Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b64690b-4047-48e6-9109-1756a08e1c57.roa
File:                     4b64690b-4047-48e6-9109-1756a08e1c57.roa (raw, json)
Hash identifier:          PYI3oTGNoDZnc9fIR6aIaWqO0PaTGpOE/+T5mT1xMWY=
Subject key identifier:   C2:69:1B:5F:2E:70:3E:33:75:5B:EF:78:D5:28:29:05:8B:E7:51:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02535B1C5C7619C7D2184A773ED9790076324AFE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b64690b-4047-48e6-9109-1756a08e1c57.roa
Signing time:             Fri 31 Oct 2025 00:20:02 +0000
ROA not before:           Fri 31 Oct 2025 00:20:02 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.160.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:53:5b:1c:5c:76:19:c7:d2:18:4a:77:3e:d9:79:00:76:32:4a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:20:02 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=b4cd7f1ce1f76aacec9b651335cc7339a832df05e1525bb85c84f0d9acb3ed1e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ab:3e:4d:b9:99:3c:02:09:39:81:91:ae:05:
                    d4:26:b2:2e:28:bb:3f:3b:60:fd:bb:f8:68:17:bd:
                    c4:aa:95:0f:2f:3e:14:4f:7a:e5:3b:54:e0:21:07:
                    6d:4a:39:1f:e9:b9:36:23:62:af:0c:85:84:ac:2c:
                    ad:78:14:b6:e6:f0:be:77:c7:b9:a5:c3:bd:09:3a:
                    a2:81:dd:f3:8d:c7:a8:ca:b2:9f:7e:42:f0:4d:58:
                    af:57:c4:92:e4:26:b1:db:fd:4e:f9:ad:a4:8d:d8:
                    7e:a5:1d:65:40:af:c4:cf:cc:1c:66:aa:76:50:7b:
                    15:76:84:b6:7f:e1:c0:f1:26:f3:cb:e7:c2:dc:d7:
                    3e:29:31:f8:eb:26:96:3e:30:23:59:c7:8f:29:87:
                    c2:a6:9a:7a:7c:e6:10:60:36:b9:15:8d:3d:14:7a:
                    1a:3d:52:21:2c:d4:85:c5:af:cf:2c:4b:2d:70:64:
                    5f:7d:1b:be:cd:89:45:a6:7c:f1:d5:a7:76:90:c7:
                    05:88:fd:e9:cf:fb:e8:96:b5:c5:77:b0:75:a3:bd:
                    65:e3:be:f9:db:c1:5a:62:76:ec:03:2f:85:17:81:
                    24:f2:9f:e0:f2:81:23:07:6a:56:19:60:fb:06:d7:
                    50:4e:20:87:5c:f1:51:12:6e:75:53:a2:b6:39:0f:
                    81:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:69:1B:5F:2E:70:3E:33:75:5B:EF:78:D5:28:29:05:8B:E7:51:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b64690b-4047-48e6-9109-1756a08e1c57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.160.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         53:03:48:f1:b3:cc:1d:46:78:b2:51:8d:64:5d:f9:24:bf:62:
         55:e8:ea:b7:19:82:be:98:3f:53:aa:cb:e8:e3:37:9c:27:ca:
         68:ff:6f:3f:86:d7:ba:d0:68:e8:9c:93:ff:af:15:95:f6:62:
         81:f9:19:6a:db:64:64:bc:a0:a3:77:58:ff:30:6b:b3:3f:35:
         72:c3:cf:19:b6:71:28:f2:eb:49:88:07:31:1e:43:6d:56:8f:
         98:82:6c:3d:0c:99:e4:0c:31:be:61:5a:bf:c9:ec:9f:be:7c:
         ac:18:1f:05:f5:65:50:7e:81:a1:8f:c1:30:12:3f:22:5a:d5:
         68:0b:17:64:4d:1f:0b:12:91:5e:48:e5:6a:d2:00:dd:21:97:
         bd:89:29:45:6b:3e:6b:f6:97:aa:e9:99:c7:cf:cf:6f:45:54:
         0f:4a:a6:6a:09:4b:87:6e:e1:71:88:c1:f0:db:85:10:5f:36:
         92:6c:61:e6:2e:90:59:8f:7e:d6:13:1e:df:e8:1d:2b:49:6f:
         bc:12:a1:da:08:9c:7b:25:32:cf:0b:28:47:6b:92:97:a0:b0:
         41:5c:ab:5a:de:a9:7f:7d:2d:33:8a:b9:ce:d4:e4:98:0a:df:
         56:c1:f2:2f:f0:26:31:7b:ca:84:b6:cf:4e:03:0c:07:1d:52:
         35:06:1d:37
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAlNbHFx2GcfSGEp3Ptl5AHYySv4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAyMDAyWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNGNkN2YxY2UxZjc2YWFjZWM5YjY1MTMzNWNjNzMzOWE4
MzJkZjA1ZTE1MjViYjg1Yzg0ZjBkOWFjYjNlZDFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3qz5NuZk8Agk5gZGuBdQmsi4ouz87YP27+GgXvcSqlQ8v
PhRPeuU7VOAhB21KOR/puTYjYq8MhYSsLK14FLbm8L53x7mlw70JOqKB3fONx6jK
sp9+QvBNWK9XxJLkJrHb/U75raSN2H6lHWVAr8TPzBxmqnZQexV2hLZ/4cDxJvPL
58Lc1z4pMfjrJpY+MCNZx48ph8Kmmnp85hBgNrkVjT0Ueho9UiEs1IXFr88sSy1w
ZF99G77NiUWmfPHVp3aQxwWI/enP++iWtcV3sHWjvWXjvvnbwVpiduwDL4UXgSTy
n+DygSMHalYZYPsG11BOIIdc8VESbnVTorY5D4EPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwmkbXy5wPjN1W+941SgpBYvnUdwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRiNjQ2OTBiLTQwNDctNDhlNi05MTA5LTE3NTZhMDhlMWM1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwANoDANBgkqhkiG9w0BAQsFAAOCAQEAUwNI8bPMHUZ4slGNZF35JL9iVejq
txmCvpg/U6rL6OM3nCfKaP9vP4bXutBo6JyT/68VlfZigfkZattkZLygo3dY/zBr
sz81csPPGbZxKPLrSYgHMR5DbVaPmIJsPQyZ5AwxvmFav8nsn758rBgfBfVlUH6B
oY/BMBI/IlrVaAsXZE0fCxKRXkjlatIA3SGXvYkpRWs+a/aXqumZx8/Pb0VUD0qm
aglLh27hcYjB8NuFEF82kmxh5i6QWY9+1hMe3+gdK0lvvBKh2giceyUyzwsoR2uS
l6CwQVyrWt6pf30tM4q5ztTkmArfVsHyL/AmMXvKhLbPTgMMBx1SNQYdNw==
-----END CERTIFICATE-----