Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c97cba-7083-48f3-8280-ad90bc3bee59.roa
File:                     b3c97cba-7083-48f3-8280-ad90bc3bee59.roa (raw, json)
Hash identifier:          jQqcTMiWNkafioUEff/ZzlrGIVOgRXPhimp+lTCVGEo=
Subject key identifier:   E6:AB:4D:B8:9C:02:EA:3D:DE:3C:FB:0A:78:4B:A4:84:CA:56:8F:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       556AF1F1F23F61E982766C1F937A5759124688C9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c97cba-7083-48f3-8280-ad90bc3bee59.roa
Signing time:             Tue 28 Oct 2025 00:31:11 +0000
ROA not before:           Tue 28 Oct 2025 00:31:11 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.10.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:6a:f1:f1:f2:3f:61:e9:82:76:6c:1f:93:7a:57:59:12:46:88:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:31:11 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=258dfc822e2c600d22f2192df30682bd6965102b301539b12820aa9ce84bfa6e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:31:8f:45:49:3f:56:c3:65:e5:b1:ac:32:d5:
                    a6:5b:e8:29:99:73:a9:65:c9:5e:ef:bf:3a:a4:76:
                    b3:3d:9d:54:e0:f5:75:7c:57:ea:75:6f:4c:3d:05:
                    f3:62:98:ac:89:bf:96:51:bf:28:e0:5a:73:72:d9:
                    75:57:54:f7:d2:26:38:c3:12:29:3e:0a:f6:70:85:
                    e4:03:10:79:d9:f4:77:ae:2f:ec:86:28:2e:14:a4:
                    79:69:3a:62:8b:f5:ba:f1:44:59:40:3c:3e:ca:2e:
                    b8:f2:a2:21:c8:97:24:61:e7:a4:95:de:50:ae:4c:
                    68:a4:0c:da:4e:20:1b:b2:d5:99:19:84:1d:c1:23:
                    8b:8b:04:da:1b:23:37:b5:01:da:1b:05:17:1f:07:
                    41:42:ff:da:9c:cc:60:ce:a8:2e:a3:c7:7f:f6:f9:
                    9a:e8:7c:e1:0a:6b:4b:e7:47:0d:05:3b:b9:9a:c6:
                    64:39:af:67:ff:81:58:f1:26:e6:5e:a9:54:37:90:
                    45:d1:a8:d9:30:9f:23:d7:1c:90:d8:c1:af:7a:bd:
                    0c:f3:d1:47:22:ab:54:d2:13:69:60:41:7b:18:77:
                    b4:9a:6e:56:df:69:2d:9a:ef:d8:58:b6:2f:c5:0b:
                    21:d2:6e:c0:95:65:53:52:72:9a:e0:14:f7:e1:75:
                    1b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:AB:4D:B8:9C:02:EA:3D:DE:3C:FB:0A:78:4B:A4:84:CA:56:8F:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c97cba-7083-48f3-8280-ad90bc3bee59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         84:a0:da:5b:f4:b5:ba:8f:76:f9:68:83:90:33:97:b8:4d:b5:
         57:51:2a:3b:bf:84:ae:a0:5c:1a:78:ad:7e:e1:72:28:39:5f:
         bd:fa:f9:20:41:3c:b4:01:8c:92:21:fd:5b:1c:4f:be:02:d6:
         74:72:0b:17:4a:d7:91:0b:af:07:ce:0b:1c:60:9b:04:e0:89:
         4a:17:e5:19:7b:fd:60:1e:23:e7:51:64:00:e1:d2:f5:cc:f4:
         a5:f1:e3:6a:63:6b:a5:42:02:f8:51:f4:ba:2f:b7:3c:20:20:
         85:2b:bf:0e:e8:1e:89:4a:7c:31:11:ba:2e:c1:4b:b5:bb:ea:
         e9:50:77:0e:38:62:41:60:b0:45:1e:fe:2a:e3:17:9b:74:9e:
         ea:73:2a:df:ce:e9:74:99:b6:18:62:be:06:f0:4b:76:11:f4:
         da:01:10:dc:0a:5b:97:1d:e1:5f:b8:7b:05:a0:5f:ca:98:ab:
         74:9a:87:4f:89:2a:a3:c9:be:2a:fa:db:7a:9b:14:b5:21:e0:
         05:6e:81:ef:7e:73:ac:76:95:70:0e:fa:a9:3f:71:41:d3:77:
         55:38:6e:64:5b:83:45:d1:be:56:72:79:da:1b:b9:e4:9b:cd:
         f5:d4:5a:71:78:56:70:79:2d:3b:96:c4:9c:5b:30:86:c7:ae:
         f2:3e:20:85
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVWrx8fI/YemCdmwfk3pXWRJGiMkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAzMTExWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNThkZmM4MjJlMmM2MDBkMjJmMjE5MmRmMzA2ODJiZDY5
NjUxMDJiMzAxNTM5YjEyODIwYWE5Y2U4NGJmYTZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxMY9FST9Ww2Xlsawy1aZb6CmZc6llyV7vvzqkdrM9nVTg
9XV8V+p1b0w9BfNimKyJv5ZRvyjgWnNy2XVXVPfSJjjDEik+CvZwheQDEHnZ9Heu
L+yGKC4UpHlpOmKL9brxRFlAPD7KLrjyoiHIlyRh56SV3lCuTGikDNpOIBuy1ZkZ
hB3BI4uLBNobIze1AdobBRcfB0FC/9qczGDOqC6jx3/2+ZrofOEKa0vnRw0FO7ma
xmQ5r2f/gVjxJuZeqVQ3kEXRqNkwnyPXHJDYwa96vQzz0Uciq1TSE2lgQXsYd7Sa
blbfaS2a79hYti/FCyHSbsCVZVNScprgFPfhdRvNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5qtNuJwC6j3ePPsKeEukhMpWj6kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzYzk3Y2JhLTcwODMtNDhmMy04MjgwLWFkOTBiYzNiZWU1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDACjANBgkqhkiG9w0BAQsFAAOCAQEAhKDaW/S1uo92+WiDkDOXuE21V1Eq
O7+ErqBcGnitfuFyKDlfvfr5IEE8tAGMkiH9WxxPvgLWdHILF0rXkQuvB84LHGCb
BOCJShflGXv9YB4j51FkAOHS9cz0pfHjamNrpUIC+FH0ui+3PCAghSu/DugeiUp8
MRG6LsFLtbvq6VB3DjhiQWCwRR7+KuMXm3Se6nMq387pdJm2GGK+BvBLdhH02gEQ
3Apblx3hX7h7BaBfypirdJqHT4kqo8m+KvrbepsUtSHgBW6B735zrHaVcA76qT9x
QdN3VThuZFuDRdG+VnJ52hu55JvN9dRacXhWcHktO5bEnFswhseu8j4ghQ==
-----END CERTIFICATE-----