Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ebe663e-d582-4b76-9fdf-0f6029f48820.roa
File:                     1ebe663e-d582-4b76-9fdf-0f6029f48820.roa (raw, json)
Hash identifier:          NxRXdZogXCHXBrgmwc0XjcWorCgNB/htSdqElS9S0bs=
Subject key identifier:   48:2D:F9:41:89:E2:47:9E:37:2B:88:FA:D1:B1:9E:5D:EF:2A:55:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       59FBA93106F39DCC5C4EE8BA7444EAB29667F2C8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ebe663e-d582-4b76-9fdf-0f6029f48820.roa
Signing time:             Fri 31 Oct 2025 21:38:30 +0000
ROA not before:           Fri 31 Oct 2025 21:38:30 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        166.117.176.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:fb:a9:31:06:f3:9d:cc:5c:4e:e8:ba:74:44:ea:b2:96:67:f2:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 21:38:30 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=5d8783b51ed14876ffb8469cadd841e61102befc96cebee8157218372c33334d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:70:b7:67:c0:86:48:fa:84:b5:a9:51:3d:97:
                    29:10:6f:ed:30:3b:3e:a3:ff:1f:59:7f:20:d8:29:
                    ce:01:68:fe:c8:c6:7c:6b:0a:bb:20:ab:88:1f:a6:
                    5f:f5:46:01:5c:7c:ed:5e:7a:87:dc:b8:fd:cd:2e:
                    a5:2c:1f:af:92:9f:9f:34:b7:e3:1f:dc:bd:8e:eb:
                    bf:95:50:fd:1f:c5:21:7a:48:6f:68:b6:3e:cc:4f:
                    32:6e:45:e6:96:45:db:01:e7:75:1d:7b:63:4d:c4:
                    5d:92:06:5d:92:74:2f:d2:47:d5:b4:67:8a:85:25:
                    ee:6e:64:93:90:ad:08:46:59:a7:79:01:c1:47:a0:
                    07:88:d1:0c:22:d0:01:c7:f6:f4:ab:8d:a6:5d:42:
                    77:e7:bf:c1:4f:3c:f3:d3:26:43:d5:c4:fc:95:68:
                    74:23:35:48:06:aa:5c:42:43:88:25:d8:2c:d5:ac:
                    fd:f9:9e:08:61:5b:46:4f:3e:39:bb:00:35:02:27:
                    dc:47:a0:44:b3:05:1a:1f:e2:28:7b:e7:1f:c6:8e:
                    8f:bb:fe:24:cb:fc:c6:f9:6f:40:f8:14:db:92:6e:
                    15:9a:7d:93:3d:86:d5:7c:54:3a:5f:84:c6:ea:2d:
                    19:8a:2c:2e:d1:ba:4d:da:5d:61:03:16:14:fc:d0:
                    e4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:2D:F9:41:89:E2:47:9E:37:2B:88:FA:D1:B1:9E:5D:EF:2A:55:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ebe663e-d582-4b76-9fdf-0f6029f48820.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.117.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:a1:e1:62:87:b8:62:e6:db:21:05:b2:50:0a:ba:0c:5e:2e:
         3f:93:ef:17:b2:cb:6c:35:58:6d:fc:46:a3:16:c2:12:f6:8c:
         21:5e:77:70:3a:d4:59:04:16:ea:c0:40:28:b4:27:f0:df:22:
         07:f0:0d:c2:a7:b9:77:be:39:fb:ca:ee:9d:e9:a0:91:d2:6f:
         70:1f:ba:04:29:4d:33:73:5e:02:e9:52:d0:98:08:ad:a3:b7:
         90:e7:c1:0b:62:36:28:5d:1d:d0:a8:e2:4e:e9:44:d0:7c:3a:
         49:88:5a:a7:a8:3c:a7:7c:9d:98:43:ce:ca:36:65:77:0f:47:
         5c:f2:86:22:26:50:b4:7d:55:96:c4:b2:8c:95:4e:5d:f9:f1:
         a3:a3:da:37:1e:ca:89:5b:e5:fb:21:00:5d:0c:ee:ef:f4:2c:
         9c:8c:38:fa:0c:ec:6b:f1:1a:84:7e:20:5d:d8:18:7f:23:bb:
         8a:ca:08:a0:6b:16:b3:dc:ee:bb:1b:f3:3d:eb:31:07:32:69:
         40:da:cc:b2:cd:3b:ff:f8:92:34:75:ed:75:77:d9:06:ac:78:
         99:cd:1c:b1:85:cb:cd:b6:10:ea:6f:aa:6d:2c:0f:d4:fd:66:
         9c:78:ef:3c:5e:ae:46:eb:64:c1:83:d1:f9:d9:fa:2e:a2:14:
         a2:10:b9:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWfupMQbzncxcTui6dETqspZn8sgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMjEzODMwWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDg3ODNiNTFlZDE0ODc2ZmZiODQ2OWNhZGQ4NDFlNjEx
MDJiZWZjOTZjZWJlZTgxNTcyMTgzNzJjMzMzMzRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCycLdnwIZI+oS1qVE9lykQb+0wOz6j/x9ZfyDYKc4BaP7I
xnxrCrsgq4gfpl/1RgFcfO1eeofcuP3NLqUsH6+Sn580t+Mf3L2O67+VUP0fxSF6
SG9otj7MTzJuReaWRdsB53Ude2NNxF2SBl2SdC/SR9W0Z4qFJe5uZJOQrQhGWad5
AcFHoAeI0Qwi0AHH9vSrjaZdQnfnv8FPPPPTJkPVxPyVaHQjNUgGqlxCQ4gl2CzV
rP35nghhW0ZPPjm7ADUCJ9xHoESzBRof4ih75x/Gjo+7/iTL/Mb5b0D4FNuSbhWa
fZM9htV8VDpfhMbqLRmKLC7Ruk3aXWEDFhT80OT9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSC35QYniR543K4j60bGeXe8qVQowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFlYmU2NjNlLWQ1ODItNGI3Ni05ZmRmLTBmNjAyOWY0ODgyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASmdbAwDQYJKoZIhvcNAQELBQADggEBAGOh4WKHuGLm2yEFslAKugxeLj+T
7xeyy2w1WG38RqMWwhL2jCFed3A61FkEFurAQCi0J/DfIgfwDcKnuXe+OfvK7p3p
oJHSb3AfugQpTTNzXgLpUtCYCK2jt5DnwQtiNihdHdCo4k7pRNB8OkmIWqeoPKd8
nZhDzso2ZXcPR1zyhiImULR9VZbEsoyVTl358aOj2jceyolb5fshAF0M7u/0LJyM
OPoM7GvxGoR+IF3YGH8ju4rKCKBrFrPc7rsb8z3rMQcyaUDazLLNO//4kjR17XV3
2QaseJnNHLGFy822EOpvqm0sD9T9Zpx47zxerkbrZMGD0fnZ+i6iFKIQuY0=
-----END CERTIFICATE-----