Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c32d065-6dc1-41e7-add0-dbb0800942ae.roa
File:                     5c32d065-6dc1-41e7-add0-dbb0800942ae.roa (raw, json)
Hash identifier:          ZQcVVNJ+7wf0R6fZAhCdlF8W8nUK2+F0oN40AuUzf3E=
Subject key identifier:   21:18:8E:45:36:42:C0:F9:4C:B0:1E:63:94:79:81:F6:AF:73:77:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5ABF99A8035993EC857A270A802B677E368B2EE8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c32d065-6dc1-41e7-add0-dbb0800942ae.roa
Signing time:             Sun 02 Nov 2025 00:40:10 +0000
ROA not before:           Sun 02 Nov 2025 00:40:10 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.17.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:bf:99:a8:03:59:93:ec:85:7a:27:0a:80:2b:67:7e:36:8b:2e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:40:10 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=db7655c3c2b75c5de3702097c42c47cea25b6223f8bab308974cd96cab825386, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b2:2b:6b:86:71:9e:8b:cd:65:bd:7a:95:cf:
                    76:a2:d5:ee:05:73:76:cf:b7:46:ff:33:17:11:1d:
                    ec:e5:f5:b2:12:32:e1:36:fa:5b:03:b3:88:e4:20:
                    f1:d5:21:70:0d:a5:19:e8:86:b8:92:c8:f0:86:00:
                    21:26:1c:c1:75:e0:25:bd:f5:9b:07:75:45:d8:23:
                    05:44:d1:29:fd:fb:1f:5c:09:02:91:ab:20:cb:92:
                    4b:f3:e2:ac:d8:85:94:b9:53:d7:a2:f6:44:cc:6b:
                    15:7a:6c:3d:56:80:f0:f6:04:39:91:5a:b2:df:6a:
                    59:2f:e9:fb:09:0a:20:c6:3c:71:81:9f:4c:e5:a0:
                    a0:7e:e9:28:6a:b6:7f:3c:31:f7:08:e9:37:86:84:
                    d8:24:66:d6:84:ed:24:cd:ba:70:cc:0b:c4:28:95:
                    c8:31:c2:1f:56:30:a3:c6:36:08:98:4c:87:bb:3f:
                    42:91:4c:2b:8c:07:42:d9:1b:da:47:b6:05:75:c3:
                    16:cf:9a:84:ce:fb:d7:8c:b1:06:fb:12:4b:ec:3d:
                    57:5e:8c:7e:e5:d6:21:1b:0f:f3:97:e6:78:bc:f7:
                    84:28:92:0e:2d:08:d2:89:d1:e0:25:f8:33:e3:37:
                    85:c1:5b:00:75:28:5d:29:7d:13:d1:8e:f7:af:7b:
                    a1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:18:8E:45:36:42:C0:F9:4C:B0:1E:63:94:79:81:F6:AF:73:77:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c32d065-6dc1-41e7-add0-dbb0800942ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.17.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         15:ac:6b:45:a7:f3:6f:05:e5:2b:0e:d2:be:b2:a0:90:4f:87:
         d3:73:2a:5b:31:f2:55:9c:39:0a:0f:22:e4:e3:f0:02:b8:60:
         a1:17:8a:c4:d0:5a:8c:af:bd:6f:23:a5:20:b1:26:53:aa:67:
         7e:d4:c8:80:ea:d2:ca:2e:0b:46:e4:cb:1a:c2:45:4e:63:d7:
         2c:84:63:a1:49:72:85:e1:6a:ad:61:82:53:57:c1:d7:f2:4a:
         f2:74:20:30:bc:48:31:e3:92:28:3c:17:ce:95:01:1c:60:eb:
         9c:a8:40:59:89:97:fc:3d:29:12:bd:2c:ba:6b:1f:3b:29:9b:
         8b:5a:6a:5f:f3:e6:bc:57:ff:34:8b:82:af:d9:ce:bb:27:ac:
         4a:bf:65:7a:55:95:0a:0c:80:4f:a0:19:f5:b0:6c:33:dd:7c:
         01:f5:0f:fb:76:67:b9:22:a9:18:c2:d6:34:f3:73:69:d7:6d:
         ce:8b:09:1b:61:e7:81:99:78:b9:fc:82:43:e5:71:11:54:6b:
         de:29:de:14:e0:9b:05:d4:bb:57:20:be:52:b0:cd:d9:84:0b:
         d3:59:d5:f1:3f:af:ce:2f:c1:b1:10:51:f6:fd:1c:31:c1:1a:
         61:ba:94:40:70:28:cc:87:9c:0c:4c:18:da:ab:0e:92:42:fb:
         8b:1c:9d:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWr+ZqANZk+yFeicKgCtnfjaLLugwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MDEwWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjc2NTVjM2MyYjc1YzVkZTM3MDIwOTdjNDJjNDdjZWEy
NWI2MjIzZjhiYWIzMDg5NzRjZDk2Y2FiODI1Mzg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgsitrhnGei81lvXqVz3ai1e4Fc3bPt0b/MxcRHezl9bIS
MuE2+lsDs4jkIPHVIXANpRnohriSyPCGACEmHMF14CW99ZsHdUXYIwVE0Sn9+x9c
CQKRqyDLkkvz4qzYhZS5U9ei9kTMaxV6bD1WgPD2BDmRWrLfalkv6fsJCiDGPHGB
n0zloKB+6Shqtn88MfcI6TeGhNgkZtaE7STNunDMC8Qolcgxwh9WMKPGNgiYTIe7
P0KRTCuMB0LZG9pHtgV1wxbPmoTO+9eMsQb7EkvsPVdejH7l1iEbD/OX5ni894Qo
kg4tCNKJ0eAl+DPjN4XBWwB1KF0pfRPRjveve6GVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIRiORTZCwPlMsB5jlHmB9q9zd4wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVjMzJkMDY1LTZkYzEtNDFlNy1hZGQwLWRiYjA4MDA5NDJhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdIEYAwDQYJKoZIhvcNAQELBQADggEBABWsa0Wn828F5SsO0r6yoJBPh9Nz
Klsx8lWcOQoPIuTj8AK4YKEXisTQWoyvvW8jpSCxJlOqZ37UyIDq0souC0bkyxrC
RU5j1yyEY6FJcoXhaq1hglNXwdfySvJ0IDC8SDHjkig8F86VARxg65yoQFmJl/w9
KRK9LLprHzspm4taal/z5rxX/zSLgq/ZzrsnrEq/ZXpVlQoMgE+gGfWwbDPdfAH1
D/t2Z7kiqRjC1jTzc2nXbc6LCRth54GZeLn8gkPlcRFUa94p3hTgmwXUu1cgvlKw
zdmEC9NZ1fE/r84vwbEQUfb9HDHBGmG6lEBwKMyHnAxMGNqrDpJC+4scnSE=
-----END CERTIFICATE-----