Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b8049b4-624b-4704-b56d-196cb647a1ac.roa
File:                     8b8049b4-624b-4704-b56d-196cb647a1ac.roa (raw, json)
Hash identifier:          ZzxGr0z09HJRaQZvD2sKLFfWRB0MOPoMTvW1QWM+i5Y=
Subject key identifier:   36:4F:5E:75:D4:FE:2F:57:20:A0:2A:21:DC:3E:6B:E8:21:79:AD:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3488B8CA9C4AD768EDF6E0EBF8ECF9172F5247F1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b8049b4-624b-4704-b56d-196cb647a1ac.roa
Signing time:             Wed 22 Oct 2025 00:10:58 +0000
ROA not before:           Wed 22 Oct 2025 00:10:58 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        96.0.16.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:88:b8:ca:9c:4a:d7:68:ed:f6:e0:eb:f8:ec:f9:17:2f:52:47:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:10:58 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=9ba1a6079be6ca87abfa5e1cfffea4d9b3ca92850484897207bf093174ba67eb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ad:bb:59:08:f3:13:37:fe:f3:ea:a4:f6:92:
                    7f:0b:22:54:f1:73:44:36:b8:5e:9d:d2:26:38:66:
                    2a:a7:09:10:9a:ca:e9:c0:e5:8b:a6:61:73:cb:93:
                    4a:80:77:70:be:7c:00:6e:8c:1b:12:22:d2:97:5e:
                    1d:7b:2b:a6:f9:cb:4c:6b:0b:da:8c:77:a2:82:63:
                    ae:62:c7:3a:a3:02:62:99:89:12:06:7d:8c:e9:23:
                    43:d9:4a:ec:cd:aa:84:ce:b9:57:84:34:d8:d2:7f:
                    4e:5b:0f:6f:ea:cc:b3:4e:53:40:86:a7:1f:82:cd:
                    7d:90:28:68:48:ff:a7:b7:d5:bb:27:5e:f8:5b:9f:
                    c9:58:df:f8:2d:be:17:89:b9:db:86:e3:3e:d0:4d:
                    a7:f0:94:8f:05:82:c7:ef:19:45:32:bd:9f:de:e7:
                    00:fb:8f:1c:f9:1d:8c:f8:88:aa:8d:59:63:87:19:
                    da:ca:47:a5:4f:07:26:f3:c2:0e:a5:fb:53:54:af:
                    c6:79:5b:04:f1:f2:6c:e4:8f:bc:51:e0:98:68:01:
                    2d:2e:d3:55:83:71:7b:59:b2:20:e2:48:dc:88:17:
                    39:91:17:2b:01:6a:0f:58:f1:17:76:a9:fe:4d:df:
                    94:0c:3f:08:33:d2:56:0f:38:3c:0c:8d:70:9f:db:
                    fd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4F:5E:75:D4:FE:2F:57:20:A0:2A:21:DC:3E:6B:E8:21:79:AD:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b8049b4-624b-4704-b56d-196cb647a1ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         18:dc:49:a6:bc:c4:10:2b:5e:9d:aa:b0:0a:45:4a:1d:b8:66:
         4f:cf:1c:4d:0d:cb:f5:ec:81:f2:ae:0e:c9:73:66:69:29:b8:
         27:c2:b5:dc:8c:2b:c4:1a:94:6d:e3:c0:a0:85:92:0e:c5:63:
         62:d8:cf:d1:61:1c:4f:b7:46:11:1f:f8:8c:8c:df:df:e7:cc:
         1e:81:7e:d8:ec:86:3e:23:76:10:94:c6:d7:fe:64:cf:c1:3f:
         de:e8:3f:05:20:4f:d1:d5:15:ae:22:21:be:bf:8e:a5:35:70:
         7a:20:db:48:4d:49:61:c6:57:58:fe:18:73:30:e2:ec:79:2d:
         57:f9:99:d7:98:63:86:24:bd:a1:5f:49:04:78:d4:a7:d1:c4:
         ca:0b:ce:6a:5c:ae:10:5a:dd:ee:c6:72:db:e0:35:89:db:18:
         54:f9:63:2f:73:f3:11:66:07:15:25:89:18:3a:38:71:94:c3:
         ba:c9:a7:c9:69:7a:90:e4:5f:68:33:52:91:84:fa:cf:a7:5d:
         1d:20:1f:d2:b6:01:04:1e:11:2e:bc:3b:e9:7d:c3:b1:07:ef:
         dc:6e:47:9b:07:be:76:b3:74:48:11:72:6c:a5:e8:1d:b7:b4:
         2d:e0:94:ab:88:23:44:17:fe:37:eb:0b:ae:9f:66:a8:bf:09:
         bf:51:24:12
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNIi4ypxK12jt9uDr+Oz5Fy9SR/EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAxMDU4WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YmExYTYwNzliZTZjYTg3YWJmYTVlMWNmZmZlYTRkOWIz
Y2E5Mjg1MDQ4NDg5NzIwN2JmMDkzMTc0YmE2N2ViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1rbtZCPMTN/7z6qT2kn8LIlTxc0Q2uF6d0iY4ZiqnCRCa
yunA5YumYXPLk0qAd3C+fABujBsSItKXXh17K6b5y0xrC9qMd6KCY65ixzqjAmKZ
iRIGfYzpI0PZSuzNqoTOuVeENNjSf05bD2/qzLNOU0CGpx+CzX2QKGhI/6e31bsn
Xvhbn8lY3/gtvheJuduG4z7QTafwlI8FgsfvGUUyvZ/e5wD7jxz5HYz4iKqNWWOH
GdrKR6VPBybzwg6l+1NUr8Z5WwTx8mzkj7xR4JhoAS0u01WDcXtZsiDiSNyIFzmR
FysBag9Y8Rd2qf5N35QMPwgz0lYPODwMjXCf2/0tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNk9eddT+L1cgoCoh3D5r6CF5rScwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhiODA0OWI0LTYyNGItNDcwNC1iNTZkLTE5NmNiNjQ3YTFhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgABAwDQYJKoZIhvcNAQELBQADggEBABjcSaa8xBArXp2qsApFSh24Zk/P
HE0Ny/XsgfKuDslzZmkpuCfCtdyMK8QalG3jwKCFkg7FY2LYz9FhHE+3RhEf+IyM
39/nzB6Bftjshj4jdhCUxtf+ZM/BP97oPwUgT9HVFa4iIb6/jqU1cHog20hNSWHG
V1j+GHMw4ux5LVf5mdeYY4YkvaFfSQR41KfRxMoLzmpcrhBa3e7GctvgNYnbGFT5
Yy9z8xFmBxUliRg6OHGUw7rJp8lpepDkX2gzUpGE+s+nXR0gH9K2AQQeES68O+l9
w7EH79xuR5sHvnazdEgRcmyl6B23tC3glKuII0QX/jfrC66fZqi/Cb9RJBI=
-----END CERTIFICATE-----