Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b291d7d3-1582-4d15-9362-848d2950798a.roa
File:                     b291d7d3-1582-4d15-9362-848d2950798a.roa (raw, json)
Hash identifier:          loyVieOzdoDhRuv1heFAq11/oDx+vL+uVvz8s+tLN38=
Subject key identifier:   AC:4E:E2:1D:3C:AD:80:86:CB:9A:83:64:0C:2C:AB:D3:89:09:10:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0DDD03EE6A9882BEDC5B7061EC30267832E9AAE4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b291d7d3-1582-4d15-9362-848d2950798a.roa
Signing time:             Sat 25 Oct 2025 00:20:49 +0000
ROA not before:           Sat 25 Oct 2025 00:20:49 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.148.96.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:dd:03:ee:6a:98:82:be:dc:5b:70:61:ec:30:26:78:32:e9:aa:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:20:49 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=0727566a4079dbb2f559c3eb231297982918a4a903e4eaa6dae653ab098900e2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:73:2e:3d:05:eb:c6:3b:43:16:f9:61:15:d0:
                    c5:b6:f4:bd:fd:26:85:36:76:16:53:ca:17:dd:11:
                    c9:da:4d:1a:88:dd:9e:14:52:f0:29:4c:00:0a:94:
                    4b:5a:54:8b:7a:e9:0b:0a:ba:0f:56:ba:fe:20:60:
                    fc:4e:e2:b9:39:e4:8f:e9:8e:31:2d:22:d2:81:fa:
                    5e:ef:43:56:e5:7e:b8:a1:be:f7:47:50:64:c5:61:
                    23:a1:45:f0:44:bc:dd:34:99:17:c0:72:54:15:99:
                    41:f0:8a:92:70:24:83:59:b7:10:91:c6:0b:3e:00:
                    4c:46:3a:60:8c:83:b4:12:6f:4b:e2:d0:1f:66:13:
                    b0:bd:d3:71:0c:1a:d5:1d:b4:b2:fc:eb:07:94:0d:
                    c8:cf:a1:04:c3:b9:ae:2e:2f:43:c4:c8:4a:ff:49:
                    be:c9:c6:93:c5:c2:41:87:fd:c1:4b:34:b0:1f:be:
                    5a:aa:2b:ad:10:7c:b2:60:0a:76:b8:cc:d0:54:14:
                    86:55:91:e5:85:c8:4b:5f:52:c4:62:59:e6:41:74:
                    42:b7:70:b6:5b:29:da:ee:88:b3:6f:72:a1:37:92:
                    4e:8b:15:41:c2:8c:ba:5d:c6:b0:1f:28:28:32:a7:
                    58:cd:01:4c:06:b2:d2:75:94:d2:e0:4d:c3:50:9c:
                    3a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:4E:E2:1D:3C:AD:80:86:CB:9A:83:64:0C:2C:AB:D3:89:09:10:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b291d7d3-1582-4d15-9362-848d2950798a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.148.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         79:d1:5a:70:24:43:29:9d:54:81:d0:28:bc:8d:e2:fb:ef:9d:
         80:33:bf:35:40:3d:c2:5c:60:ec:16:6d:53:32:9b:f1:16:bb:
         d5:6f:52:cd:10:1e:9b:56:7b:cc:1f:dd:be:a2:29:ba:39:52:
         e3:7d:da:28:9c:fa:9e:b3:54:00:b2:5a:75:8b:6d:da:da:d9:
         11:b3:b8:1b:94:9d:71:a4:5d:40:e7:b4:d1:14:2d:03:7c:28:
         14:84:76:2f:63:54:70:b2:40:bc:4d:ac:32:eb:27:24:ee:d8:
         c3:cc:9b:b2:da:30:d0:d5:bf:5e:c4:da:31:c2:aa:9f:9b:89:
         0c:32:35:6a:ca:93:cc:a2:92:70:be:c1:22:2f:a1:49:ec:d5:
         40:8e:e5:bf:1f:83:12:52:13:9d:8a:ff:25:b3:71:16:4e:fc:
         94:5b:ce:14:16:87:de:2e:90:65:27:d2:24:b9:99:99:2f:a3:
         7a:af:8f:d7:bb:34:a4:2c:82:73:8b:96:92:77:ea:f4:86:a8:
         64:4d:90:9f:d5:46:97:96:c8:e3:52:d2:d2:f4:6e:b3:b3:2e:
         23:74:19:d1:09:ee:f2:67:a5:36:41:86:fe:a3:4d:54:6a:8c:
         af:4d:67:fc:70:ea:d7:47:ce:2b:4b:19:b8:9a:ca:7a:24:bc:
         53:75:38:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDd0D7mqYgr7cW3Bh7DAmeDLpquQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAyMDQ5WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzI3NTY2YTQwNzlkYmIyZjU1OWMzZWIyMzEyOTc5ODI5
MThhNGE5MDNlNGVhYTZkYWU2NTNhYjA5ODkwMGUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDycy49BevGO0MW+WEV0MW29L39JoU2dhZTyhfdEcnaTRqI
3Z4UUvApTAAKlEtaVIt66QsKug9Wuv4gYPxO4rk55I/pjjEtItKB+l7vQ1blfrih
vvdHUGTFYSOhRfBEvN00mRfAclQVmUHwipJwJINZtxCRxgs+AExGOmCMg7QSb0vi
0B9mE7C903EMGtUdtLL86weUDcjPoQTDua4uL0PEyEr/Sb7JxpPFwkGH/cFLNLAf
vlqqK60QfLJgCna4zNBUFIZVkeWFyEtfUsRiWeZBdEK3cLZbKdruiLNvcqE3kk6L
FUHCjLpdxrAfKCgyp1jNAUwGstJ1lNLgTcNQnDoFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrE7iHTytgIbLmoNkDCyr04kJENgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyOTFkN2QzLTE1ODItNGQxNS05MzYyLTg0OGQyOTUwNzk4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXGlGAwDQYJKoZIhvcNAQELBQADggEBAHnRWnAkQymdVIHQKLyN4vvvnYAz
vzVAPcJcYOwWbVMym/EWu9VvUs0QHptWe8wf3b6iKbo5UuN92iic+p6zVACyWnWL
bdra2RGzuBuUnXGkXUDntNEULQN8KBSEdi9jVHCyQLxNrDLrJyTu2MPMm7LaMNDV
v17E2jHCqp+biQwyNWrKk8yiknC+wSIvoUns1UCO5b8fgxJSE52K/yWzcRZO/JRb
zhQWh94ukGUn0iS5mZkvo3qvj9e7NKQsgnOLlpJ36vSGqGRNkJ/VRpeWyONS0tL0
brOzLiN0GdEJ7vJnpTZBhv6jTVRqjK9NZ/xw6tdHzitLGbiaynokvFN1OEE=
-----END CERTIFICATE-----