Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3551575-fda8-40cd-a012-2dd98f54a35c.roa
File:                     a3551575-fda8-40cd-a012-2dd98f54a35c.roa (raw, json)
Hash identifier:          mjOXOjgLgzO/Fvaq7ezClHbW+Pp6+NlIUpZJWtgg+Mc=
Subject key identifier:   6C:29:EE:2B:36:6E:42:29:28:62:C3:B8:27:23:1D:D1:34:8A:18:5A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13FDBFE5A5C06932A6CCB7BBACA6ED3CA414623C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3551575-fda8-40cd-a012-2dd98f54a35c.roa
Signing time:             Sat 01 Nov 2025 01:00:06 +0000
ROA not before:           Sat 01 Nov 2025 01:00:06 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.13.96.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:fd:bf:e5:a5:c0:69:32:a6:cc:b7:bb:ac:a6:ed:3c:a4:14:62:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 01:00:06 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=a97924588ff1f04efc8f91963c5106c1319485e0b11da2918bdbdf7efb8f1642, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4b:05:24:0f:10:15:5c:ca:27:af:0d:54:ad:
                    92:b8:66:d3:be:4b:bc:4c:8c:a1:7b:a3:52:d5:4e:
                    03:29:c6:f2:85:fa:56:a4:f0:42:db:05:56:66:b4:
                    42:10:c2:2f:14:c8:b6:92:1e:e1:1b:09:6f:6a:d1:
                    54:06:ee:46:87:88:24:08:c6:b3:85:0f:3a:e9:85:
                    76:f0:e4:69:e8:c2:b5:df:9f:f6:a1:1a:50:74:1d:
                    a2:50:2a:83:04:45:0a:52:c1:d7:48:21:e5:28:b3:
                    f3:e5:c2:64:1b:64:c2:b2:8d:61:52:63:ad:e6:92:
                    31:eb:de:1b:ea:61:43:e3:86:e3:1a:06:d9:6d:ca:
                    6c:32:ba:1c:44:4e:02:bf:60:0c:04:a0:f5:68:6d:
                    88:e6:0f:2c:f7:64:56:1e:5b:c8:88:d4:07:ca:7a:
                    d0:7a:30:f1:28:f1:c6:40:0e:05:e6:13:63:5a:5b:
                    ad:9e:2f:32:7c:72:1e:1c:42:f3:39:61:07:b1:e9:
                    a6:70:b1:c4:f2:fd:ba:d6:d6:03:35:38:f4:f5:64:
                    fa:2c:81:d3:d5:9b:d2:02:9e:ca:b7:8d:3c:e2:2f:
                    e4:bf:a4:00:37:26:ce:18:06:7d:68:95:a7:f6:04:
                    52:2f:ac:3a:90:ec:a3:51:9b:1c:ea:e8:11:76:da:
                    56:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:29:EE:2B:36:6E:42:29:28:62:C3:B8:27:23:1D:D1:34:8A:18:5A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3551575-fda8-40cd-a012-2dd98f54a35c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.13.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         81:fa:e6:18:85:96:1f:54:62:e5:a7:02:b1:34:5c:19:6d:94:
         88:00:ad:b9:c8:cd:1f:a4:8e:3c:6c:55:e3:c8:76:1a:28:3a:
         d1:7d:bd:e3:06:88:0f:6b:cb:d1:a4:6f:c6:e7:41:33:00:99:
         85:49:b6:7a:8d:4e:ac:f6:58:a7:48:72:b3:f2:2d:bc:82:9e:
         2e:2c:ef:89:ef:00:f7:0d:a9:90:26:64:41:86:7a:41:fc:ad:
         0a:9f:7f:d2:26:23:95:e1:bc:6b:e5:7c:c6:0a:a5:2a:fa:b4:
         09:c1:42:04:f4:82:a0:64:f6:6d:8f:c6:99:fa:19:01:19:c8:
         9d:37:7a:9b:af:55:83:9c:92:6c:7d:40:6a:07:21:16:62:b2:
         90:90:03:27:17:cb:2b:8c:10:50:51:4a:88:ad:20:3f:f6:55:
         62:dd:1e:6e:75:3d:0e:9e:a1:97:38:a0:0e:48:c0:b0:f6:fb:
         f9:af:96:8d:43:e1:b2:ff:ea:e6:0a:eb:28:47:b1:03:dc:04:
         b9:ba:c3:f8:29:93:23:03:a1:f6:61:70:75:61:96:71:4f:60:
         22:60:5a:d5:3d:9b:7e:3e:d0:3e:72:83:99:56:68:ae:ac:c0:
         29:0f:d9:88:8f:0b:44:e8:6c:ae:df:5a:84:d3:44:60:bf:03:
         6c:88:b3:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE/2/5aXAaTKmzLe7rKbtPKQUYjwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDEwMDA2WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTc5MjQ1ODhmZjFmMDRlZmM4ZjkxOTYzYzUxMDZjMTMx
OTQ4NWUwYjExZGEyOTE4YmRiZGY3ZWZiOGYxNjQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCySwUkDxAVXMonrw1UrZK4ZtO+S7xMjKF7o1LVTgMpxvKF
+lak8ELbBVZmtEIQwi8UyLaSHuEbCW9q0VQG7kaHiCQIxrOFDzrphXbw5GnowrXf
n/ahGlB0HaJQKoMERQpSwddIIeUos/PlwmQbZMKyjWFSY63mkjHr3hvqYUPjhuMa
BtltymwyuhxETgK/YAwEoPVobYjmDyz3ZFYeW8iI1AfKetB6MPEo8cZADgXmE2Na
W62eLzJ8ch4cQvM5YQex6aZwscTy/brW1gM1OPT1ZPosgdPVm9ICnsq3jTziL+S/
pAA3Js4YBn1olaf2BFIvrDqQ7KNRmxzq6BF22laNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbCnuKzZuQikoYsO4JyMd0TSKGFowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzNTUxNTc1LWZkYTgtNDBjZC1hMDEyLTJkZDk4ZjU0YTM1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXGDWAwDQYJKoZIhvcNAQELBQADggEBAIH65hiFlh9UYuWnArE0XBltlIgA
rbnIzR+kjjxsVePIdhooOtF9veMGiA9ry9Gkb8bnQTMAmYVJtnqNTqz2WKdIcrPy
LbyCni4s74nvAPcNqZAmZEGGekH8rQqff9ImI5XhvGvlfMYKpSr6tAnBQgT0gqBk
9m2Pxpn6GQEZyJ03epuvVYOckmx9QGoHIRZispCQAycXyyuMEFBRSoitID/2VWLd
Hm51PQ6eoZc4oA5IwLD2+/mvlo1D4bL/6uYK6yhHsQPcBLm6w/gpkyMDofZhcHVh
lnFPYCJgWtU9m34+0D5yg5lWaK6swCkP2YiPC0TobK7fWoTTRGC/A2yIs00=
-----END CERTIFICATE-----