Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa
File:                     66c32367-8469-414b-b22c-ee4a9a320966.roa (raw, json)
Hash identifier:          +Anr6aHuvNymbgv5puFwmP2sAccSsCrthL94WIt0iQk=
Subject key identifier:   94:3F:7E:F1:79:15:6C:25:07:3C:73:A1:94:9E:EB:88:97:1F:DA:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4AF4B9441DAEE6B01E7D359A264BFF63DDA4BDA0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa
Signing time:             Tue 21 Oct 2025 00:20:51 +0000
ROA not before:           Tue 21 Oct 2025 00:20:51 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        167.65.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:f4:b9:44:1d:ae:e6:b0:1e:7d:35:9a:26:4b:ff:63:dd:a4:bd:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:20:51 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=533315a8f3f1fa8836707b2cb384d9e649e746b0040ae54c68bcf563b4668e20, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bd:c7:cb:7c:dc:3e:44:4d:d6:34:f5:39:9e:
                    b1:b2:e7:66:12:7c:c6:34:b1:66:64:a7:d9:8c:bb:
                    e0:43:4b:03:67:42:3b:0d:f3:92:6e:09:7e:37:13:
                    c5:62:8a:57:f3:d8:87:a1:26:75:78:9e:08:44:ad:
                    33:a8:d3:df:10:f3:16:c2:5f:48:1f:54:2d:69:a6:
                    d2:08:76:49:f3:70:d9:15:a9:be:64:da:51:d6:2c:
                    f2:23:f1:d4:8d:d3:d4:54:7a:e5:18:ce:6a:dc:51:
                    e2:d3:5b:d2:11:bd:4c:67:a4:b8:24:44:6c:e8:0d:
                    aa:a9:da:28:b4:8d:13:3f:f9:00:a5:c2:e4:98:26:
                    97:c2:4d:19:3a:80:2f:6c:29:b0:1c:44:db:a6:d8:
                    24:74:f0:88:c1:04:9e:8e:70:c4:48:02:f2:44:da:
                    56:65:9b:8c:eb:f6:af:07:b8:c1:64:db:e9:dc:37:
                    b3:8e:af:11:a7:6d:61:47:2e:a2:f4:38:87:b5:3c:
                    3d:c4:1a:b8:9e:af:bd:a1:56:66:2a:a3:b7:4f:93:
                    f3:55:1e:39:09:87:23:6c:09:f9:8d:96:66:79:94:
                    c9:ce:16:1e:61:7d:a0:08:50:79:75:32:9e:c2:95:
                    70:71:a1:97:c4:f0:67:73:2c:06:94:49:9d:ed:75:
                    fb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:3F:7E:F1:79:15:6C:25:07:3C:73:A1:94:9E:EB:88:97:1F:DA:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d4:fc:d9:a2:b8:8c:1a:7c:e9:6d:c7:94:da:de:e1:a2:12:3d:
         41:e4:bb:27:b2:c9:08:e0:62:93:c0:4d:e6:df:1a:49:6d:c2:
         0f:c2:24:7c:6d:66:6c:e4:ed:23:42:43:b5:22:09:f0:bf:0f:
         c2:af:64:8c:48:2a:30:88:ca:a6:4e:eb:c8:87:41:c2:26:21:
         fe:d0:3d:5c:95:e6:a3:c6:fa:ab:11:e0:0d:58:a8:23:63:6d:
         8c:25:75:48:17:4a:b4:76:e6:ef:80:d7:0b:4a:74:4c:e0:ba:
         ae:38:b3:2b:e4:19:96:1b:72:7b:c0:61:ce:81:d7:2e:a2:13:
         7d:87:76:1e:0d:ae:06:71:20:13:12:6a:bc:0f:81:46:b6:b9:
         c5:9e:75:46:4d:01:ab:80:df:8c:e5:e8:05:fd:6c:8a:b6:08:
         f9:6a:09:3e:c5:f8:84:3c:bc:65:78:1c:ae:6c:fa:10:a0:e2:
         2a:41:b3:47:d2:95:ee:c3:cf:db:92:78:c2:32:ad:cb:8d:16:
         dd:c1:23:16:75:39:a1:ea:44:84:d4:9e:37:d4:b4:b9:53:07:
         d7:8e:01:64:dd:ce:3e:44:0e:a8:80:85:c2:fa:25:a9:e7:29:
         68:a1:43:30:32:9f:cd:5f:2f:59:05:aa:4f:6c:76:ff:1a:0c:
         61:7f:5a:91
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSvS5RB2u5rAefTWaJkv/Y92kvaAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAyMDUxWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MzMzMTVhOGYzZjFmYTg4MzY3MDdiMmNiMzg0ZDllNjQ5
ZTc0NmIwMDQwYWU1NGM2OGJjZjU2M2I0NjY4ZTIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1vcfLfNw+RE3WNPU5nrGy52YSfMY0sWZkp9mMu+BDSwNn
QjsN85JuCX43E8Viilfz2IehJnV4nghErTOo098Q8xbCX0gfVC1pptIIdknzcNkV
qb5k2lHWLPIj8dSN09RUeuUYzmrcUeLTW9IRvUxnpLgkRGzoDaqp2ii0jRM/+QCl
wuSYJpfCTRk6gC9sKbAcRNum2CR08IjBBJ6OcMRIAvJE2lZlm4zr9q8HuMFk2+nc
N7OOrxGnbWFHLqL0OIe1PD3EGrier72hVmYqo7dPk/NVHjkJhyNsCfmNlmZ5lMnO
Fh5hfaAIUHl1Mp7ClXBxoZfE8GdzLAaUSZ3tdfuvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUlD9+8XkVbCUHPHOhlJ7riJcf2pwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY2YzMyMzY3LTg0NjktNDE0Yi1iMjJjLWVlNGE5YTMyMDk2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCnQTANBgkqhkiG9w0BAQsFAAOCAQEA1PzZoriMGnzpbceU2t7hohI9QeS7
J7LJCOBik8BN5t8aSW3CD8IkfG1mbOTtI0JDtSIJ8L8Pwq9kjEgqMIjKpk7ryIdB
wiYh/tA9XJXmo8b6qxHgDVioI2NtjCV1SBdKtHbm74DXC0p0TOC6rjizK+QZlhty
e8BhzoHXLqITfYd2Hg2uBnEgExJqvA+BRra5xZ51Rk0Bq4DfjOXoBf1sirYI+WoJ
PsX4hDy8ZXgcrmz6EKDiKkGzR9KV7sPP25J4wjKty40W3cEjFnU5oepEhNSeN9S0
uVMH144BZN3OPkQOqICFwvolqecpaKFDMDKfzV8vWQWqT2x2/xoMYX9akQ==
-----END CERTIFICATE-----