Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bab8791a-2a38-491e-93b8-620d86339e11.roa
File:                     bab8791a-2a38-491e-93b8-620d86339e11.roa (raw, json)
Hash identifier:          Mk3mFCmk8j8BQWFrCpa+XIXKhBafSeM2nuiK1ZbLQlg=
Subject key identifier:   1F:9B:7D:C1:54:6C:73:58:6B:9F:55:FE:E3:E2:5B:74:E8:54:D2:51
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       563FD8C89F6DBF3C89D5E18C1DBF1ECA216B6DAC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bab8791a-2a38-491e-93b8-620d86339e11.roa
Signing time:             Fri 31 Oct 2025 01:01:23 +0000
ROA not before:           Fri 31 Oct 2025 01:01:23 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.144.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:3f:d8:c8:9f:6d:bf:3c:89:d5:e1:8c:1d:bf:1e:ca:21:6b:6d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:01:23 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=a3f0e12dc32471e4c3eb41d18d4cd92df9d3f6467d7863b858a85c51389af48c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6e:03:2a:e6:ca:2e:96:f8:f0:86:00:fe:46:
                    9f:fe:fb:54:ee:69:d8:15:ee:02:12:b3:c6:42:f2:
                    d6:37:98:26:ab:27:6f:c0:88:eb:b3:fc:d7:50:d9:
                    6d:3d:a4:65:2e:2e:2e:9d:bf:8a:44:ea:61:08:39:
                    17:3c:c0:17:24:52:58:24:72:c6:01:ab:4e:ad:d3:
                    1e:42:31:a9:a5:c6:e0:7f:cc:a8:f3:da:83:12:c9:
                    62:84:ff:7f:75:d7:98:aa:8a:4b:57:a2:78:88:b4:
                    d9:4e:5a:ef:0e:25:d5:75:70:6d:34:73:ec:63:bf:
                    f1:54:f3:87:37:45:fb:b5:a9:54:d9:f1:51:d9:73:
                    de:42:c9:ac:e5:86:18:d0:ac:07:42:cc:ad:31:2d:
                    1e:b8:4e:35:4f:03:81:2e:2b:5d:9b:44:3c:6d:3c:
                    ca:69:0b:6e:68:aa:6e:0c:4e:c4:cc:4f:64:09:c4:
                    67:01:1a:b8:7e:8a:9b:eb:c5:35:87:f3:1e:11:e1:
                    5d:79:65:55:13:6d:ee:4c:7c:f0:3e:7f:b8:2d:a7:
                    55:95:02:69:73:5e:09:b8:c9:c7:bd:00:d5:fa:e9:
                    ce:d5:0e:52:a6:89:77:bf:76:c5:84:4d:d8:c9:af:
                    42:92:b1:0b:0f:20:b8:21:cb:f3:a3:06:90:ba:16:
                    df:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:9B:7D:C1:54:6C:73:58:6B:9F:55:FE:E3:E2:5B:74:E8:54:D2:51
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bab8791a-2a38-491e-93b8-620d86339e11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.144.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:a5:2d:87:46:f2:c3:f2:07:f8:a0:9f:af:5a:57:2e:6f:b6:
         d6:df:c0:96:28:f0:cc:c7:91:59:4f:43:e3:3b:b5:af:25:7f:
         62:73:46:e6:6c:f9:27:2c:74:ed:06:28:d1:ba:91:5b:32:45:
         78:24:9d:34:30:37:d2:cb:66:89:9c:e3:72:b5:53:8b:aa:7a:
         d8:14:6a:7f:45:dd:94:d1:4e:92:fa:de:2a:b0:a8:65:9f:ef:
         5c:05:c7:39:36:25:eb:ae:05:70:c0:50:0f:66:3a:98:17:27:
         5a:d0:2c:bf:34:38:f4:26:91:ef:b9:23:e9:2c:83:59:b0:bd:
         68:f4:0a:c3:2a:a8:b1:b3:d9:6f:d3:d3:ed:88:c4:70:ba:bf:
         c9:8b:04:3e:24:f3:bf:aa:5c:16:92:e2:47:43:25:80:83:30:
         0e:40:22:56:f4:60:95:43:52:06:b3:aa:58:78:f2:21:cb:ce:
         46:65:46:c5:0b:88:32:a1:cb:ae:74:28:c4:bc:60:ff:2d:8b:
         20:2e:71:a5:43:1f:fd:47:2b:bf:cf:bf:8c:a0:b2:1c:36:c8:
         d8:81:b3:7a:28:b7:6d:0f:8f:df:5d:2f:14:92:9c:f2:5b:e5:
         10:0e:8c:4f:f7:bc:b8:cc:11:26:5e:68:60:46:cd:1d:ea:87:
         9b:50:0d:79
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVj/YyJ9tvzyJ1eGMHb8eyiFrbawwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMTIzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2YwZTEyZGMzMjQ3MWU0YzNlYjQxZDE4ZDRjZDkyZGY5
ZDNmNjQ2N2Q3ODYzYjg1OGE4NWM1MTM4OWFmNDhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQbgMq5soulvjwhgD+Rp/++1TuadgV7gISs8ZC8tY3mCar
J2/AiOuz/NdQ2W09pGUuLi6dv4pE6mEIORc8wBckUlgkcsYBq06t0x5CMamlxuB/
zKjz2oMSyWKE/39115iqiktXoniItNlOWu8OJdV1cG00c+xjv/FU84c3Rfu1qVTZ
8VHZc95CyazlhhjQrAdCzK0xLR64TjVPA4EuK12bRDxtPMppC25oqm4MTsTMT2QJ
xGcBGrh+ipvrxTWH8x4R4V15ZVUTbe5MfPA+f7gtp1WVAmlzXgm4yce9ANX66c7V
DlKmiXe/dsWETdjJr0KSsQsPILghy/OjBpC6Ft9pAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUH5t9wVRsc1hrn1X+4+JbdOhU0lEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhYjg3OTFhLTJhMzgtNDkxZS05M2I4LTYyMGQ4NjMzOWUxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwANkDANBgkqhkiG9w0BAQsFAAOCAQEAK6Uth0byw/IH+KCfr1pXLm+21t/A
lijwzMeRWU9D4zu1ryV/YnNG5mz5Jyx07QYo0bqRWzJFeCSdNDA30stmiZzjcrVT
i6p62BRqf0XdlNFOkvreKrCoZZ/vXAXHOTYl664FcMBQD2Y6mBcnWtAsvzQ49CaR
77kj6SyDWbC9aPQKwyqosbPZb9PT7YjEcLq/yYsEPiTzv6pcFpLiR0MlgIMwDkAi
VvRglUNSBrOqWHjyIcvORmVGxQuIMqHLrnQoxLxg/y2LIC5xpUMf/Ucrv8+/jKCy
HDbI2IGzeii3bQ+P310vFJKc8lvlEA6MT/e8uMwRJl5oYEbNHeqHm1ANeQ==
-----END CERTIFICATE-----