Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68c2c37c-dbad-40e8-bcc3-17987526695f.roa
File:                     68c2c37c-dbad-40e8-bcc3-17987526695f.roa (raw, json)
Hash identifier:          90j0dxVGluUzHW73NDyOcEYr3NgtZKJMVWQz4L33kmM=
Subject key identifier:   48:FD:DB:2F:92:74:F3:EE:D3:78:F8:4F:58:91:B0:FB:8E:62:13:17
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FB6E5156F24C604D3DDBEEF6D44282346A4B292
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68c2c37c-dbad-40e8-bcc3-17987526695f.roa
Signing time:             Wed 22 Oct 2025 00:00:58 +0000
ROA not before:           Wed 22 Oct 2025 00:00:58 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        98.131.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:b6:e5:15:6f:24:c6:04:d3:dd:be:ef:6d:44:28:23:46:a4:b2:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:00:58 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=bfddbfd09b5583ccc23c3d9e2c0bf73a85755214f12f5f7b1938a19688403fe9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:16:ec:4b:ce:07:00:68:cb:0a:af:d0:a4:a8:
                    d7:f1:20:40:b8:77:20:a0:2b:90:d2:c9:8a:de:14:
                    aa:1d:28:a2:f8:76:41:cb:2f:b6:7f:96:21:c2:f8:
                    24:2a:88:15:66:2a:76:ce:fd:3b:36:08:24:85:b4:
                    92:77:0e:89:bc:47:ba:58:9c:d9:c8:9d:e5:58:29:
                    b2:36:52:18:bc:42:48:8e:fb:7e:ca:df:0e:28:c7:
                    09:34:cc:6e:d9:18:0a:1f:ac:2e:a5:f2:38:d3:a0:
                    29:58:78:13:20:9e:7f:29:3d:cf:38:49:c8:4e:6a:
                    a4:ac:6a:35:cb:4e:a7:f6:15:f2:22:35:f1:69:e5:
                    41:3d:af:f8:4e:59:88:22:da:05:66:99:30:73:1b:
                    c4:10:3b:2a:2b:d2:d3:79:47:4e:01:2d:dd:cc:9f:
                    0d:db:d2:11:33:b5:5f:ee:62:54:73:cc:66:3b:16:
                    31:cb:ec:45:58:4d:ee:fe:67:b8:74:58:f3:8d:ef:
                    0a:40:f9:ca:ff:92:e7:62:2c:01:29:32:8c:e1:fe:
                    d6:cc:ba:82:50:59:77:95:89:e3:ae:fe:7c:76:96:
                    48:e4:85:d4:16:c0:76:ee:f2:52:17:fa:05:e3:03:
                    c7:0f:75:8d:a5:00:0d:0a:d8:e7:5a:84:f3:96:14:
                    0c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:FD:DB:2F:92:74:F3:EE:D3:78:F8:4F:58:91:B0:FB:8E:62:13:17
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68c2c37c-dbad-40e8-bcc3-17987526695f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.131.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c3:d5:ea:10:9b:48:27:04:c9:ed:bd:6e:72:f8:a0:48:15:df:
         78:b6:38:ab:c9:79:b7:b1:45:07:95:4f:7a:ae:03:fd:0e:34:
         0a:30:a5:ff:f5:47:c9:bb:ce:03:d1:06:a3:c1:c9:7c:34:ce:
         ce:6a:4b:62:2a:bb:ef:6f:5a:18:41:af:7f:d2:27:22:97:86:
         b0:af:b6:f2:1c:1b:37:ac:ca:15:91:ae:c8:25:05:9a:59:59:
         94:11:52:c6:79:70:11:8c:d1:13:06:de:f1:78:88:8a:f9:24:
         4c:9c:20:2f:b1:b6:f1:76:d1:08:ad:4c:30:11:00:e1:03:6c:
         83:9d:15:fa:77:36:1e:09:de:73:24:f6:50:32:a6:e9:7a:85:
         a6:dd:bd:45:b5:fd:08:7a:b3:b9:73:a6:ca:ed:07:65:5a:a8:
         48:02:0c:f6:55:ca:ac:3e:4b:b7:b5:aa:05:2d:66:c0:de:d3:
         ed:fe:04:9f:a4:19:f4:24:43:36:8d:98:fd:32:aa:f1:e3:76:
         70:f9:4b:3b:98:d3:61:4a:09:c7:a9:76:14:30:d1:fd:bf:66:
         e0:dd:33:fc:33:6e:6c:78:26:e2:6b:46:49:ba:5c:00:95:7a:
         3d:2f:5c:c0:ad:9f:8c:6c:0a:cb:81:94:11:88:61:a2:6e:88:
         3d:93:24:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUP7blFW8kxgTT3b7vbUQoI0akspIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMDU4WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmRkYmZkMDliNTU4M2NjYzIzYzNkOWUyYzBiZjczYTg1
NzU1MjE0ZjEyZjVmN2IxOTM4YTE5Njg4NDAzZmU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJFuxLzgcAaMsKr9CkqNfxIEC4dyCgK5DSyYreFKodKKL4
dkHLL7Z/liHC+CQqiBVmKnbO/Ts2CCSFtJJ3Dom8R7pYnNnIneVYKbI2Uhi8QkiO
+37K3w4oxwk0zG7ZGAofrC6l8jjToClYeBMgnn8pPc84SchOaqSsajXLTqf2FfIi
NfFp5UE9r/hOWYgi2gVmmTBzG8QQOyor0tN5R04BLd3Mnw3b0hEztV/uYlRzzGY7
FjHL7EVYTe7+Z7h0WPON7wpA+cr/kudiLAEpMozh/tbMuoJQWXeVieOu/nx2lkjk
hdQWwHbu8lIX+gXjA8cPdY2lAA0K2OdahPOWFAy5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUSP3bL5J08+7TePhPWJGw+45iExcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4YzJjMzdjLWRiYWQtNDBlOC1iY2MzLTE3OTg3NTI2Njk1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBigzANBgkqhkiG9w0BAQsFAAOCAQEAw9XqEJtIJwTJ7b1ucvigSBXfeLY4
q8l5t7FFB5VPeq4D/Q40CjCl//VHybvOA9EGo8HJfDTOzmpLYiq7729aGEGvf9In
IpeGsK+28hwbN6zKFZGuyCUFmllZlBFSxnlwEYzREwbe8XiIivkkTJwgL7G28XbR
CK1MMBEA4QNsg50V+nc2HgnecyT2UDKm6XqFpt29RbX9CHqzuXOmyu0HZVqoSAIM
9lXKrD5Lt7WqBS1mwN7T7f4En6QZ9CRDNo2Y/TKq8eN2cPlLO5jTYUoJx6l2FDDR
/b9m4N0z/DNubHgm4mtGSbpcAJV6PS9cwK2fjGwKy4GUEYhhom6IPZMkYQ==
-----END CERTIFICATE-----