Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78c2cf7-6f29-4895-8a2d-8271a22f1f21.roa
File:                     a78c2cf7-6f29-4895-8a2d-8271a22f1f21.roa (raw, json)
Hash identifier:          hlBkG6Paqfi5h0sYlcvnTzwx1UZ0fLGIxB3B361qW6Y=
Subject key identifier:   99:D9:E4:96:69:E6:CE:D9:61:FF:26:91:CA:F8:02:56:53:F2:6E:99
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6760145ED9BD48E7A8C88E454412C981CCBC81B0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78c2cf7-6f29-4895-8a2d-8271a22f1f21.roa
Signing time:             Fri 31 Oct 2025 21:38:34 +0000
ROA not before:           Fri 31 Oct 2025 21:38:34 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        166.117.48.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:60:14:5e:d9:bd:48:e7:a8:c8:8e:45:44:12:c9:81:cc:bc:81:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 21:38:34 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=5ce172db2e4458485d977c29c48ecb027c68768424cc617426366b4237ce355c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4f:39:dc:43:81:32:f9:d8:60:9b:fb:85:46:
                    ae:d4:c5:81:7c:f2:12:c2:4d:7e:63:19:d0:2a:78:
                    19:2a:ee:b7:b7:3b:e4:a7:9f:64:54:58:9d:41:f0:
                    50:fa:8b:6b:86:3b:41:3e:22:0b:4e:76:3a:a0:3b:
                    b5:fd:50:6e:fb:df:d5:24:72:0f:d4:45:20:85:d2:
                    cb:d7:65:01:93:79:42:cb:37:ce:67:ff:3b:ff:eb:
                    27:e3:d9:75:b9:2d:0a:e6:b1:25:08:94:3e:34:03:
                    b2:8e:14:8e:06:89:da:38:d9:6a:19:5a:c2:42:f8:
                    4e:a5:dc:2c:93:23:b9:9b:d8:ab:43:d6:7e:e3:c0:
                    3d:9f:8b:ed:32:26:f3:5e:dd:09:61:e7:92:4d:6b:
                    63:f6:e1:8b:59:ad:94:0c:eb:c5:22:8b:44:13:ab:
                    7c:10:3f:a0:6b:33:dc:ca:15:b1:6c:11:89:7b:d5:
                    99:cb:7b:4e:df:ad:41:26:b4:1d:26:2a:0b:8e:8a:
                    46:05:d9:df:7d:c1:0a:f8:4d:62:db:a7:5f:dc:da:
                    ea:7d:b2:95:a2:62:ac:f3:09:db:66:d8:4c:52:2c:
                    8d:8e:c1:e6:10:08:eb:d9:c7:13:82:86:99:a5:21:
                    c6:4c:27:5d:96:b9:63:f6:a0:60:59:1a:46:6c:ed:
                    b3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:D9:E4:96:69:E6:CE:D9:61:FF:26:91:CA:F8:02:56:53:F2:6E:99
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a78c2cf7-6f29-4895-8a2d-8271a22f1f21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.117.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         82:c4:88:6b:10:2a:76:98:74:71:f0:dc:86:78:d9:7b:82:41:
         5e:11:d6:cf:25:d7:b9:ad:8a:74:da:7f:01:ee:b7:52:bc:ca:
         65:3f:92:b7:62:e2:12:71:04:08:b4:7d:e4:10:23:f8:04:cc:
         84:58:3b:02:eb:c2:c3:e8:bb:cb:82:d3:15:06:73:fa:59:ae:
         9d:e5:b4:92:08:a9:bb:41:06:49:e0:77:0d:f0:07:ea:12:9c:
         60:0a:ed:9e:67:75:3c:9b:96:dc:d1:92:c9:2e:e2:36:66:73:
         7e:2f:e3:aa:84:31:25:c8:83:ec:42:ed:e6:ee:5a:c7:90:bd:
         6a:a2:0e:b5:89:f6:94:f2:65:67:1b:5d:a2:1f:0a:16:f1:7d:
         b0:ea:42:04:fa:90:35:af:f0:22:2b:0c:b3:f0:65:c1:62:0d:
         a1:9b:b0:18:22:8e:f3:72:ae:6c:fd:a6:53:77:e7:c7:63:e6:
         03:5f:4f:20:9b:05:41:48:6a:03:19:5e:f8:44:4e:ba:c6:a7:
         7f:9e:00:cb:ff:41:3f:e3:53:bf:1b:a4:87:88:d4:6b:31:3d:
         65:d7:b3:99:99:d6:50:70:4d:a8:01:2b:31:67:2b:9d:43:f9:
         50:14:4b:75:f2:8a:d4:34:f3:b0:8f:c1:40:9e:fc:9e:ee:d5:
         ba:e6:12:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ2AUXtm9SOeoyI5FRBLJgcy8gbAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMjEzODM0WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2UxNzJkYjJlNDQ1ODQ4NWQ5NzdjMjljNDhlY2IwMjdj
Njg3Njg0MjRjYzYxNzQyNjM2NmI0MjM3Y2UzNTVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiTzncQ4Ey+dhgm/uFRq7UxYF88hLCTX5jGdAqeBkq7re3
O+Snn2RUWJ1B8FD6i2uGO0E+IgtOdjqgO7X9UG7739Ukcg/URSCF0svXZQGTeULL
N85n/zv/6yfj2XW5LQrmsSUIlD40A7KOFI4Gido42WoZWsJC+E6l3CyTI7mb2KtD
1n7jwD2fi+0yJvNe3Qlh55JNa2P24YtZrZQM68Uii0QTq3wQP6BrM9zKFbFsEYl7
1ZnLe07frUEmtB0mKguOikYF2d99wQr4TWLbp1/c2up9spWiYqzzCdtm2ExSLI2O
weYQCOvZxxOChpmlIcZMJ12WuWP2oGBZGkZs7bNTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmdnklmnmztlh/yaRyvgCVlPybpkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3OGMyY2Y3LTZmMjktNDg5NS04YTJkLTgyNzFhMjJmMWYyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASmdTAwDQYJKoZIhvcNAQELBQADggEBAILEiGsQKnaYdHHw3IZ42XuCQV4R
1s8l17mtinTafwHut1K8ymU/krdi4hJxBAi0feQQI/gEzIRYOwLrwsPou8uC0xUG
c/pZrp3ltJIIqbtBBkngdw3wB+oSnGAK7Z5ndTybltzRksku4jZmc34v46qEMSXI
g+xC7ebuWseQvWqiDrWJ9pTyZWcbXaIfChbxfbDqQgT6kDWv8CIrDLPwZcFiDaGb
sBgijvNyrmz9plN358dj5gNfTyCbBUFIagMZXvhETrrGp3+eAMv/QT/jU78bpIeI
1GsxPWXXs5mZ1lBwTagBKzFnK51D+VAUS3XyitQ087CPwUCe/J7u1brmEhE=
-----END CERTIFICATE-----