Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c519af15-33bf-4884-a6c5-459c9023ad53.roa
File:                     c519af15-33bf-4884-a6c5-459c9023ad53.roa (raw, json)
Hash identifier:          wzHXHS/gvELtuw9vHL7SaU7cGR6I9WH7rKSmERemm04=
Subject key identifier:   07:5F:53:9A:6E:51:AD:CB:E0:64:89:6E:18:9F:92:24:4F:61:98:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68DBA4937FEC5BBBBE9ACD394D0966D4B009C9E9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c519af15-33bf-4884-a6c5-459c9023ad53.roa
Signing time:             Sat 25 Oct 2025 00:31:20 +0000
ROA not before:           Sat 25 Oct 2025 00:31:20 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        199.61.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:db:a4:93:7f:ec:5b:bb:be:9a:cd:39:4d:09:66:d4:b0:09:c9:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:31:20 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=c6296a27a92a26b4e6cab5b0adf37ca732ed10495d08d8a702905904e6f69eae, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a2:7e:31:c8:2c:00:bd:1b:0a:ec:9d:6a:f4:
                    4e:b1:01:10:99:d3:5a:08:b4:33:7f:dd:9e:dc:2e:
                    3f:ea:dc:ec:41:5d:7d:31:7a:a0:e7:73:b2:e5:37:
                    ef:8d:65:0f:7e:69:db:f1:c5:a5:e7:b0:91:c3:a0:
                    c0:8d:b3:64:8d:3c:f5:12:e1:50:21:d8:23:4a:d2:
                    a9:4c:d0:07:4e:c0:51:e4:88:23:7c:c5:6f:44:cc:
                    62:ad:37:e1:e4:bb:dd:08:61:49:e8:03:f2:8e:37:
                    bc:a9:0a:2c:48:a4:76:91:bf:d3:f7:ec:76:f6:89:
                    48:24:3b:65:15:64:22:53:38:dc:b7:0c:8e:7e:8d:
                    05:64:82:a3:fd:3b:e6:7b:fe:fc:ba:86:16:31:9d:
                    89:44:db:5f:5d:b8:d3:81:9c:95:cd:0b:3d:48:8f:
                    b0:82:3a:97:ba:d4:2f:3f:d7:b0:ce:04:c0:35:1f:
                    e0:6b:4e:6f:a6:99:db:0d:62:e9:45:c6:23:32:c3:
                    dc:d5:c1:25:26:91:ce:80:e3:ce:38:86:ac:38:4c:
                    aa:e6:a8:e3:24:f8:6e:80:6d:d8:4e:b1:08:38:7a:
                    b7:2d:25:c9:53:a3:39:11:1a:5a:0e:7d:e3:1d:8c:
                    98:e6:1a:98:ad:57:13:8b:36:7a:64:53:65:4c:e7:
                    d7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:5F:53:9A:6E:51:AD:CB:E0:64:89:6E:18:9F:92:24:4F:61:98:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c519af15-33bf-4884-a6c5-459c9023ad53.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.61.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2f:69:a4:73:39:ef:d9:76:19:7d:98:f2:28:eb:63:bd:80:5c:
         f8:e6:fa:e8:94:15:03:f6:f7:60:c5:da:a4:bc:63:92:f7:e9:
         09:09:c6:fc:b0:e0:19:3f:80:5d:3f:fa:4d:8a:4b:23:c9:d2:
         3a:e4:f9:f7:27:5e:b8:94:e4:74:66:e2:41:3e:95:05:54:d3:
         ff:db:3c:e7:64:cb:88:44:cf:32:fa:9b:35:df:a7:98:45:02:
         74:a4:c2:d4:e0:13:54:95:25:ce:2a:46:65:88:1b:da:6f:26:
         06:0d:2e:80:fd:e3:b9:0b:2b:93:59:e6:be:27:9e:11:5b:06:
         b8:1a:fd:3b:4b:e5:f6:2c:1f:ff:bf:47:06:dd:ca:c0:6c:d6:
         8e:77:e8:fd:0a:8b:c5:8f:73:21:f0:f6:4d:58:78:a8:a5:68:
         0a:b3:ed:e8:e2:e2:08:65:04:20:33:ee:29:d8:aa:03:75:c9:
         9f:ff:14:1c:7b:fe:60:ee:12:ef:5e:70:f1:60:cc:ca:51:3e:
         8e:e1:d1:19:90:38:7e:b6:8f:25:b1:3f:03:07:a9:21:f8:2c:
         f0:fa:d8:87:fb:f4:06:b3:e7:26:6f:31:9e:64:b4:aa:2a:dc:
         78:10:ab:b8:84:60:98:47:75:8a:77:25:56:77:4a:0c:84:d5:
         a1:df:ba:03
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaNukk3/sW7u+ms05TQlm1LAJyekwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAzMTIwWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjI5NmEyN2E5MmEyNmI0ZTZjYWI1YjBhZGYzN2NhNzMy
ZWQxMDQ5NWQwOGQ4YTcwMjkwNTkwNGU2ZjY5ZWFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNon4xyCwAvRsK7J1q9E6xARCZ01oItDN/3Z7cLj/q3OxB
XX0xeqDnc7LlN++NZQ9+advxxaXnsJHDoMCNs2SNPPUS4VAh2CNK0qlM0AdOwFHk
iCN8xW9EzGKtN+Hku90IYUnoA/KON7ypCixIpHaRv9P37Hb2iUgkO2UVZCJTONy3
DI5+jQVkgqP9O+Z7/vy6hhYxnYlE219duNOBnJXNCz1Ij7CCOpe61C8/17DOBMA1
H+BrTm+mmdsNYulFxiMyw9zVwSUmkc6A4844hqw4TKrmqOMk+G6AbdhOsQg4erct
JclTozkRGloOfeMdjJjmGpitVxOLNnpkU2VM59dJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUB19Tmm5RrcvgZIluGJ+SJE9hmCUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1MTlhZjE1LTMzYmYtNDg4NC1hNmM1LTQ1OWM5MDIzYWQ1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDHPTANBgkqhkiG9w0BAQsFAAOCAQEAL2mkcznv2XYZfZjyKOtjvYBc+Ob6
6JQVA/b3YMXapLxjkvfpCQnG/LDgGT+AXT/6TYpLI8nSOuT59ydeuJTkdGbiQT6V
BVTT/9s852TLiETPMvqbNd+nmEUCdKTC1OATVJUlzipGZYgb2m8mBg0ugP3juQsr
k1nmvieeEVsGuBr9O0vl9iwf/79HBt3KwGzWjnfo/QqLxY9zIfD2TVh4qKVoCrPt
6OLiCGUEIDPuKdiqA3XJn/8UHHv+YO4S715w8WDMylE+juHRGZA4fraPJbE/Awep
Ifgs8PrYh/v0BrPnJm8xnmS0qirceBCruIRgmEd1inclVndKDITVod+6Aw==
-----END CERTIFICATE-----