Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aff5f6ba-f0fc-4111-b2db-2eb6d2591660.roa
File:                     aff5f6ba-f0fc-4111-b2db-2eb6d2591660.roa (raw, json)
Hash identifier:          en6Dp4u6O4TuMk6PPw0Q3Ac829K9oCRmRl1lMnkAwXA=
Subject key identifier:   D1:73:2F:1C:1D:C7:89:B9:8D:01:C5:27:E7:C6:38:E9:A9:85:EF:4D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       61A117DB6618A566DB8F991ADA76ECC794F50EED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aff5f6ba-f0fc-4111-b2db-2eb6d2591660.roa
Signing time:             Fri 31 Oct 2025 00:50:03 +0000
ROA not before:           Fri 31 Oct 2025 00:50:03 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.128.128.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:a1:17:db:66:18:a5:66:db:8f:99:1a:da:76:ec:c7:94:f5:0e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:50:03 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=b22e563af83d212993ae53c7b3c48da9635c975efab2ee7f31ff8595bb6949a1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:82:4c:5a:19:0e:9e:e4:a6:98:e5:9c:4d:67:
                    44:d2:ea:23:53:db:2d:9f:ca:3c:56:c7:5a:f7:f5:
                    fb:13:0b:70:7c:99:03:f6:b9:b4:5c:84:1c:74:36:
                    85:4a:27:c1:63:bd:11:04:3a:45:4d:7d:f8:81:b5:
                    92:a9:7b:a5:c1:c2:61:d2:43:65:2a:34:7d:d9:14:
                    de:a3:9e:88:67:4d:9e:2a:6b:3a:d4:59:6d:84:5c:
                    e4:ff:64:fb:26:1f:b3:ef:ca:24:e5:a1:ae:ba:59:
                    28:fd:35:92:34:df:58:de:0c:aa:53:37:6c:a6:b4:
                    35:33:ce:55:91:43:9b:8c:d3:11:bb:1b:68:ce:ec:
                    f5:e4:e3:29:1a:6e:a5:e1:ed:4a:65:db:59:1b:f2:
                    53:2a:23:f4:ac:54:ab:5b:e0:5c:39:4c:00:02:11:
                    86:45:12:f5:bd:9f:40:cb:60:8b:68:d6:9c:3a:fb:
                    fc:4f:2d:bf:65:b9:09:ed:83:d6:5f:b6:2e:c7:41:
                    ea:35:af:f1:d9:7a:f6:a1:87:59:50:37:8b:ed:7a:
                    a8:56:f1:6d:f5:5f:18:2b:73:4e:f2:77:44:4f:04:
                    f2:de:da:93:97:a6:59:dc:16:12:c9:cd:af:d4:ee:
                    1f:09:b6:10:08:de:98:d5:5f:9c:73:ef:71:8d:de:
                    2d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:73:2F:1C:1D:C7:89:B9:8D:01:C5:27:E7:C6:38:E9:A9:85:EF:4D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aff5f6ba-f0fc-4111-b2db-2eb6d2591660.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.128.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b5:cc:66:49:7c:b6:e5:2c:8a:ce:65:58:b8:20:ef:c0:48:a0:
         89:6b:30:4c:67:53:32:ee:dc:d6:fe:f4:d3:3f:e0:fe:13:52:
         14:b3:62:42:86:b0:c5:cc:10:88:48:27:76:95:45:56:54:9b:
         0a:4f:bd:9a:33:0a:7d:51:0f:37:ec:35:f9:15:1b:76:92:8d:
         df:2f:f1:47:48:3a:6e:f3:4d:e2:17:55:0d:3a:05:1e:13:1a:
         b5:64:df:96:89:2c:2f:a2:31:f1:9f:a9:67:3c:d2:e4:9a:d7:
         e7:22:b7:e9:93:5e:0a:be:36:aa:af:9c:a9:97:f1:51:d0:f3:
         b5:6e:49:15:15:9d:20:8e:ce:f5:79:cb:f3:3b:19:50:00:6c:
         85:24:34:a0:fc:5d:1f:d0:ea:74:d0:b7:87:23:f8:fb:5a:f4:
         3b:e2:f5:2e:15:67:98:51:d4:77:ee:e0:38:a3:1a:de:f0:b2:
         00:14:37:27:9b:ed:07:c0:93:24:36:93:7f:18:fe:22:c7:34:
         a1:f3:4d:4d:df:89:d5:6f:fc:e2:9e:b4:3f:a5:9d:44:9d:c6:
         b2:b7:65:3f:a4:7c:e4:6b:ae:6c:9f:8c:45:09:33:96:56:9b:
         ec:c9:d3:62:ff:59:f8:0c:a9:98:44:35:28:9c:ba:92:fa:11:
         f2:05:a7:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYaEX22YYpWbbj5ka2nbsx5T1Du0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDA1MDAzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjJlNTYzYWY4M2QyMTI5OTNhZTUzYzdiM2M0OGRhOTYz
NWM5NzVlZmFiMmVlN2YzMWZmODU5NWJiNjk0OWExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCngkxaGQ6e5KaY5ZxNZ0TS6iNT2y2fyjxWx1r39fsTC3B8
mQP2ubRchBx0NoVKJ8FjvREEOkVNffiBtZKpe6XBwmHSQ2UqNH3ZFN6jnohnTZ4q
azrUWW2EXOT/ZPsmH7PvyiTloa66WSj9NZI031jeDKpTN2ymtDUzzlWRQ5uM0xG7
G2jO7PXk4ykabqXh7Upl21kb8lMqI/SsVKtb4Fw5TAACEYZFEvW9n0DLYIto1pw6
+/xPLb9luQntg9Zfti7HQeo1r/HZevahh1lQN4vteqhW8W31Xxgrc07yd0RPBPLe
2pOXplncFhLJza/U7h8JthAI3pjVX5xz73GN3i3LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0XMvHB3HibmNAcUn58Y46amF700wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmZjVmNmJhLWYwZmMtNDExMS1iMmRiLTJlYjZkMjU5MTY2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQNgIAwDQYJKoZIhvcNAQELBQADggEBALXMZkl8tuUsis5lWLgg78BIoIlr
MExnUzLu3Nb+9NM/4P4TUhSzYkKGsMXMEIhIJ3aVRVZUmwpPvZozCn1RDzfsNfkV
G3aSjd8v8UdIOm7zTeIXVQ06BR4TGrVk35aJLC+iMfGfqWc80uSa1+cit+mTXgq+
NqqvnKmX8VHQ87VuSRUVnSCOzvV5y/M7GVAAbIUkNKD8XR/Q6nTQt4cj+Pta9Dvi
9S4VZ5hR1Hfu4DijGt7wsgAUNyeb7QfAkyQ2k38Y/iLHNKHzTU3fidVv/OKetD+l
nUSdxrK3ZT+kfORrrmyfjEUJM5ZWm+zJ02L/WfgMqZhENSicupL6EfIFp+Y=
-----END CERTIFICATE-----