Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/819627c3-8ccc-4425-9f4f-1398f87c84d3.roa
File:                     819627c3-8ccc-4425-9f4f-1398f87c84d3.roa (raw, json)
Hash identifier:          dPc6dC3eQTWhvkv/ufjA6QQ21AL2a7d7umk7tU/mFUo=
Subject key identifier:   3A:AF:23:EF:A9:D1:1A:D7:95:86:05:3A:D1:3F:77:4B:D4:F0:51:DA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77C23F893494C1CCAFAB3DF8BED21B765C3BAA57
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/819627c3-8ccc-4425-9f4f-1398f87c84d3.roa
Signing time:             Fri 31 Oct 2025 00:50:03 +0000
ROA not before:           Fri 31 Oct 2025 00:50:03 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        13.128.128.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:c2:3f:89:34:94:c1:cc:af:ab:3d:f8:be:d2:1b:76:5c:3b:aa:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:50:03 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=04f2d4d7bb1b03ec75919fde5c4aac7d1cd08d9c5372af0591007a331959a1e4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ad:cf:3a:69:7c:c4:ef:85:3c:af:1a:72:01:
                    af:c1:6c:17:d2:a5:c3:a1:ee:ee:97:8a:00:4f:de:
                    d2:e5:c0:05:a1:72:87:e7:2d:64:6b:14:e6:49:67:
                    52:ec:06:0c:b4:ad:dc:fc:ae:05:75:96:6b:e2:19:
                    01:c4:07:0b:1d:68:4e:19:8f:a5:51:1c:6a:a7:7d:
                    19:27:76:55:18:75:40:2a:49:a2:63:d1:2f:68:80:
                    ba:f8:cf:56:fb:87:a7:22:23:0c:ed:14:16:f0:4c:
                    12:a2:39:c9:aa:46:9b:e8:6d:f3:95:c4:1b:3d:ca:
                    7c:5b:0e:bc:41:57:63:db:ba:ac:ef:a8:d0:ab:08:
                    ea:fe:19:3d:6e:98:1a:79:20:72:0e:14:d7:38:4b:
                    e8:93:58:b3:19:17:7a:0a:6f:fd:7e:f3:70:24:8d:
                    13:27:1d:e1:01:ea:34:32:54:59:5c:76:75:07:46:
                    13:c8:bc:fd:08:17:44:55:ed:d9:c2:f0:c4:77:ee:
                    bf:3f:ee:fa:38:2e:96:44:79:50:4a:36:ee:f8:3b:
                    3b:7d:c0:b2:23:58:bf:b8:35:e6:59:44:cb:21:75:
                    94:3c:fd:2a:a7:4d:bb:25:fc:55:08:88:c4:b7:b1:
                    35:fc:59:40:9c:2d:96:2f:99:d7:7c:f6:3f:f8:b7:
                    62:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:AF:23:EF:A9:D1:1A:D7:95:86:05:3A:D1:3F:77:4B:D4:F0:51:DA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/819627c3-8ccc-4425-9f4f-1398f87c84d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.128.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         39:6d:7e:be:6f:5b:06:60:0b:9c:6b:92:f7:74:cc:00:d4:81:
         9b:5e:9b:d2:f8:8a:9a:c1:1d:af:d5:00:bf:25:bb:d5:68:e3:
         a8:53:16:c6:14:a5:c1:88:6b:4d:19:8d:8f:04:d3:a2:e3:67:
         8a:e9:55:46:f9:8d:b9:6c:28:84:73:ae:51:fe:b7:b6:b5:d4:
         23:68:bc:13:47:eb:ba:0c:5c:e3:ee:1c:8a:70:88:e2:2e:c5:
         11:a0:d7:74:4d:a9:dc:2e:11:aa:8e:39:d2:ab:c6:d8:ef:98:
         7c:d9:ad:eb:a9:7a:4c:bb:72:0c:ab:6b:d1:a5:dc:c2:10:de:
         ef:d7:39:e3:58:50:9c:66:9a:7a:5e:d2:98:60:13:59:89:a9:
         5a:c4:e8:10:c7:0c:a7:9c:5c:26:91:ab:47:79:7b:b5:01:0f:
         45:d0:95:34:f5:ac:a2:2b:5a:3d:71:0b:36:6f:25:0d:b6:dc:
         a5:57:05:5c:11:23:db:7f:73:cf:e3:21:54:ae:8c:3e:87:d5:
         e0:16:01:29:a7:ff:55:d8:04:69:3e:de:38:3a:13:7f:20:aa:
         32:4a:32:69:ba:16:63:fe:e2:f0:6e:be:5b:3a:c2:44:4e:2b:
         01:2f:52:d7:93:e8:b3:1b:35:f6:31:4a:5e:7d:65:9b:07:40:
         c2:5f:80:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd8I/iTSUwcyvqz34vtIbdlw7qlcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDA1MDAzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNGYyZDRkN2JiMWIwM2VjNzU5MTlmZGU1YzRhYWM3ZDFj
ZDA4ZDljNTM3MmFmMDU5MTAwN2EzMzE5NTlhMWU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8rc86aXzE74U8rxpyAa/BbBfSpcOh7u6XigBP3tLlwAWh
cofnLWRrFOZJZ1LsBgy0rdz8rgV1lmviGQHEBwsdaE4Zj6VRHGqnfRkndlUYdUAq
SaJj0S9ogLr4z1b7h6ciIwztFBbwTBKiOcmqRpvobfOVxBs9ynxbDrxBV2Pbuqzv
qNCrCOr+GT1umBp5IHIOFNc4S+iTWLMZF3oKb/1+83AkjRMnHeEB6jQyVFlcdnUH
RhPIvP0IF0RV7dnC8MR37r8/7vo4LpZEeVBKNu74Ozt9wLIjWL+4NeZZRMshdZQ8
/SqnTbsl/FUIiMS3sTX8WUCcLZYvmdd89j/4t2IzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOq8j76nRGteVhgU60T93S9TwUdowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgxOTYyN2MzLThjY2MtNDQyNS05ZjRmLTEzOThmODdjODRkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQNgIAwDQYJKoZIhvcNAQELBQADggEBADltfr5vWwZgC5xrkvd0zADUgZte
m9L4iprBHa/VAL8lu9Vo46hTFsYUpcGIa00ZjY8E06LjZ4rpVUb5jblsKIRzrlH+
t7a11CNovBNH67oMXOPuHIpwiOIuxRGg13RNqdwuEaqOOdKrxtjvmHzZreupeky7
cgyra9Gl3MIQ3u/XOeNYUJxmmnpe0phgE1mJqVrE6BDHDKecXCaRq0d5e7UBD0XQ
lTT1rKIrWj1xCzZvJQ223KVXBVwRI9t/c8/jIVSujD6H1eAWASmn/1XYBGk+3jg6
E38gqjJKMmm6FmP+4vBuvls6wkROKwEvUteT6LMbNfYxSl59ZZsHQMJfgLE=
-----END CERTIFICATE-----