Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98c01ba7-e498-4554-afa3-0957c093e390.roa
File:                     98c01ba7-e498-4554-afa3-0957c093e390.roa (raw, json)
Hash identifier:          BQqFW9witfqm8DUiGl1Ruxs3jKldx5mIE8zWAk44W2U=
Subject key identifier:   CB:C8:C5:B5:0E:D2:8E:D1:71:1C:78:19:9A:D9:CD:D6:F8:FF:89:53
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B9C07CB1448EC913FFEA3670158CE854301A731
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98c01ba7-e498-4554-afa3-0957c093e390.roa
Signing time:             Fri 31 Oct 2025 00:30:05 +0000
ROA not before:           Fri 31 Oct 2025 00:30:05 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.128.0.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:9c:07:cb:14:48:ec:91:3f:fe:a3:67:01:58:ce:85:43:01:a7:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:30:05 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=12ac710b6dfd05f53455f3e5f448139215b24ebaa247c247f92ede4dde803a05, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d6:9a:c0:37:b7:1d:b9:fa:16:4e:27:de:ff:
                    f0:65:01:a4:ca:c5:c6:55:94:a8:26:db:90:df:ce:
                    f7:77:2f:00:c7:9b:65:5b:9a:1d:cd:a5:20:e0:dd:
                    ab:f3:e5:ab:a8:4b:6c:06:91:2e:c9:3d:c0:bb:54:
                    a9:1b:b4:61:d4:ea:58:40:e0:d9:4a:d0:e4:6e:aa:
                    5c:34:e4:19:77:65:6e:31:56:47:a6:90:7e:05:77:
                    f2:18:a6:d2:56:8e:72:4e:80:6d:9d:0c:34:2b:11:
                    2d:7e:03:68:40:2b:34:5d:c3:d7:c0:6d:40:65:e3:
                    cc:79:f5:ec:74:70:1f:8d:01:09:50:83:16:f1:5b:
                    80:c9:38:fa:55:78:fc:73:1b:c4:33:4d:3c:bb:35:
                    96:3d:e7:0a:12:10:9d:f9:da:c3:1c:69:15:b1:7d:
                    39:0f:d8:db:14:43:4c:97:c5:09:65:e9:a7:25:51:
                    c5:62:3f:dc:d6:41:21:31:2b:96:53:3b:c5:a6:a6:
                    6f:eb:37:82:6a:14:32:a5:3c:92:a7:0f:18:4b:a2:
                    c1:50:56:10:ea:d6:0f:48:f3:50:64:e8:8e:04:c5:
                    8d:01:48:9a:8d:7f:1e:df:53:99:e0:6f:6b:b1:f0:
                    3a:e9:bc:f2:b6:72:99:79:d5:05:0d:81:8c:04:40:
                    1b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C8:C5:B5:0E:D2:8E:D1:71:1C:78:19:9A:D9:CD:D6:F8:FF:89:53
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98c01ba7-e498-4554-afa3-0957c093e390.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.128.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ab:7a:16:0a:2e:2a:4c:f8:ba:37:4e:35:16:ee:cc:c5:ec:e8:
         e1:8c:15:5d:d4:c8:a5:7a:b0:1d:c1:23:6e:06:22:f3:fe:a4:
         8e:33:90:2a:77:f0:43:95:38:99:de:2d:23:f7:06:c9:5f:e7:
         eb:99:09:a6:04:d5:ee:bc:aa:c2:6d:91:ca:37:69:47:85:4f:
         d7:23:05:50:2d:99:33:a8:bc:b9:a2:fd:76:37:4a:b9:7e:96:
         6a:ca:26:2f:d6:cf:17:da:a9:16:2d:1a:21:07:83:4e:dc:d6:
         6f:d7:bb:29:50:6a:41:00:64:81:45:98:e7:c1:ac:33:d7:f5:
         96:7a:e0:a6:31:43:de:9e:68:75:d5:2f:65:cb:f0:8e:57:99:
         bc:b7:96:18:3f:5f:06:9a:ac:23:65:a6:34:29:fc:54:ea:0b:
         90:b1:99:a6:7e:8f:9b:67:13:cb:a0:ed:06:fa:75:ee:48:4c:
         8e:31:9c:06:9d:c4:27:1a:73:a0:9e:8c:c3:bd:84:a5:38:ac:
         79:71:46:ca:02:04:b0:c0:11:f5:fd:fa:c5:95:72:98:2b:15:
         b0:47:f5:9e:2e:3b:6c:b1:5b:89:70:19:bd:d0:2f:bf:62:7c:
         1d:31:e3:4d:ec:fb:39:dd:45:cb:45:c1:5e:bf:aa:f6:e5:71:
         ed:bb:56:1a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC5wHyxRI7JE//qNnAVjOhUMBpzEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAzMDA1WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmFjNzEwYjZkZmQwNWY1MzQ1NWYzZTVmNDQ4MTM5MjE1
YjI0ZWJhYTI0N2MyNDdmOTJlZGU0ZGRlODAzYTA1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC41prAN7cdufoWTife//BlAaTKxcZVlKgm25Dfzvd3LwDH
m2Vbmh3NpSDg3avz5auoS2wGkS7JPcC7VKkbtGHU6lhA4NlK0ORuqlw05Bl3ZW4x
VkemkH4Fd/IYptJWjnJOgG2dDDQrES1+A2hAKzRdw9fAbUBl48x59ex0cB+NAQlQ
gxbxW4DJOPpVePxzG8QzTTy7NZY95woSEJ352sMcaRWxfTkP2NsUQ0yXxQll6acl
UcViP9zWQSExK5ZTO8Wmpm/rN4JqFDKlPJKnDxhLosFQVhDq1g9I81Bk6I4ExY0B
SJqNfx7fU5ngb2ux8DrpvPK2cpl51QUNgYwEQBuHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUy8jFtQ7SjtFxHHgZmtnN1vj/iVMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4YzAxYmE3LWU0OTgtNDU1NC1hZmEzLTA5NTdjMDkzZTM5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQNgAAwDQYJKoZIhvcNAQELBQADggEBAKt6FgouKkz4ujdONRbuzMXs6OGM
FV3UyKV6sB3BI24GIvP+pI4zkCp38EOVOJneLSP3Bslf5+uZCaYE1e68qsJtkco3
aUeFT9cjBVAtmTOovLmi/XY3Srl+lmrKJi/WzxfaqRYtGiEHg07c1m/XuylQakEA
ZIFFmOfBrDPX9ZZ64KYxQ96eaHXVL2XL8I5Xmby3lhg/XwaarCNlpjQp/FTqC5Cx
maZ+j5tnE8ug7Qb6de5ITI4xnAadxCcac6CejMO9hKU4rHlxRsoCBLDAEfX9+sWV
cpgrFbBH9Z4uO2yxW4lwGb3QL79ifB0x403s+zndRctFwV6/qvblce27Vho=
-----END CERTIFICATE-----