Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6d0499-6523-42dc-96f7-6d729660d8b6.roa
File:                     9f6d0499-6523-42dc-96f7-6d729660d8b6.roa (raw, json)
Hash identifier:          /c8Pu1GReKmQt7039yWbEjQg+JhGsEsTHmnjQZ6h9nE=
Subject key identifier:   B8:61:32:E5:96:8A:A4:FA:37:D6:8E:A0:D1:AC:34:9B:EE:60:AB:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56DFF82BD6FD04F2D035A42254A9BB7D5C9AA712
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6d0499-6523-42dc-96f7-6d729660d8b6.roa
Signing time:             Fri 31 Oct 2025 00:00:14 +0000
ROA not before:           Fri 31 Oct 2025 00:00:14 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.238.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:df:f8:2b:d6:fd:04:f2:d0:35:a4:22:54:a9:bb:7d:5c:9a:a7:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:00:14 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=d039953588e23e12345fdf2fd753b9e9d8060901b138eb2a8b192801c3089163, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c0:9c:54:c9:01:e6:c5:bb:3c:83:a5:e5:91:
                    a4:f9:b7:8c:a5:0a:82:6e:56:79:ab:a3:07:34:ce:
                    26:75:14:e9:2e:6f:a3:3c:c5:78:fa:ed:87:e4:b0:
                    fa:69:4e:6f:cd:30:2a:11:0f:12:c6:d4:3f:35:c5:
                    54:b3:f5:ad:90:00:a0:7c:34:0d:e2:77:20:1b:20:
                    3a:c4:42:30:da:ac:4b:ed:78:73:cd:a4:13:70:10:
                    52:d5:f4:02:65:05:ad:64:c2:e5:3f:88:7a:bc:f5:
                    81:db:74:22:ba:cf:42:06:a6:b6:7d:55:da:b1:58:
                    af:c8:b0:56:5e:8a:b5:4d:ea:d3:bb:ba:49:53:72:
                    cf:a9:5d:d9:01:30:b7:65:2d:73:de:47:b0:c6:0a:
                    7e:9d:5d:d9:96:21:3d:b9:66:e7:bf:1e:02:25:b5:
                    78:c0:93:cf:d7:f7:34:04:c0:73:24:8f:6f:38:d8:
                    c2:5f:d2:af:8d:c3:31:ea:27:c0:6f:5a:b3:df:d0:
                    27:eb:81:3e:4d:39:56:a7:f5:e1:f0:05:78:c7:f9:
                    d0:9a:7d:e7:58:dc:4e:15:33:d7:2f:7d:5e:97:ba:
                    aa:d9:b6:bf:42:71:4f:6b:7f:58:2d:e6:63:dc:a7:
                    00:6e:48:a4:42:97:e9:f5:2b:93:1b:ec:c9:61:56:
                    32:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:61:32:E5:96:8A:A4:FA:37:D6:8E:A0:D1:AC:34:9B:EE:60:AB:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6d0499-6523-42dc-96f7-6d729660d8b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.238.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         2b:f6:31:36:78:e7:27:0a:25:63:6c:94:64:dc:f0:c7:ac:a6:
         72:8c:ab:52:9b:9b:06:53:b3:88:15:ab:60:bd:61:b2:b5:ae:
         33:3a:95:7f:e9:b3:20:73:b3:05:e2:f8:d9:60:04:fa:58:c3:
         43:72:37:18:97:33:7d:75:18:84:8b:21:ec:79:10:5c:3b:4d:
         55:11:83:ef:15:c9:81:8a:3e:af:26:fc:83:17:94:94:65:48:
         26:34:b3:6f:d4:ff:fd:8a:04:4d:2c:dd:99:80:63:03:db:d9:
         1a:e1:42:0a:bb:25:7a:1e:ec:00:42:d6:33:65:87:35:50:02:
         ff:06:eb:2c:64:ba:12:85:6f:e8:e8:9f:6d:d2:4b:75:0b:2d:
         f8:a2:c6:32:8f:51:28:44:92:aa:36:9c:c1:ff:e3:93:0c:e2:
         d5:38:28:32:fe:ef:60:dd:43:f8:d4:b3:10:3b:68:03:22:d2:
         b6:5e:2f:78:77:7e:db:b1:d7:1f:e6:86:77:2e:29:9a:54:54:
         13:81:ee:a8:ff:c7:fb:f8:e9:dd:1a:6f:be:e9:b7:aa:e3:61:
         03:17:76:fb:e2:6a:04:05:c8:30:4c:ed:40:0a:cf:16:ee:2f:
         e3:60:cc:7e:87:dd:f3:81:c8:30:6c:97:4a:11:53:33:f0:f3:
         e3:38:85:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVt/4K9b9BPLQNaQiVKm7fVyapxIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAwMDE0WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMDM5OTUzNTg4ZTIzZTEyMzQ1ZmRmMmZkNzUzYjllOWQ4
MDYwOTAxYjEzOGViMmE4YjE5MjgwMWMzMDg5MTYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5wJxUyQHmxbs8g6XlkaT5t4ylCoJuVnmrowc0ziZ1FOku
b6M8xXj67YfksPppTm/NMCoRDxLG1D81xVSz9a2QAKB8NA3idyAbIDrEQjDarEvt
eHPNpBNwEFLV9AJlBa1kwuU/iHq89YHbdCK6z0IGprZ9VdqxWK/IsFZeirVN6tO7
uklTcs+pXdkBMLdlLXPeR7DGCn6dXdmWIT25Zue/HgIltXjAk8/X9zQEwHMkj284
2MJf0q+NwzHqJ8BvWrPf0CfrgT5NOVan9eHwBXjH+dCafedY3E4VM9cvfV6XuqrZ
tr9CcU9rf1gt5mPcpwBuSKRCl+n1K5Mb7MlhVjI/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuGEy5ZaKpPo31o6g0aw0m+5gqzkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmNmQwNDk5LTY1MjMtNDJkYy05NmY3LTZkNzI5NjYwZDhiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcX7oAwDQYJKoZIhvcNAQELBQADggEBACv2MTZ45ycKJWNslGTc8MespnKM
q1KbmwZTs4gVq2C9YbK1rjM6lX/psyBzswXi+NlgBPpYw0NyNxiXM311GISLIex5
EFw7TVURg+8VyYGKPq8m/IMXlJRlSCY0s2/U//2KBE0s3ZmAYwPb2RrhQgq7JXoe
7ABC1jNlhzVQAv8G6yxkuhKFb+jon23SS3ULLfiixjKPUShEkqo2nMH/45MM4tU4
KDL+72DdQ/jUsxA7aAMi0rZeL3h3ftux1x/mhncuKZpUVBOB7qj/x/v46d0ab77p
t6rjYQMXdvviagQFyDBM7UAKzxbuL+NgzH6H3fOByDBsl0oRUzPw8+M4hSE=
-----END CERTIFICATE-----