Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/677fcf5a-1ec1-4cd4-8096-ae6b040a7d5a.roa
File:                     677fcf5a-1ec1-4cd4-8096-ae6b040a7d5a.roa (raw, json)
Hash identifier:          LFdJOdW8xuopGzcm1DX0MACDrc0v3jCXzsBuZftTBQg=
Subject key identifier:   86:7B:18:3B:56:C8:B6:B3:4D:46:1A:03:83:8D:6D:13:F5:DA:09:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3757476EA6A63659562E81E3F9D960B1F5D79390
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/677fcf5a-1ec1-4cd4-8096-ae6b040a7d5a.roa
Signing time:             Fri 31 Oct 2025 01:01:25 +0000
ROA not before:           Fri 31 Oct 2025 01:01:25 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.221.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:57:47:6e:a6:a6:36:59:56:2e:81:e3:f9:d9:60:b1:f5:d7:93:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:01:25 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=41810d9f0918e4e2169166adbe05120cdf2ecc2818a6c31381fe02caea6306e1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f7:b8:b9:71:37:51:4a:6a:eb:d5:64:f5:4f:
                    d9:79:95:31:e3:5b:22:d2:93:0d:93:37:be:cb:16:
                    5a:be:cf:be:15:1a:ec:b9:b4:55:95:4b:c1:06:f0:
                    fb:8b:4c:1d:bf:76:1e:f5:a6:5e:f5:34:8f:0c:e1:
                    93:52:38:9f:18:39:74:99:05:0e:e6:23:60:4d:be:
                    3a:fb:d0:cf:a9:b4:c4:e8:8e:cb:13:db:85:2d:95:
                    b9:ea:f0:fe:92:82:e3:3a:31:18:ec:26:6e:85:e3:
                    a8:2d:f1:98:ed:13:f8:9d:19:a3:ba:bc:a5:b3:b2:
                    a3:e4:73:55:99:71:78:fd:55:e2:49:0d:93:8a:47:
                    09:20:a7:e6:03:f9:52:3b:25:e2:a4:75:1c:99:13:
                    af:1f:83:bd:db:8d:60:de:1d:cb:45:c1:16:25:f3:
                    d0:84:f8:cb:d6:01:ba:5f:43:f1:0b:1f:7e:35:d3:
                    1e:be:03:69:9d:c5:4f:5b:1e:16:40:7a:aa:e5:ed:
                    a4:b0:98:19:54:27:75:2d:f7:e4:3c:45:8e:e8:13:
                    fd:a5:fe:ee:12:13:c4:8b:77:c8:fb:25:08:c2:f8:
                    36:7d:9a:71:ad:00:72:7d:e7:7d:cb:61:9c:da:49:
                    f7:f4:2f:a3:76:0d:d9:0c:cc:bb:f9:30:0f:70:6b:
                    ab:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:7B:18:3B:56:C8:B6:B3:4D:46:1A:03:83:8D:6D:13:F5:DA:09:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/677fcf5a-1ec1-4cd4-8096-ae6b040a7d5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.221.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:1b:3f:6d:76:21:a1:ee:39:ff:48:59:03:f8:f8:8e:5a:33:
         e2:c1:a9:53:4e:8d:ef:d9:be:47:c3:9a:30:b7:88:4c:9c:a4:
         5d:f1:5b:19:60:5f:84:5e:6e:8f:11:78:80:e2:06:20:c8:73:
         74:f7:93:a6:50:2f:13:77:8c:59:9f:b2:49:de:1e:75:e5:f5:
         8c:db:0f:e7:24:78:d8:16:4e:54:9c:bc:e7:51:40:40:f4:04:
         9c:73:a1:96:b8:bf:90:fc:82:cb:7b:2b:14:99:21:32:77:b5:
         40:19:fb:19:c4:81:fd:bc:37:41:15:4f:b8:99:07:13:ec:d5:
         4c:0a:b9:98:47:99:71:4c:80:79:b4:07:05:c4:99:cb:8d:46:
         5c:fa:54:ab:e9:70:c0:b7:9d:90:a6:63:65:11:9e:fd:e1:e3:
         c7:d1:e4:85:3e:ee:75:39:ea:27:da:23:b2:fe:0b:a5:35:d9:
         e3:d2:b3:fe:98:93:41:f0:26:f1:92:46:2b:73:8c:85:75:a9:
         4a:10:0b:fa:b9:8f:53:81:f4:3c:2a:48:1f:ec:a9:74:a2:ba:
         ed:d7:34:c5:6b:04:ab:a4:71:be:49:c2:9d:b4:10:ca:28:d6:
         01:a9:d6:08:17:46:e2:c3:db:c5:c9:3b:49:08:ec:cb:dd:97:
         96:2b:36:b9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUN1dHbqamNllWLoHj+dlgsfXXk5AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMTI1WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTgxMGQ5ZjA5MThlNGUyMTY5MTY2YWRiZTA1MTIwY2Rm
MmVjYzI4MThhNmMzMTM4MWZlMDJjYWVhNjMwNmUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCn97i5cTdRSmrr1WT1T9l5lTHjWyLSkw2TN77LFlq+z74V
Guy5tFWVS8EG8PuLTB2/dh71pl71NI8M4ZNSOJ8YOXSZBQ7mI2BNvjr70M+ptMTo
jssT24Utlbnq8P6SguM6MRjsJm6F46gt8ZjtE/idGaO6vKWzsqPkc1WZcXj9VeJJ
DZOKRwkgp+YD+VI7JeKkdRyZE68fg73bjWDeHctFwRYl89CE+MvWAbpfQ/ELH341
0x6+A2mdxU9bHhZAeqrl7aSwmBlUJ3Ut9+Q8RY7oE/2l/u4SE8SLd8j7JQjC+DZ9
mnGtAHJ9533LYZzaSff0L6N2DdkMzLv5MA9wa6vnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhnsYO1bItrNNRhoDg41tE/XaCXIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY3N2ZjZjVhLTFlYzEtNGNkNC04MDk2LWFlNmIwNDBhN2Q1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCP3TANBgkqhkiG9w0BAQsFAAOCAQEARRs/bXYhoe45/0hZA/j4jloz4sGp
U06N79m+R8OaMLeITJykXfFbGWBfhF5ujxF4gOIGIMhzdPeTplAvE3eMWZ+ySd4e
deX1jNsP5yR42BZOVJy851FAQPQEnHOhlri/kPyCy3srFJkhMne1QBn7GcSB/bw3
QRVPuJkHE+zVTAq5mEeZcUyAebQHBcSZy41GXPpUq+lwwLedkKZjZRGe/eHjx9Hk
hT7udTnqJ9ojsv4LpTXZ49Kz/piTQfAm8ZJGK3OMhXWpShAL+rmPU4H0PCpIH+yp
dKK67dc0xWsEq6RxvknCnbQQyijWAanWCBdG4sPbxck7SQjsy92Xlis2uQ==
-----END CERTIFICATE-----