Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c22f83f9-6806-4731-9ee7-da3a022533e2.roa
File:                     c22f83f9-6806-4731-9ee7-da3a022533e2.roa (raw, json)
Hash identifier:          o3EnORIVpV8Fj7adNcVQcvXC+E32VL9fRCyg109+Ano=
Subject key identifier:   67:23:8B:03:B1:FD:B8:5E:13:A8:FE:EE:BC:20:03:F8:AF:9E:81:5D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6DD23C3FB06514710468E8F01D3896EE699FF143
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c22f83f9-6806-4731-9ee7-da3a022533e2.roa
Signing time:             Sat 25 Oct 2025 00:30:49 +0000
ROA not before:           Sat 25 Oct 2025 00:30:49 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        170.15.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:d2:3c:3f:b0:65:14:71:04:68:e8:f0:1d:38:96:ee:69:9f:f1:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:30:49 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=5c748fc0d677460be2f164131ecfc71060f4246339b88c78ac9f406fbf150aaf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:91:7d:4a:4f:26:80:42:0b:a2:05:50:c6:72:
                    10:19:e4:dc:b6:ae:f8:c6:5f:cd:e7:24:8b:5b:19:
                    3c:c2:9b:14:97:ed:63:2c:bb:ec:bb:5d:7c:77:ad:
                    1a:f0:11:e2:5f:89:20:eb:c0:b1:34:b9:67:7a:47:
                    25:5d:f7:e5:de:ab:74:de:4d:ec:d7:c8:9c:38:8e:
                    41:cf:be:8b:5b:97:63:2d:ea:1b:62:b2:2b:f8:31:
                    a7:26:a3:c7:08:a7:3a:63:d0:6c:2a:02:8c:9e:a5:
                    b5:e8:ea:92:66:a8:c1:b2:8c:f3:21:59:89:20:57:
                    22:42:2b:6e:c8:69:36:dd:32:7f:f5:d5:b6:d1:8f:
                    9c:f9:02:bb:c8:5c:79:4c:40:e8:91:dc:ff:e2:32:
                    93:30:bb:9b:5c:cc:31:4a:06:be:8a:61:33:62:ab:
                    f9:d1:cb:de:d1:18:b5:49:fd:19:1e:e5:12:8f:dd:
                    ec:a0:c7:d8:5d:cd:3b:99:ca:b1:56:09:b2:4f:59:
                    eb:57:81:57:77:c1:8d:e1:78:20:f5:ef:de:33:53:
                    54:cf:a4:ca:25:3f:96:e8:3b:b6:53:b6:98:76:aa:
                    28:c8:6d:54:a9:5a:73:c7:42:61:9f:8f:93:41:d8:
                    f4:59:7d:73:ab:99:8b:88:63:12:98:d6:6d:ce:66:
                    2c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:23:8B:03:B1:FD:B8:5E:13:A8:FE:EE:BC:20:03:F8:AF:9E:81:5D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c22f83f9-6806-4731-9ee7-da3a022533e2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.15.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b1:85:50:65:e0:58:dc:f8:90:70:25:4a:ed:aa:59:77:1e:e2:
         fe:33:88:e6:85:78:a3:d3:ac:bf:25:3b:69:06:1e:07:06:20:
         30:f6:29:d9:21:17:e2:f3:05:72:b8:4b:09:48:e0:45:9c:be:
         da:99:4d:2a:30:1f:fc:b8:75:8c:a1:44:cb:6d:2d:c6:3b:ca:
         a8:c1:cc:a3:c7:f1:22:ca:40:17:bd:08:a6:14:6e:f7:bb:5a:
         15:be:6b:27:3f:6f:0a:bd:af:33:94:c8:d1:4d:bc:e9:20:a2:
         9d:8d:27:1c:e4:bf:97:aa:f8:47:da:ea:57:ab:d6:21:b0:6b:
         6a:99:30:dc:c1:3a:da:45:94:f9:9b:c0:6b:0e:b5:e2:2f:85:
         ea:6d:66:a3:d5:fb:10:9c:12:59:17:8c:a9:a9:ed:3c:47:93:
         05:65:fb:98:63:6a:91:93:e9:6d:6c:73:87:b0:29:04:6b:c8:
         9b:87:bf:c3:3b:f8:16:d0:13:04:2e:91:78:a7:a3:c9:78:fd:
         0d:08:55:2f:ec:60:84:72:87:31:68:2e:89:d0:58:9b:5e:5a:
         cb:34:68:c3:94:c8:d7:9a:72:23:4a:80:ed:51:84:8f:e1:5e:
         89:8b:28:71:f7:59:44:8d:7a:81:6f:ec:b2:c1:b1:14:4a:dd:
         82:56:31:03
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbdI8P7BlFHEEaOjwHTiW7mmf8UMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAzMDQ5WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Yzc0OGZjMGQ2Nzc0NjBiZTJmMTY0MTMxZWNmYzcxMDYw
ZjQyNDYzMzliODhjNzhhYzlmNDA2ZmJmMTUwYWFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCskX1KTyaAQguiBVDGchAZ5Ny2rvjGX83nJItbGTzCmxSX
7WMsu+y7XXx3rRrwEeJfiSDrwLE0uWd6RyVd9+Xeq3TeTezXyJw4jkHPvotbl2Mt
6htisiv4Macmo8cIpzpj0GwqAoyepbXo6pJmqMGyjPMhWYkgVyJCK27IaTbdMn/1
1bbRj5z5ArvIXHlMQOiR3P/iMpMwu5tczDFKBr6KYTNiq/nRy97RGLVJ/Rke5RKP
3eygx9hdzTuZyrFWCbJPWetXgVd3wY3heCD1794zU1TPpMolP5boO7ZTtph2qijI
bVSpWnPHQmGfj5NB2PRZfXOrmYuIYxKY1m3OZiyJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZyOLA7H9uF4TqP7uvCAD+K+egV0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyMmY4M2Y5LTY4MDYtNDczMS05ZWU3LWRhM2EwMjI1MzNlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCqDzANBgkqhkiG9w0BAQsFAAOCAQEAsYVQZeBY3PiQcCVK7apZdx7i/jOI
5oV4o9OsvyU7aQYeBwYgMPYp2SEX4vMFcrhLCUjgRZy+2plNKjAf/Lh1jKFEy20t
xjvKqMHMo8fxIspAF70IphRu97taFb5rJz9vCr2vM5TI0U286SCinY0nHOS/l6r4
R9rqV6vWIbBrapkw3ME62kWU+ZvAaw614i+F6m1mo9X7EJwSWReMqantPEeTBWX7
mGNqkZPpbWxzh7ApBGvIm4e/wzv4FtATBC6ReKejyXj9DQhVL+xghHKHMWguidBY
m15ayzRow5TI15pyI0qA7VGEj+FeiYsocfdZRI16gW/sssGxFErdglYxAw==
-----END CERTIFICATE-----