Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b9c377-f80d-4d7f-a43b-5ff789630497.roa
File:                     16b9c377-f80d-4d7f-a43b-5ff789630497.roa (raw, json)
Hash identifier:          aU8jqKKHEgxvcdKCb+a4hqipiZ8RueMJXFnGs4fbY/k=
Subject key identifier:   A3:16:79:8A:F0:54:2F:EB:A2:C2:03:D9:0E:DB:67:F2:90:FE:88:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6DDF2B5C666C86D504ED3DD714CEE1988750F9CC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b9c377-f80d-4d7f-a43b-5ff789630497.roa
Signing time:             Tue 04 Nov 2025 00:21:32 +0000
ROA not before:           Tue 04 Nov 2025 00:21:32 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        24.145.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:df:2b:5c:66:6c:86:d5:04:ed:3d:d7:14:ce:e1:98:87:50:f9:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:21:32 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=46f3a6adc52b96becbd8ceb1a64a24a7570a5a40612abf04edef1830819bc721, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:69:b3:72:db:f3:2f:f8:ab:a2:82:e8:66:56:
                    6a:ba:b0:b8:c4:e7:98:5f:cd:ad:df:28:67:37:14:
                    78:77:45:93:b8:17:8c:e1:32:78:5d:82:54:ee:2c:
                    45:a6:1f:ce:73:77:24:66:55:86:57:87:f8:f1:62:
                    85:3b:e2:59:cb:9f:d7:c3:b8:d3:ec:e5:e4:3f:c2:
                    ce:bb:9c:7d:ef:5c:47:78:39:64:55:8c:a5:c6:e7:
                    35:37:8f:a9:17:30:79:17:43:11:09:1a:e2:df:de:
                    3f:f9:40:44:b9:78:c9:b2:5d:24:bf:53:a7:af:12:
                    68:14:95:db:95:3e:0f:8d:08:75:69:92:d6:11:ff:
                    a1:e2:d0:6e:16:bb:46:28:13:d7:06:ae:02:ec:43:
                    01:7a:bc:64:78:eb:3a:83:74:8c:4e:8c:95:99:90:
                    d0:ae:ba:98:c8:06:8b:d3:3f:4b:22:fd:ac:11:4b:
                    e2:32:13:6d:e6:2b:d4:bf:0c:72:09:28:61:96:5d:
                    cf:41:b2:91:c9:42:68:6f:44:a3:ad:90:22:05:b0:
                    29:98:69:99:51:74:da:7b:7d:b3:ed:79:b6:e5:c4:
                    ce:3a:d3:9f:a9:6b:ae:d5:d0:23:47:23:ea:5c:b4:
                    c7:7e:a9:c7:e0:24:e2:3d:57:e2:d9:61:7c:b1:11:
                    66:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:16:79:8A:F0:54:2F:EB:A2:C2:03:D9:0E:DB:67:F2:90:FE:88:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b9c377-f80d-4d7f-a43b-5ff789630497.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.145.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         4d:12:82:2c:c7:06:40:4a:4a:a6:51:c7:33:4e:3c:4d:df:ce:
         95:63:40:f6:69:52:27:10:3e:1b:c7:a4:08:5f:f3:8f:4c:ce:
         1b:cb:e3:2f:a2:11:df:f2:a0:93:50:1a:27:ce:4f:fb:d1:2a:
         04:d4:bf:59:3d:b9:24:f2:52:6c:a7:b2:a7:7a:e1:2e:d5:84:
         f0:4a:51:43:ca:12:de:78:a8:56:e9:49:98:e6:af:be:d7:b9:
         65:80:2e:35:2b:59:29:26:3c:c7:4f:95:19:88:20:bc:12:ea:
         d4:3d:6d:48:97:b7:6c:e2:e9:11:04:a3:7a:1b:e9:06:fd:00:
         a2:8c:dc:d6:9e:34:0d:91:12:8b:4d:f8:a3:80:74:9d:a2:45:
         06:2f:70:b5:b5:27:15:37:3d:ba:23:15:ad:09:7e:10:76:dc:
         17:b9:9f:c9:4a:5c:aa:de:2f:c2:db:e8:9b:12:63:d5:ad:f9:
         c8:3b:d6:a0:b6:86:f3:1e:0c:7e:b0:3d:05:f5:c3:d9:39:7f:
         d8:a0:4d:90:34:d2:f3:0d:9d:c5:0b:4c:78:d6:a4:8c:98:a9:
         57:84:c9:01:78:97:a0:b7:3c:2f:bb:a0:05:b8:62:03:69:90:
         f3:e6:d4:07:70:08:60:e6:3c:97:4f:f4:b6:b4:47:47:a5:1f:
         c5:21:d8:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbd8rXGZshtUE7T3XFM7hmIdQ+cwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAyMTMyWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NmYzYTZhZGM1MmI5NmJlY2JkOGNlYjFhNjRhMjRhNzU3
MGE1YTQwNjEyYWJmMDRlZGVmMTgzMDgxOWJjNzIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPabNy2/Mv+KuiguhmVmq6sLjE55hfza3fKGc3FHh3RZO4
F4zhMnhdglTuLEWmH85zdyRmVYZXh/jxYoU74lnLn9fDuNPs5eQ/ws67nH3vXEd4
OWRVjKXG5zU3j6kXMHkXQxEJGuLf3j/5QES5eMmyXSS/U6evEmgUlduVPg+NCHVp
ktYR/6Hi0G4Wu0YoE9cGrgLsQwF6vGR46zqDdIxOjJWZkNCuupjIBovTP0si/awR
S+IyE23mK9S/DHIJKGGWXc9BspHJQmhvRKOtkCIFsCmYaZlRdNp7fbPtebblxM46
05+pa67V0CNHI+pctMd+qcfgJOI9V+LZYXyxEWatAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoxZ5ivBUL+uiwgPZDttn8pD+iJUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE2YjljMzc3LWY4MGQtNGQ3Zi1hNDNiLTVmZjc4OTYzMDQ5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcYkYAwDQYJKoZIhvcNAQELBQADggEBAE0SgizHBkBKSqZRxzNOPE3fzpVj
QPZpUicQPhvHpAhf849MzhvL4y+iEd/yoJNQGifOT/vRKgTUv1k9uSTyUmynsqd6
4S7VhPBKUUPKEt54qFbpSZjmr77XuWWALjUrWSkmPMdPlRmIILwS6tQ9bUiXt2zi
6REEo3ob6Qb9AKKM3NaeNA2REotN+KOAdJ2iRQYvcLW1JxU3PbojFa0JfhB23Be5
n8lKXKreL8Lb6JsSY9Wt+cg71qC2hvMeDH6wPQX1w9k5f9igTZA00vMNncULTHjW
pIyYqVeEyQF4l6C3PC+7oAW4YgNpkPPm1AdwCGDmPJdP9La0R0elH8Uh2OI=
-----END CERTIFICATE-----