Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/987ee270-8da2-44b1-b542-2a58beb5c981.roa
File:                     987ee270-8da2-44b1-b542-2a58beb5c981.roa (raw, json)
Hash identifier:          yKYbpKnKAxhHIZyqTg/m7rxmxWGdam0cgRwfdqye2BI=
Subject key identifier:   AE:9F:CD:1C:5B:00:51:12:4D:FA:A5:50:55:B9:C8:16:43:BC:0F:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0D5D2D79BF8E9CB7DB1E1C0FC1874E718DC495A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/987ee270-8da2-44b1-b542-2a58beb5c981.roa
Signing time:             Fri 31 Oct 2025 00:10:36 +0000
ROA not before:           Fri 31 Oct 2025 00:10:36 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        13.128.96.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:5d:2d:79:bf:8e:9c:b7:db:1e:1c:0f:c1:87:4e:71:8d:c4:95:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:10:36 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=6d71f9fdec2e42933fc005593a82457fc889374bdc09513e12382c01f969a4ac, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e2:39:af:4d:bb:44:a0:4c:28:a7:d4:f1:0a:
                    78:8b:c3:2a:d1:4f:e0:79:a5:cf:41:6d:02:85:f6:
                    17:74:6f:84:bb:ff:85:b4:2f:3a:4d:fa:a5:ad:8e:
                    b0:51:4c:81:a5:13:b6:a7:57:59:ae:1c:f6:fc:e8:
                    39:fc:24:92:3d:93:b9:48:e4:53:1f:d8:8a:23:6d:
                    38:bc:44:14:2e:c5:ed:7d:89:81:d8:8d:f5:c1:02:
                    19:a6:94:7f:4a:a5:1f:f3:71:96:f5:ca:83:69:3b:
                    f7:45:79:f3:f8:e7:86:33:2a:07:48:7a:de:57:57:
                    7e:fb:01:11:6e:4f:31:34:1e:6b:5e:be:39:97:5a:
                    74:c5:c4:e1:89:b3:dd:8d:63:b4:1b:a8:c7:d9:91:
                    a2:ff:7a:f6:ad:8d:8e:95:23:1e:24:28:ce:db:ec:
                    cf:ce:17:24:19:37:ec:ba:db:8d:ae:03:d6:15:b2:
                    17:f8:5a:f6:1a:a5:8e:17:e1:ce:8b:f4:44:c7:15:
                    3c:66:8c:f1:91:a8:2f:de:54:51:1d:c5:0d:76:ff:
                    30:9b:f4:b8:51:5e:ff:3e:3c:79:4f:c2:d4:de:ca:
                    17:59:92:54:db:53:e6:37:42:8e:91:c2:47:a1:a0:
                    6b:48:3b:b4:d9:c0:d6:c3:03:ad:09:2e:40:61:a0:
                    6d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:9F:CD:1C:5B:00:51:12:4D:FA:A5:50:55:B9:C8:16:43:BC:0F:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/987ee270-8da2-44b1-b542-2a58beb5c981.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.128.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         78:4f:2d:78:13:b6:3d:ee:c2:44:33:96:45:57:8c:3c:57:ba:
         1b:de:47:b9:16:cb:c7:cf:0e:e1:14:53:e7:0e:31:a7:1d:86:
         ed:29:c9:83:2c:de:d9:a6:b3:6e:4c:7a:6b:f3:26:59:af:bf:
         6d:2d:56:e2:dc:61:16:a5:64:8d:1f:50:9f:32:1a:25:d6:06:
         d1:b0:bd:c2:59:22:2b:fd:17:8c:26:63:f3:fe:18:95:01:22:
         1b:f0:59:69:76:73:bd:d0:37:62:f6:d7:9a:f3:df:cb:3c:2b:
         b4:7f:c3:4b:4a:3a:aa:75:10:97:be:28:e4:6c:08:59:ae:e5:
         b5:12:bb:56:cd:f4:47:3d:67:2b:1a:d9:64:d7:81:d9:5c:8b:
         c4:55:c8:79:d9:b4:de:c6:c7:04:b9:d5:11:bd:a0:9d:8c:95:
         64:51:cb:3e:98:8b:9e:f7:6a:cb:d1:7e:35:c6:b9:cd:c6:b3:
         7a:d3:1a:1f:f4:dd:f0:83:6e:fc:27:dc:15:6a:07:c2:60:9c:
         cb:bc:df:19:92:ed:03:aa:cc:86:d5:96:c7:dc:93:5a:f0:da:
         87:a7:24:0b:6e:1e:bd:28:92:d2:fa:96:28:39:39:d5:5c:8a:
         d6:4b:0d:c4:f7:47:0d:71:35:6e:2a:77:17:ed:35:cf:6a:dd:
         2f:88:46:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDV0teb+OnLfbHhwPwYdOcY3ElaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAxMDM2WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDcxZjlmZGVjMmU0MjkzM2ZjMDA1NTkzYTgyNDU3ZmM4
ODkzNzRiZGMwOTUxM2UxMjM4MmMwMWY5NjlhNGFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC94jmvTbtEoEwop9TxCniLwyrRT+B5pc9BbQKF9hd0b4S7
/4W0LzpN+qWtjrBRTIGlE7anV1muHPb86Dn8JJI9k7lI5FMf2IojbTi8RBQuxe19
iYHYjfXBAhmmlH9KpR/zcZb1yoNpO/dFefP454YzKgdIet5XV377ARFuTzE0Hmte
vjmXWnTFxOGJs92NY7QbqMfZkaL/evatjY6VIx4kKM7b7M/OFyQZN+y6242uA9YV
shf4WvYapY4X4c6L9ETHFTxmjPGRqC/eVFEdxQ12/zCb9LhRXv8+PHlPwtTeyhdZ
klTbU+Y3Qo6RwkehoGtIO7TZwNbDA60JLkBhoG3rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrp/NHFsAURJN+qVQVbnIFkO8D8IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4N2VlMjcwLThkYTItNDRiMS1iNTQyLTJhNThiZWI1Yzk4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQNgGAwDQYJKoZIhvcNAQELBQADggEBAHhPLXgTtj3uwkQzlkVXjDxXuhve
R7kWy8fPDuEUU+cOMacdhu0pyYMs3tmms25MemvzJlmvv20tVuLcYRalZI0fUJ8y
GiXWBtGwvcJZIiv9F4wmY/P+GJUBIhvwWWl2c73QN2L215rz38s8K7R/w0tKOqp1
EJe+KORsCFmu5bUSu1bN9Ec9Zysa2WTXgdlci8RVyHnZtN7GxwS51RG9oJ2MlWRR
yz6Yi573asvRfjXGuc3Gs3rTGh/03fCDbvwn3BVqB8JgnMu83xmS7QOqzIbVlsfc
k1rw2oenJAtuHr0oktL6lig5OdVcitZLDcT3Rw1xNW4qdxftNc9q3S+IRkY=
-----END CERTIFICATE-----