                    f9:eb:06:d6:15:8e:77:fb:9d:a4:8d:da:e5:6d:f4:
                    ff:b5:a8:48:41:0d:22:dc:a0:c1:12:e4:f3:9b:b9:
                    48:cc:bd:a1:b9:5e:1b:77:4b:83:59:85:12:6c:b2:
                    82:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:71:6C:73:42:08:1A:DE:C5:25:EB:74:23:C0:51:D0:74:D0:05:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f928fc8-8614-4113-b84d-7aa32406a477.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.7.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         be:74:0a:96:a2:07:9b:e5:05:e6:c9:dd:a9:d1:ff:25:34:f0:
         5f:b8:98:74:91:63:eb:86:80:6a:b1:16:3b:2d:26:b9:ea:4c:
         84:78:ad:93:95:22:5a:ff:5f:ec:76:5e:0d:15:3c:01:f4:7f:
         bf:c5:97:f5:3f:51:dc:16:fc:47:25:a7:5a:f5:91:a7:db:34:
         32:d4:9c:93:35:42:24:8f:bb:5b:de:ea:a5:ad:66:f5:c4:7b:
         37:01:ae:dc:93:dc:53:54:6e:aa:8f:87:8a:a2:0e:b5:3d:33:
         50:a7:ac:61:4c:17:59:89:c6:be:ef:61:3d:73:67:6f:bd:56:
         95:8e:2b:ea:62:57:47:38:03:e2:df:a8:3f:8b:34:82:bd:cd:
         c9:28:46:44:ce:aa:d0:3b:52:a8:97:fa:bf:57:f7:7b:4b:29:
         e7:f5:5c:ef:f4:74:7a:54:95:06:d1:4e:7a:32:d8:72:c5:1c:
         fd:3c:16:db:d0:78:90:9d:a2:ac:4c:15:f9:5b:c9:66:7a:da:
         cc:0b:c5:d7:4f:1d:6c:8e:66:c4:b3:58:32:da:d7:80:c6:f9:
         84:9a:4b:65:2f:51:e2:e2:60:57:aa:58:0a:49:fd:70:07:0f:
         0c:42:99:b5:52:bd:41:6c:c9:c6:cc:20:25:6e:50:ca:a1:e2:
         f4:04:4d:b7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKCkW684sEt5rkzIRXrdJHPPb5PwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAxMTI2WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTkxMGQ5Yzc5ZWNlMTRiZDU1NDJiZTNhY2YwM2I1NWM2
MDE0ZjVkNjRhNWI3ZmE3ZTg1NzYwOTAzZGQ0N2Q2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtfDMfamMdSyAOBZIXsWNkt+Hr18gSpmtZkT6K3ElJMI+0
lOBe6bLykjqW4bpTBPdYDVreAIaeDCqNfBeZHTCpgyJW+3n8X6FOOOACd2IAxekA
lP+pMDj8IgTeMpK77JoC7Gor8c/LbjKh+Naq9DI3ccPftqVfXNCOqdCtJppqExXj
9G3lJqWRlDex8IFwtWj8ZVLe1ly6rr65fTEKOkQyZTQ/zQWdi2s7FeHswQdHmpsQ
9mtmzeez8/KeiHjrVPzr+xZdZheq2cAzgtjg0YghhvnrBtYVjnf7naSN2uVt9P+1
qEhBDSLcoMES5PObuUjMvaG5Xht3S4NZhRJssoKdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3nFsc0IIGt7FJet0I8BR0HTQBXMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBmOTI4ZmM4LTg2MTQtNDExMy1iODRkLTdhYTMyNDA2YTQ3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2BzANBgkqhkiG9w0BAQsFAAOCAQEAvnQKlqIHm+UF5sndqdH/JTTwX7iY
dJFj64aAarEWOy0muepMhHitk5UiWv9f7HZeDRU8AfR/v8WX9T9R3Bb8RyWnWvWR
p9s0MtSckzVCJI+7W97qpa1m9cR7NwGu3JPcU1Ruqo+HiqIOtT0zUKesYUwXWYnG
vu9hPXNnb71WlY4r6mJXRzgD4t+oP4s0gr3NyShGRM6q0DtSqJf6v1f3e0sp5/Vc
7/R0elSVBtFOejLYcsUc/TwW29B4kJ2irEwV+VvJZnrazAvF108dbI5mxLNYMtrX
gMb5hJpLZS9R4uJgV6pYCkn9cAcPDEKZtVK9QWzJxswgJW5QyqHi9ARNtw==
-----END CERTIFICATE-----