Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7865b6e9-bdb5-431a-96cd-04c3eebdad74.roa
File:                     7865b6e9-bdb5-431a-96cd-04c3eebdad74.roa (raw, json)
Hash identifier:          73fkVtJ+j90My/tLTNQTK2jevx23w/IeLYzmRbnwppQ=
Subject key identifier:   12:F9:CE:38:AE:79:2D:0B:5E:98:59:BD:27:57:5B:BC:4C:0C:00:6C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58868346D58B732D0B13866CEE58747955F93667
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7865b6e9-bdb5-431a-96cd-04c3eebdad74.roa
Signing time:             Sun 02 Nov 2025 00:41:16 +0000
ROA not before:           Sun 02 Nov 2025 00:41:16 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.24.192.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:86:83:46:d5:8b:73:2d:0b:13:86:6c:ee:58:74:79:55:f9:36:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:41:16 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=095ccdfd946389bc8dd11d0859d37aa8bf2921c218872e82ea4666f4b87e545a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:dc:1c:29:b6:7e:33:9c:32:65:9b:ed:29:42:
                    65:27:07:44:60:e2:da:a0:0b:9b:31:c8:4a:26:92:
                    58:a9:ba:6b:57:71:c1:cb:c6:4d:17:f9:98:f1:4b:
                    de:bf:4b:84:c5:5f:ba:af:fd:c6:c7:21:9d:64:46:
                    5b:7c:0c:18:99:3a:01:91:63:45:39:b6:61:b8:dd:
                    39:bf:d5:5c:87:36:1b:c9:40:c9:97:04:61:da:fa:
                    d8:ad:49:4e:5e:0b:b6:49:d6:43:8e:19:1a:8f:a9:
                    d9:d7:1c:40:05:6b:77:82:6b:05:cc:fc:bc:21:37:
                    e4:2c:fa:f9:3d:7a:6f:df:bb:f6:a2:23:34:5f:b9:
                    f3:ae:93:d2:8e:cd:6f:fe:cb:1f:ca:33:1e:50:16:
                    0e:09:50:be:78:eb:e2:a2:78:85:29:2f:31:6f:9b:
                    fc:03:80:09:8b:00:1c:30:e8:65:a0:41:11:fb:34:
                    7e:6d:54:c1:1b:34:c4:13:f4:6d:92:52:83:53:1e:
                    52:6a:21:bc:3a:26:85:24:32:bf:f6:23:11:56:25:
                    f6:a3:c0:d4:3c:36:65:0a:a7:47:96:1a:06:25:4f:
                    70:f7:ad:1e:0a:92:36:4b:62:73:c6:f9:ba:6d:75:
                    4c:80:6e:49:07:59:e8:1d:87:97:0e:d9:35:07:c1:
                    dc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:F9:CE:38:AE:79:2D:0B:5E:98:59:BD:27:57:5B:BC:4C:0C:00:6C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7865b6e9-bdb5-431a-96cd-04c3eebdad74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.24.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         44:99:86:1f:3e:7f:3f:92:46:df:09:39:1b:2a:58:29:c1:d8:
         9e:4d:7f:5c:60:d5:44:45:ba:6b:1c:93:10:21:45:16:66:dd:
         cf:d0:96:1b:5f:ee:76:29:19:45:60:b0:cd:a5:15:86:46:d4:
         3e:f9:65:86:ae:29:68:5e:47:90:12:53:7d:8f:f7:6f:07:1d:
         f4:8c:29:a0:fa:c3:7e:53:78:24:8e:63:8c:63:62:4b:e0:f9:
         9a:28:23:c0:ef:66:1a:b8:15:26:d1:d1:0d:5b:6d:1e:23:69:
         e9:d9:aa:4f:d5:40:ae:91:b8:4f:ff:72:47:43:d4:7e:e3:b4:
         96:e4:e5:46:0c:3c:01:91:d1:26:8c:a3:66:ea:58:a0:f8:75:
         af:35:48:13:50:1a:9a:59:d1:95:ee:19:48:22:d0:f4:71:c7:
         a6:9d:c5:f3:f7:39:48:53:96:f9:5f:16:54:22:13:8d:e4:b1:
         e1:7f:aa:a9:b4:2d:b0:b5:3c:90:61:e6:6d:33:e1:6c:1f:19:
         2b:ee:b7:ad:3c:f6:b7:dd:c4:df:78:54:6d:ca:4a:31:40:83:
         44:15:33:03:90:55:b4:05:c4:0e:3c:21:f6:11:0a:3d:08:09:
         9e:70:36:9f:53:48:07:41:91:c6:21:c1:80:81:4f:55:ab:f4:
         d2:21:2d:55
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWIaDRtWLcy0LE4Zs7lh0eVX5NmcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MTE2WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwOTVjY2RmZDk0NjM4OWJjOGRkMTFkMDg1OWQzN2FhOGJm
MjkyMWMyMTg4NzJlODJlYTQ2NjZmNGI4N2U1NDVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCk3Bwptn4znDJlm+0pQmUnB0Rg4tqgC5sxyEomklipumtX
ccHLxk0X+ZjxS96/S4TFX7qv/cbHIZ1kRlt8DBiZOgGRY0U5tmG43Tm/1VyHNhvJ
QMmXBGHa+titSU5eC7ZJ1kOOGRqPqdnXHEAFa3eCawXM/LwhN+Qs+vk9em/fu/ai
IzRfufOuk9KOzW/+yx/KMx5QFg4JUL546+KieIUpLzFvm/wDgAmLABww6GWgQRH7
NH5tVMEbNMQT9G2SUoNTHlJqIbw6JoUkMr/2IxFWJfajwNQ8NmUKp0eWGgYlT3D3
rR4KkjZLYnPG+bptdUyAbkkHWegdh5cO2TUHwdyrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEvnOOK55LQtemFm9J1dbvEwMAGwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4NjViNmU5LWJkYjUtNDMxYS05NmNkLTA0YzNlZWJkYWQ3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYGMAwDQYJKoZIhvcNAQELBQADggEBAESZhh8+fz+SRt8JORsqWCnB2J5N
f1xg1URFumsckxAhRRZm3c/Qlhtf7nYpGUVgsM2lFYZG1D75ZYauKWheR5ASU32P
928HHfSMKaD6w35TeCSOY4xjYkvg+ZooI8DvZhq4FSbR0Q1bbR4jaenZqk/VQK6R
uE//ckdD1H7jtJbk5UYMPAGR0SaMo2bqWKD4da81SBNQGppZ0ZXuGUgi0PRxx6ad
xfP3OUhTlvlfFlQiE43kseF/qqm0LbC1PJBh5m0z4WwfGSvut6089rfdxN94VG3K
SjFAg0QVMwOQVbQFxA48IfYRCj0ICZ5wNp9TSAdBkcYhwYCBT1Wr9NIhLVU=
-----END CERTIFICATE-----