Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c4e920b-ec71-48a2-8a49-a9e978539728.roa
File:                     4c4e920b-ec71-48a2-8a49-a9e978539728.roa (raw, json)
Hash identifier:          h03QeBrXDt7Su/9PneGxVf15eHDRlZZ4IyExreqxZg0=
Subject key identifier:   92:34:F1:2C:5F:9E:20:DC:68:B9:46:2A:16:02:1A:32:99:D3:86:32
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F38C9FD8B16B277C8F2310F6DB3AEA686072AB9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c4e920b-ec71-48a2-8a49-a9e978539728.roa
Signing time:             Sun 26 Oct 2025 00:50:05 +0000
ROA not before:           Sun 26 Oct 2025 00:50:05 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.136.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:38:c9:fd:8b:16:b2:77:c8:f2:31:0f:6d:b3:ae:a6:86:07:2a:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:50:05 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=7617f990074492651427cc90d874b3233320f90490223ef45acde2350c699b6b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:37:18:67:13:6f:27:e9:7e:ce:10:67:28:3b:
                    03:2a:ba:81:bf:c4:09:52:37:f0:98:5d:fe:11:73:
                    13:8a:38:a6:f9:1b:99:1e:b3:9d:9b:10:b8:2e:da:
                    d5:e3:ec:fb:50:14:be:8c:0d:22:dc:19:92:8d:dd:
                    6c:67:a3:dd:ec:59:0b:43:d9:4b:69:86:9b:80:61:
                    5c:eb:9c:39:c7:e7:58:f5:65:23:4a:4f:58:4b:9f:
                    ed:ed:1b:dd:ee:05:7c:5b:72:20:fb:b4:cd:fb:c4:
                    94:53:85:18:a4:b9:9d:5b:f8:88:2c:55:e4:5d:51:
                    82:8f:2f:ef:4f:d8:c7:c4:5c:ec:6f:9d:f5:56:48:
                    c6:95:ed:08:c8:28:b6:c7:be:54:bb:ca:54:62:6a:
                    4d:75:54:a4:f6:64:97:7e:9d:9c:b2:5f:a3:65:da:
                    3e:71:68:87:81:20:47:17:22:c4:05:87:ea:ab:5e:
                    ec:10:ea:37:d7:52:03:c3:b1:79:b9:65:70:09:20:
                    93:6e:85:5b:9d:95:b2:e4:d1:61:bf:8f:db:3a:04:
                    d1:59:7d:76:4b:b7:08:78:88:2d:ca:f9:17:f6:32:
                    8e:84:4d:31:80:84:5d:07:41:8d:24:19:f2:ac:0a:
                    35:bd:83:55:fe:52:cd:b0:87:8c:dc:8d:c5:8e:65:
                    8d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:34:F1:2C:5F:9E:20:DC:68:B9:46:2A:16:02:1A:32:99:D3:86:32
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c4e920b-ec71-48a2-8a49-a9e978539728.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.136.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         56:33:01:09:f1:92:4c:6b:a0:ac:fb:cb:da:e1:08:ca:ae:8c:
         a8:26:34:d4:1d:cc:a5:65:13:4e:3c:c8:91:ad:c9:f0:05:29:
         9b:25:71:f5:ab:1c:40:9d:f8:0e:f1:58:6a:34:07:ee:1c:4a:
         a7:7b:90:32:83:7f:78:97:8b:bb:e9:b1:6d:21:b5:53:aa:43:
         14:2f:e1:fa:84:7f:63:56:ec:d6:4f:b2:fd:62:68:22:80:62:
         7f:2f:4d:07:e4:9c:69:9a:40:3a:fb:c2:09:1c:4c:af:f4:49:
         ff:7d:02:60:e2:a8:6d:72:c1:15:aa:e4:77:a7:92:83:38:a7:
         68:35:39:9f:9e:14:b4:50:0b:39:f0:91:2e:c6:d7:d0:13:5b:
         77:52:b1:d4:d2:e8:da:38:f1:91:ce:08:d2:0c:80:d6:b5:f7:
         53:97:98:13:e5:a4:ee:02:11:a5:06:d4:bd:86:60:f1:ef:29:
         d9:89:b9:9c:4c:bc:9a:cf:a4:78:17:52:d8:74:2f:21:b6:be:
         fb:1f:5c:b4:31:ed:48:5f:7a:8c:31:a3:3a:d9:e8:fd:a4:4d:
         cd:0f:7a:18:58:e0:62:47:b5:3a:dd:ba:0b:dd:3b:38:79:e4:
         b4:c6:c2:7a:bf:8c:36:60:a7:a7:f9:6c:e0:ff:74:1b:b0:e0:
         d7:6a:55:57
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbzjJ/YsWsnfI8jEPbbOupoYHKrkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDA1MDA1WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjE3Zjk5MDA3NDQ5MjY1MTQyN2NjOTBkODc0YjMyMzMz
MjBmOTA0OTAyMjNlZjQ1YWNkZTIzNTBjNjk5YjZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKNxhnE28n6X7OEGcoOwMquoG/xAlSN/CYXf4RcxOKOKb5
G5kes52bELgu2tXj7PtQFL6MDSLcGZKN3Wxno93sWQtD2UtphpuAYVzrnDnH51j1
ZSNKT1hLn+3tG93uBXxbciD7tM37xJRThRikuZ1b+IgsVeRdUYKPL+9P2MfEXOxv
nfVWSMaV7QjIKLbHvlS7ylRiak11VKT2ZJd+nZyyX6Nl2j5xaIeBIEcXIsQFh+qr
XuwQ6jfXUgPDsXm5ZXAJIJNuhVudlbLk0WG/j9s6BNFZfXZLtwh4iC3K+Rf2Mo6E
TTGAhF0HQY0kGfKsCjW9g1X+Us2wh4zcjcWOZY1xAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkjTxLF+eINxouUYqFgIaMpnThjIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjNGU5MjBiLWVjNzEtNDhhMi04YTQ5LWE5ZTk3ODUzOTcyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2iDANBgkqhkiG9w0BAQsFAAOCAQEAVjMBCfGSTGugrPvL2uEIyq6MqCY0
1B3MpWUTTjzIka3J8AUpmyVx9ascQJ34DvFYajQH7hxKp3uQMoN/eJeLu+mxbSG1
U6pDFC/h+oR/Y1bs1k+y/WJoIoBify9NB+ScaZpAOvvCCRxMr/RJ/30CYOKobXLB
Farkd6eSgzinaDU5n54UtFALOfCRLsbX0BNbd1Kx1NLo2jjxkc4I0gyA1rX3U5eY
E+Wk7gIRpQbUvYZg8e8p2Ym5nEy8ms+keBdS2HQvIba++x9ctDHtSF96jDGjOtno
/aRNzQ96GFjgYke1Ot26C907OHnktMbCer+MNmCnp/ls4P90G7Dg12pVVw==
-----END CERTIFICATE-----