Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e49f25e-d120-4f09-aacc-bf4995405b55.roa
File:                     8e49f25e-d120-4f09-aacc-bf4995405b55.roa (raw, json)
Hash identifier:          mxcWhR4XaaDFABZN2hOJpV+E9q4kWaBjEOAWrdNshI4=
Subject key identifier:   97:0A:82:40:09:48:66:45:F0:A5:C4:A3:77:14:E0:DE:56:E3:F9:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7464E2BC81F7C908DF53D00E739E9E4012C7934A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e49f25e-d120-4f09-aacc-bf4995405b55.roa
Signing time:             Sat 01 Nov 2025 00:20:56 +0000
ROA not before:           Sat 01 Nov 2025 00:20:56 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        50.19.128.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:64:e2:bc:81:f7:c9:08:df:53:d0:0e:73:9e:9e:40:12:c7:93:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:20:56 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=991a036d91e5ce1fac18388a7955a8d8d502a39e0ffcb5a2ab6a16bffcda07f8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0c:85:14:15:38:5d:12:cd:24:36:f1:ec:38:
                    29:7c:60:44:1a:04:fa:a3:78:e9:3f:b5:da:0f:4d:
                    f2:0e:0a:94:f6:a9:f1:21:27:eb:f8:a6:55:84:a5:
                    dd:37:6c:27:27:82:73:ab:0c:ad:2d:28:ba:23:e9:
                    95:1b:fa:03:7c:39:a2:db:1d:64:e7:c1:b8:8e:74:
                    7d:dd:75:c8:a2:d1:ad:6c:8a:d1:d8:ec:00:18:df:
                    37:f3:cb:60:ee:98:28:17:c8:01:47:f1:b2:86:0e:
                    92:67:02:13:69:ee:af:27:24:a9:2c:4f:c3:17:19:
                    fc:11:32:b4:67:a6:a9:8d:35:0a:b4:79:2f:24:0a:
                    cb:2f:5d:cc:22:f8:77:b5:f8:c6:09:a3:e4:3d:78:
                    ff:21:83:a6:73:4d:45:5d:25:e6:61:be:ae:a3:5f:
                    f0:3c:62:58:1f:9b:29:c4:c5:e0:80:09:0b:9f:2b:
                    63:24:96:74:a4:17:22:8a:d7:6d:28:07:e7:32:74:
                    80:15:da:f0:32:5d:13:a0:38:3a:38:41:f4:52:d3:
                    fd:4b:7f:4f:cb:89:65:e6:5e:c9:88:72:e1:0e:ed:
                    66:e0:85:73:e9:5c:d5:95:33:c0:05:aa:52:cf:cc:
                    c2:d2:7e:01:ba:e3:fe:7e:91:d9:0c:64:c5:50:b9:
                    58:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:0A:82:40:09:48:66:45:F0:A5:C4:A3:77:14:E0:DE:56:E3:F9:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e49f25e-d120-4f09-aacc-bf4995405b55.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.19.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         aa:6a:b1:19:c5:5e:3e:cb:56:1f:c6:5a:ee:91:a0:37:51:f8:
         7f:c4:1a:02:9b:ee:db:00:e2:1b:8d:33:d5:9e:4e:c5:0c:76:
         d4:05:d7:e9:0f:11:24:80:0a:90:00:00:76:36:98:dc:c1:12:
         a1:ee:d9:cb:d3:4b:e4:40:ac:4b:a5:b9:65:bc:94:0c:55:23:
         d2:2b:02:eb:05:83:5f:59:b8:20:dc:93:19:8a:a4:d5:b8:e4:
         66:42:27:3b:f4:6c:97:cd:90:d7:ce:1d:22:96:21:57:6b:7e:
         ce:be:65:4a:d7:d8:35:a2:fa:7e:d4:ab:ad:ef:ce:5d:a6:b3:
         fa:87:57:6a:46:03:9e:0a:e7:38:d5:46:fc:dd:db:4d:4e:a7:
         75:bf:f9:50:bf:80:1d:a4:36:82:98:6b:2f:ac:d0:42:fd:1d:
         64:34:be:5a:c5:c7:a3:11:a4:5f:83:80:11:42:7b:f2:86:26:
         de:2b:96:35:4c:a2:22:ec:a7:c9:f3:7a:1e:76:69:69:6d:95:
         64:94:97:f9:19:67:11:07:d3:3e:31:3b:e4:7e:f5:8f:1e:7c:
         da:d1:43:b6:28:94:22:19:55:80:5e:ec:dd:e3:1c:78:c9:aa:
         b1:62:63:15:83:a6:ac:46:3e:98:de:ca:c4:b5:90:20:c3:da:
         78:03:af:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdGTivIH3yQjfU9AOc56eQBLHk0owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAyMDU2WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTFhMDM2ZDkxZTVjZTFmYWMxODM4OGE3OTU1YThkOGQ1
MDJhMzllMGZmY2I1YTJhYjZhMTZiZmZjZGEwN2Y4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBDIUUFThdEs0kNvHsOCl8YEQaBPqjeOk/tdoPTfIOCpT2
qfEhJ+v4plWEpd03bCcngnOrDK0tKLoj6ZUb+gN8OaLbHWTnwbiOdH3ddcii0a1s
itHY7AAY3zfzy2DumCgXyAFH8bKGDpJnAhNp7q8nJKksT8MXGfwRMrRnpqmNNQq0
eS8kCssvXcwi+He1+MYJo+Q9eP8hg6ZzTUVdJeZhvq6jX/A8YlgfmynExeCACQuf
K2MklnSkFyKK120oB+cydIAV2vAyXROgODo4QfRS0/1Lf0/LiWXmXsmIcuEO7Wbg
hXPpXNWVM8AFqlLPzMLSfgG64/5+kdkMZMVQuViPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlwqCQAlIZkXwpcSjdxTg3lbj+SswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhlNDlmMjVlLWQxMjAtNGYwOS1hYWNjLWJmNDk5NTQwNWI1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYyE4AwDQYJKoZIhvcNAQELBQADggEBAKpqsRnFXj7LVh/GWu6RoDdR+H/E
GgKb7tsA4huNM9WeTsUMdtQF1+kPESSACpAAAHY2mNzBEqHu2cvTS+RArEuluWW8
lAxVI9IrAusFg19ZuCDckxmKpNW45GZCJzv0bJfNkNfOHSKWIVdrfs6+ZUrX2DWi
+n7Uq63vzl2ms/qHV2pGA54K5zjVRvzd201Op3W/+VC/gB2kNoKYay+s0EL9HWQ0
vlrFx6MRpF+DgBFCe/KGJt4rljVMoiLsp8nzeh52aWltlWSUl/kZZxEH0z4xO+R+
9Y8efNrRQ7YolCIZVYBe7N3jHHjJqrFiYxWDpqxGPpjeysS1kCDD2ngDrx0=
-----END CERTIFICATE-----