Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/591acf32-d365-4f92-a730-b14202d5b086.roa
File:                     591acf32-d365-4f92-a730-b14202d5b086.roa (raw, json)
Hash identifier:          580oaWGGoCN5TUFEIn6Uri9CveoXYjMLPKcU+ccEip4=
Subject key identifier:   5C:76:41:96:F0:3F:CF:F2:7C:9D:3F:B4:0B:A9:6F:58:1C:42:B2:09
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47F4E47A4A7B7F447178AD22936B4748EFAB6406
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/591acf32-d365-4f92-a730-b14202d5b086.roa
Signing time:             Tue 21 Oct 2025 00:20:49 +0000
ROA not before:           Tue 21 Oct 2025 00:20:49 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        129.224.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:f4:e4:7a:4a:7b:7f:44:71:78:ad:22:93:6b:47:48:ef:ab:64:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:20:49 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=bde918d861a03637feedaa72ab8490ae95f05ec91fc4d014aaa147a965ba99ef, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2a:f4:db:29:2d:b1:0a:6a:82:e5:58:c6:ce:
                    a2:9f:51:c7:44:90:c9:4a:51:f3:e1:98:ec:66:ac:
                    3b:08:96:84:97:f6:36:2f:9c:9e:0f:92:6a:e4:9d:
                    5f:27:2b:13:59:21:70:a1:8d:0b:2a:b6:bf:a6:e2:
                    19:4e:3b:07:b2:05:90:da:d5:d1:2a:5c:12:6c:e0:
                    b8:48:3e:5a:8a:69:94:93:db:74:41:3d:5a:86:51:
                    f3:88:59:09:3d:7c:a6:6d:80:0a:47:5b:ed:60:b5:
                    59:5b:87:95:53:e9:21:b5:35:af:76:01:3b:dc:d9:
                    f4:cb:a3:1b:7d:d3:4b:ed:8a:b5:4d:3d:78:fc:c3:
                    66:b3:a9:4d:5b:71:39:aa:94:fb:99:85:1f:ce:74:
                    85:67:3a:38:fc:18:62:08:ba:7c:53:a3:e1:1d:15:
                    86:e8:13:02:8a:93:78:f3:95:18:76:f9:cc:de:8f:
                    b4:7e:b5:7b:87:f9:09:6a:89:40:39:ee:67:8b:31:
                    d4:c1:29:c5:19:3a:28:66:84:05:c1:7a:c3:18:b1:
                    98:6a:d0:04:63:1d:18:ae:f2:58:ae:af:14:27:c4:
                    79:0e:a4:9f:26:d0:a4:37:2d:61:a8:07:b2:49:10:
                    52:6a:b3:36:b4:84:a3:35:cd:a1:62:3c:d2:58:de:
                    32:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:76:41:96:F0:3F:CF:F2:7C:9D:3F:B4:0B:A9:6F:58:1C:42:B2:09
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/591acf32-d365-4f92-a730-b14202d5b086.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.224.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9f:ac:7d:7a:03:bd:fc:d4:24:88:fa:77:6b:88:0f:21:0a:ea:
         7b:4d:4f:c7:51:58:85:1a:31:b1:46:a8:8f:9a:e7:2f:20:56:
         6d:cf:20:0d:2a:d4:49:17:f6:cc:ef:b7:c4:7e:f6:b1:78:10:
         a3:f6:37:d9:ed:54:21:e3:95:a6:e8:9c:1e:d4:0a:75:03:f5:
         1c:ea:ef:8f:98:87:68:1f:f0:a6:79:15:03:c4:03:1f:42:a5:
         a0:88:77:c1:15:8a:f6:6e:70:7f:88:bc:55:97:16:aa:e5:ec:
         76:25:c9:04:c5:5d:eb:1f:6e:b3:78:17:39:a4:dc:01:f9:49:
         ec:df:b0:0a:26:9c:00:b1:22:ea:c3:2e:e3:51:78:e5:54:48:
         ce:19:74:0e:f3:f9:38:14:c5:39:0c:4a:b2:65:01:61:78:7e:
         59:61:7a:87:1b:8a:73:85:33:43:8c:a0:37:de:9f:ed:8a:79:
         9b:15:4e:23:3b:7f:b3:91:ce:62:0b:ef:11:63:93:a8:7c:a5:
         f3:0a:1b:09:67:8a:db:c5:ce:a0:db:7f:c6:74:9b:ec:4f:9e:
         f9:d4:f1:e0:01:4a:c7:ed:ac:dc:3c:7f:0b:a1:d4:0c:2d:35:
         21:aa:55:04:62:97:32:eb:62:32:83:92:da:36:6b:60:f3:e2:
         94:ea:31:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR/Tkekp7f0RxeK0ik2tHSO+rZAYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAyMDQ5WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZGU5MThkODYxYTAzNjM3ZmVlZGFhNzJhYjg0OTBhZTk1
ZjA1ZWM5MWZjNGQwMTRhYWExNDdhOTY1YmE5OWVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0KvTbKS2xCmqC5VjGzqKfUcdEkMlKUfPhmOxmrDsIloSX
9jYvnJ4PkmrknV8nKxNZIXChjQsqtr+m4hlOOweyBZDa1dEqXBJs4LhIPlqKaZST
23RBPVqGUfOIWQk9fKZtgApHW+1gtVlbh5VT6SG1Na92ATvc2fTLoxt900vtirVN
PXj8w2azqU1bcTmqlPuZhR/OdIVnOjj8GGIIunxTo+EdFYboEwKKk3jzlRh2+cze
j7R+tXuH+QlqiUA57meLMdTBKcUZOihmhAXBesMYsZhq0ARjHRiu8liurxQnxHkO
pJ8m0KQ3LWGoB7JJEFJqsza0hKM1zaFiPNJY3jKPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXHZBlvA/z/J8nT+0C6lvWBxCsgkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5MWFjZjMyLWQzNjUtNGY5Mi1hNzMwLWIxNDIwMmQ1YjA4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaB4IAwDQYJKoZIhvcNAQELBQADggEBAJ+sfXoDvfzUJIj6d2uIDyEK6ntN
T8dRWIUaMbFGqI+a5y8gVm3PIA0q1EkX9szvt8R+9rF4EKP2N9ntVCHjlabonB7U
CnUD9Rzq74+Yh2gf8KZ5FQPEAx9CpaCId8EVivZucH+IvFWXFqrl7HYlyQTFXesf
brN4Fzmk3AH5SezfsAomnACxIurDLuNReOVUSM4ZdA7z+TgUxTkMSrJlAWF4fllh
eocbinOFM0OMoDfen+2KeZsVTiM7f7ORzmIL7xFjk6h8pfMKGwlnitvFzqDbf8Z0
m+xPnvnU8eABSsftrNw8fwuh1AwtNSGqVQRilzLrYjKDkto2a2Dz4pTqMWs=
-----END CERTIFICATE-----