Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa
File:                     2651bd32-be0e-47db-b5f3-aa5e30add0da.roa (raw, json)
Hash identifier:          t1mDmQAkUksYy7xiKftjfUjvCAXKMHrOav0C1IeGshs=
Subject key identifier:   64:A1:59:7F:0B:5E:F0:88:EA:2F:F0:CD:79:07:DE:FF:5E:5A:3E:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3BE567897E52FE8B53ED65D485B56E0C7D13BCD3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa
Signing time:             Wed 22 Oct 2025 00:30:56 +0000
ROA not before:           Wed 22 Oct 2025 00:30:56 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.143.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:e5:67:89:7e:52:fe:8b:53:ed:65:d4:85:b5:6e:0c:7d:13:bc:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:30:56 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=4909b8cb94e3abbff3fdc85442a37118f21a3a9e34f8a7c44d9844095df62fa2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:de:aa:ba:4d:ec:61:b9:a6:ee:c5:90:8b:d9:
                    73:6c:af:7d:3f:e0:a2:76:73:ee:b8:d2:fb:9c:d8:
                    ff:46:fb:3b:fd:5a:77:cd:17:11:13:14:55:16:8d:
                    d1:a2:b2:63:96:ca:9f:8c:d2:e4:a9:30:77:13:2b:
                    b4:6a:54:4b:76:d7:0e:24:94:c4:9c:7c:f3:20:39:
                    87:87:fc:3b:d2:6b:c1:b3:ba:6f:a2:55:ce:4f:3d:
                    63:39:fe:2f:b0:d2:91:9e:f9:eb:c9:e9:c4:b7:59:
                    b6:e1:2b:a1:ab:6f:fc:83:e9:aa:bc:7d:f8:c9:0d:
                    aa:27:f1:27:68:9a:f3:59:ed:58:3c:92:e6:f5:1e:
                    61:02:e2:f2:d0:67:78:a8:aa:ca:0c:6d:b8:24:73:
                    e8:02:4b:83:c6:3e:82:1d:9c:d2:bc:49:91:1d:40:
                    ca:f4:e6:4f:8b:74:ac:25:2f:dc:83:f4:bc:48:5e:
                    e3:ab:ba:6b:a8:49:24:8c:4a:42:72:80:1e:15:4a:
                    90:76:35:7c:92:c2:e2:e5:ea:66:fb:d0:dc:5d:6c:
                    de:52:15:4b:0c:70:f2:ef:19:76:8c:bb:7a:88:a5:
                    44:32:13:37:d8:13:11:54:1c:7e:33:0b:f7:6d:5b:
                    cd:b3:40:38:70:78:d9:4c:db:d9:4a:a5:dd:28:0b:
                    67:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:A1:59:7F:0B:5E:F0:88:EA:2F:F0:CD:79:07:DE:FF:5E:5A:3E:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2651bd32-be0e-47db-b5f3-aa5e30add0da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.143.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         13:bd:43:f4:fa:54:2d:61:d1:d9:ac:2b:f8:fc:18:e5:5d:42:
         57:03:85:9e:e6:2c:9f:fe:7a:74:3a:22:fe:de:e6:8d:c1:3a:
         07:5d:a5:8f:a4:0a:aa:2f:ff:87:46:d2:fd:aa:6a:22:d1:be:
         e8:0e:c8:7c:d8:e9:98:cf:83:98:d0:5d:e7:1e:35:38:66:f7:
         83:ca:cb:4b:5c:17:01:28:b2:d9:84:6d:65:72:aa:cf:cb:5d:
         2b:c8:11:eb:58:44:bf:bd:3f:d0:bb:71:19:9e:d2:ce:07:3f:
         44:0e:b8:c8:eb:88:73:29:ca:e0:14:27:f9:cd:66:2b:4e:5b:
         a9:8f:26:8a:4b:ce:bc:f7:96:6b:a4:1a:55:cf:91:7a:d8:e0:
         44:75:37:59:94:de:db:22:2d:f2:d4:3a:93:68:45:90:67:a1:
         5f:19:08:b5:a8:ca:6c:15:39:71:a1:61:70:15:39:12:ac:f9:
         2b:94:1e:07:a3:e8:16:57:1f:8b:e3:05:fd:43:f8:72:00:9d:
         98:74:0c:61:41:27:7b:78:01:a3:92:be:21:37:8c:6b:86:37:
         31:d2:a7:31:f6:9b:7e:76:f4:81:a2:9f:79:05:36:b6:bc:c8:
         51:a4:17:e1:b0:e8:2e:23:c6:96:0d:f1:01:47:b4:27:ee:a7:
         17:0c:cf:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO+VniX5S/otT7WXUhbVuDH0TvNMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAzMDU2WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTA5YjhjYjk0ZTNhYmJmZjNmZGM4NTQ0MmEzNzExOGYy
MWEzYTllMzRmOGE3YzQ0ZDk4NDQwOTVkZjYyZmEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCU3qq6TexhuabuxZCL2XNsr30/4KJ2c+640vuc2P9G+zv9
WnfNFxETFFUWjdGismOWyp+M0uSpMHcTK7RqVEt21w4klMScfPMgOYeH/DvSa8Gz
um+iVc5PPWM5/i+w0pGe+evJ6cS3WbbhK6Grb/yD6aq8ffjJDaon8SdomvNZ7Vg8
kub1HmEC4vLQZ3ioqsoMbbgkc+gCS4PGPoIdnNK8SZEdQMr05k+LdKwlL9yD9LxI
XuOrumuoSSSMSkJygB4VSpB2NXySwuLl6mb70NxdbN5SFUsMcPLvGXaMu3qIpUQy
EzfYExFUHH4zC/dtW82zQDhweNlM29lKpd0oC2fXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZKFZfwte8IjqL/DNeQfe/15aProwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI2NTFiZDMyLWJlMGUtNDdkYi1iNWYzLWFhNWUzMGFkZDBkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeIjwAwDQYJKoZIhvcNAQELBQADggEBABO9Q/T6VC1h0dmsK/j8GOVdQlcD
hZ7mLJ/+enQ6Iv7e5o3BOgddpY+kCqov/4dG0v2qaiLRvugOyHzY6ZjPg5jQXece
NThm94PKy0tcFwEostmEbWVyqs/LXSvIEetYRL+9P9C7cRme0s4HP0QOuMjriHMp
yuAUJ/nNZitOW6mPJopLzrz3lmukGlXPkXrY4ER1N1mU3tsiLfLUOpNoRZBnoV8Z
CLWoymwVOXGhYXAVORKs+SuUHgej6BZXH4vjBf1D+HIAnZh0DGFBJ3t4AaOSviE3
jGuGNzHSpzH2m3529IGin3kFNra8yFGkF+Gw6C4jxpYN8QFHtCfupxcMzws=
-----END CERTIFICATE-----