Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a53817fd-b599-4741-a058-100f3660315d.roa
File:                     a53817fd-b599-4741-a058-100f3660315d.roa (raw, json)
Hash identifier:          vnWHG2oBeJmUA13QWcXyJ6ZEFmBIhQyS6wKbUegaoaE=
Subject key identifier:   62:A4:7F:5E:83:15:96:0A:F1:41:3F:0F:1A:97:4F:E1:B6:42:B4:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       41A6EC15A419CB75FFF98818D9390DA59D0D5F84
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a53817fd-b599-4741-a058-100f3660315d.roa
Signing time:             Sun 02 Nov 2025 00:31:14 +0000
ROA not before:           Sun 02 Nov 2025 00:31:14 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        163.3.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:a6:ec:15:a4:19:cb:75:ff:f9:88:18:d9:39:0d:a5:9d:0d:5f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:31:14 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=094abfb8da0ef0c7e696c7c9ef6c857ecea770380cac8c642773e4a160af35db, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:79:78:9a:39:59:f8:f1:17:70:f9:bc:f9:e7:
                    16:90:fb:a7:71:fe:f5:6c:fa:9f:ec:9e:ef:0b:88:
                    aa:69:78:ad:f1:04:55:bf:e8:8d:bc:2c:92:e5:f0:
                    33:74:8c:70:f1:6c:94:15:04:19:00:3f:12:44:bc:
                    da:e1:50:50:63:76:ac:82:f1:d8:41:67:05:78:fd:
                    92:5d:cc:a1:e5:9f:80:24:65:77:5c:22:e1:14:1f:
                    3e:a3:93:3a:2f:55:f7:6c:53:7f:f4:e9:ce:92:fd:
                    53:aa:d3:d3:f4:be:93:59:ba:a2:6c:5f:56:bb:25:
                    b8:18:ff:00:55:0e:ff:37:6d:21:24:dc:de:08:87:
                    8d:8c:e8:34:33:24:ff:73:48:5c:63:e5:45:a0:30:
                    8b:5f:9c:b6:d5:e0:b4:cf:5a:4b:e4:a4:88:14:0a:
                    cd:5d:bf:22:94:a0:38:29:16:de:fc:29:8b:e2:ee:
                    bd:7a:64:8c:f7:fd:9f:f6:80:71:4f:39:96:0a:db:
                    51:1c:bc:c3:c9:fb:06:42:58:7c:c8:44:13:3e:b3:
                    c7:25:00:12:ed:23:41:48:ad:c5:1f:34:15:0d:ec:
                    71:83:87:16:9b:ab:fa:c9:63:52:79:a8:ce:c4:cb:
                    51:66:ac:91:1d:fb:67:71:91:e0:5c:f6:d8:16:a4:
                    d8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A4:7F:5E:83:15:96:0A:F1:41:3F:0F:1A:97:4F:E1:B6:42:B4:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a53817fd-b599-4741-a058-100f3660315d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.3.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5f:f0:aa:b1:45:66:cb:3d:9f:fd:37:90:f8:cf:3b:ab:55:26:
         4a:01:ed:45:a0:d6:ff:55:a9:83:b1:87:9c:b0:a3:5b:13:1f:
         4c:b5:3b:ef:38:b0:7c:44:09:2e:9a:ba:fc:a5:f4:f9:d0:18:
         e8:21:3f:f8:d2:10:fd:71:9f:21:59:7f:a7:af:c0:d7:64:1c:
         36:f2:96:ce:96:4c:12:aa:e6:b8:20:07:fb:97:c8:5b:7a:7d:
         8c:3c:2b:c3:f8:a3:0c:6e:b6:aa:9f:72:85:ec:39:69:36:69:
         d2:f4:61:57:a0:fa:10:54:4d:c4:d3:c6:88:e8:a5:56:73:06:
         5f:b1:09:c8:fa:f7:16:69:27:16:0a:40:f8:fd:a7:c0:0d:22:
         48:fb:14:59:95:04:ec:b3:56:48:54:40:ff:8e:aa:e4:8a:1f:
         bb:4e:3d:b4:56:90:6e:53:7d:80:13:35:7d:12:c5:42:51:cc:
         a9:0c:77:18:ca:61:a6:43:60:34:31:3b:bc:bd:85:ed:15:20:
         75:22:3e:e7:6c:ce:4f:9b:98:57:fa:18:de:1a:cc:e4:93:e5:
         3f:4e:16:0e:2f:57:70:f4:b1:4b:18:70:66:59:18:18:75:c4:
         d8:ca:94:13:af:69:b4:b0:fc:a7:c5:cf:85:4b:9f:01:e1:29:
         e0:c8:2f:de
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQabsFaQZy3X/+YgY2TkNpZ0NX4QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMTE0WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwOTRhYmZiOGRhMGVmMGM3ZTY5NmM3YzllZjZjODU3ZWNl
YTc3MDM4MGNhYzhjNjQyNzczZTRhMTYwYWYzNWRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOeXiaOVn48Rdw+bz55xaQ+6dx/vVs+p/snu8LiKppeK3x
BFW/6I28LJLl8DN0jHDxbJQVBBkAPxJEvNrhUFBjdqyC8dhBZwV4/ZJdzKHln4Ak
ZXdcIuEUHz6jkzovVfdsU3/06c6S/VOq09P0vpNZuqJsX1a7JbgY/wBVDv83bSEk
3N4Ih42M6DQzJP9zSFxj5UWgMItfnLbV4LTPWkvkpIgUCs1dvyKUoDgpFt78KYvi
7r16ZIz3/Z/2gHFPOZYK21EcvMPJ+wZCWHzIRBM+s8clABLtI0FIrcUfNBUN7HGD
hxabq/rJY1J5qM7Ey1FmrJEd+2dxkeBc9tgWpNipAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYqR/XoMVlgrxQT8PGpdP4bZCtMUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1MzgxN2ZkLWI1OTktNDc0MS1hMDU4LTEwMGYzNjYwMzE1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCjAzANBgkqhkiG9w0BAQsFAAOCAQEAX/CqsUVmyz2f/TeQ+M87q1UmSgHt
RaDW/1Wpg7GHnLCjWxMfTLU77ziwfEQJLpq6/KX0+dAY6CE/+NIQ/XGfIVl/p6/A
12QcNvKWzpZMEqrmuCAH+5fIW3p9jDwrw/ijDG62qp9yhew5aTZp0vRhV6D6EFRN
xNPGiOilVnMGX7EJyPr3FmknFgpA+P2nwA0iSPsUWZUE7LNWSFRA/46q5Iofu049
tFaQblN9gBM1fRLFQlHMqQx3GMphpkNgNDE7vL2F7RUgdSI+52zOT5uYV/oY3hrM
5JPlP04WDi9XcPSxSxhwZlkYGHXE2MqUE69ptLD8p8XPhUufAeEp4Mgv3g==
-----END CERTIFICATE-----