Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63e25c4a-c2fc-44b1-af52-e1f752189824.roa
File:                     63e25c4a-c2fc-44b1-af52-e1f752189824.roa (raw, json)
Hash identifier:          0ONtGS3RCXRkl7iH58LGAkAK0vp3NAFVRUgWH9AxqV0=
Subject key identifier:   58:5C:B6:51:9B:B3:AB:66:7E:89:BA:EE:C0:CA:7C:F6:95:D8:50:16
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       25BE4E51C92D14F08619937DE7BB48D907FC5430
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63e25c4a-c2fc-44b1-af52-e1f752189824.roa
Signing time:             Tue 28 Oct 2025 00:00:10 +0000
ROA not before:           Tue 28 Oct 2025 00:00:10 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        46.168.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:be:4e:51:c9:2d:14:f0:86:19:93:7d:e7:bb:48:d9:07:fc:54:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:00:10 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=0db6d038655eff9b99d3f2d530e2f4c207e3b36cacc4009b586f167893f6719b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:38:53:c0:1c:cd:d4:76:e1:64:d5:b8:68:56:
                    a6:04:4b:8c:21:30:c4:25:ad:4f:0a:86:c4:a9:af:
                    b7:67:c5:21:3f:3b:91:4a:0e:f8:2b:1e:01:15:45:
                    16:3d:5a:10:bb:e4:55:4e:85:e3:a5:68:ca:a8:e8:
                    67:95:15:9a:6c:d6:39:a8:8b:dd:ee:d1:a7:88:46:
                    93:8b:df:c2:c1:d3:58:07:76:d9:6c:eb:42:09:b4:
                    4f:07:ee:6c:68:ff:87:c6:9c:37:da:7e:5c:44:79:
                    3e:a7:eb:8b:b5:6a:aa:ab:cd:8f:b1:8e:7a:fa:b1:
                    31:6a:bf:be:41:99:f1:6b:8d:67:11:36:30:3d:f0:
                    15:9f:6c:19:9f:d2:8e:cd:96:48:fa:7e:3a:84:c4:
                    c9:15:b8:74:ca:9e:2f:24:eb:9c:00:16:69:c0:de:
                    9f:2b:de:3a:12:40:56:da:74:02:71:00:80:71:1a:
                    c8:6f:af:84:06:6f:f7:61:78:16:a8:a6:68:33:1e:
                    72:0a:95:70:d5:2b:00:83:77:cb:87:1f:4e:35:14:
                    dc:b1:a3:f3:64:cf:0f:f2:46:cd:41:43:b3:9c:94:
                    ea:46:78:64:4b:eb:a8:62:7a:45:32:08:f1:3f:9f:
                    d0:f8:bc:d8:86:8e:64:5a:d3:43:0e:57:9d:d4:16:
                    0e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:5C:B6:51:9B:B3:AB:66:7E:89:BA:EE:C0:CA:7C:F6:95:D8:50:16
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63e25c4a-c2fc-44b1-af52-e1f752189824.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.168.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         2e:2c:7c:5a:0f:c6:fe:5b:ec:23:38:78:c6:4a:2d:64:3a:e0:
         a5:08:0d:d2:a4:16:99:cc:16:c9:44:27:15:2c:1f:16:06:60:
         02:41:31:9f:43:ca:e1:c6:44:44:f5:8b:e4:e4:c1:d5:cf:33:
         e6:71:e1:43:87:b1:7f:71:42:d2:39:0d:89:96:18:69:ee:92:
         5e:f4:25:c6:42:ec:5d:6d:ef:07:0d:ec:ee:84:1a:df:d8:dd:
         92:bb:0c:84:ca:71:db:3d:35:3c:4d:d3:a4:69:30:8b:93:32:
         4f:3e:bd:b9:4d:f0:0c:f7:35:4a:db:c0:b8:44:d3:cb:50:d5:
         b6:cc:6f:f5:31:55:6e:03:87:eb:40:02:83:46:24:27:96:65:
         72:88:e3:36:b7:43:78:0b:4b:83:e4:53:89:cb:bc:a1:3a:d9:
         d8:cb:cd:b3:0c:06:47:4f:36:04:cb:d7:dc:4e:25:65:9c:65:
         fc:ba:59:5c:e0:f3:53:45:24:e4:03:59:7f:d8:9e:bc:b0:eb:
         d3:af:df:63:64:1c:7e:df:8d:e9:df:b6:36:bf:c4:16:cd:93:
         a1:bd:e2:61:8e:71:d4:e9:36:94:2b:99:81:03:de:2c:1a:88:
         d5:13:3a:ea:85:72:74:88:b2:9f:43:b8:cc:bc:98:b4:5b:86:
         7d:fe:c5:1e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJb5OUcktFPCGGZN957tI2Qf8VDAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAwMDEwWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGI2ZDAzODY1NWVmZjliOTlkM2YyZDUzMGUyZjRjMjA3
ZTNiMzZjYWNjNDAwOWI1ODZmMTY3ODkzZjY3MTliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWOFPAHM3UduFk1bhoVqYES4whMMQlrU8KhsSpr7dnxSE/
O5FKDvgrHgEVRRY9WhC75FVOheOlaMqo6GeVFZps1jmoi93u0aeIRpOL38LB01gH
dtls60IJtE8H7mxo/4fGnDfaflxEeT6n64u1aqqrzY+xjnr6sTFqv75BmfFrjWcR
NjA98BWfbBmf0o7Nlkj6fjqExMkVuHTKni8k65wAFmnA3p8r3joSQFbadAJxAIBx
Gshvr4QGb/dheBaopmgzHnIKlXDVKwCDd8uHH041FNyxo/Nkzw/yRs1BQ7OclOpG
eGRL66hiekUyCPE/n9D4vNiGjmRa00MOV53UFg4FAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWFy2UZuzq2Z+ibruwMp89pXYUBYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzZTI1YzRhLWMyZmMtNDRiMS1hZjUyLWUxZjc1MjE4OTgyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEuqDANBgkqhkiG9w0BAQsFAAOCAQEALix8Wg/G/lvsIzh4xkotZDrgpQgN
0qQWmcwWyUQnFSwfFgZgAkExn0PK4cZERPWL5OTB1c8z5nHhQ4exf3FC0jkNiZYY
ae6SXvQlxkLsXW3vBw3s7oQa39jdkrsMhMpx2z01PE3TpGkwi5MyTz69uU3wDPc1
StvAuETTy1DVtsxv9TFVbgOH60ACg0YkJ5ZlcojjNrdDeAtLg+RTicu8oTrZ2MvN
swwGR082BMvX3E4lZZxl/LpZXODzU0Uk5ANZf9ievLDr06/fY2Qcft+N6d+2Nr/E
Fs2Tob3iYY5x1Ok2lCuZgQPeLBqI1RM66oVydIiyn0O4zLyYtFuGff7FHg==
-----END CERTIFICATE-----