Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f9362-416a-4738-b87e-2238ade2ae31.roa
File:                     c57f9362-416a-4738-b87e-2238ade2ae31.roa (raw, json)
Hash identifier:          CXrFgwgrAkLZC6KWitShp9w+sbW5r1VusmsiJVoxeKc=
Subject key identifier:   15:62:17:EF:D1:BF:12:65:52:CE:13:75:CE:F9:03:93:FE:02:63:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0C35F97A398CC8142963B3674E64AAE17D96CBC8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f9362-416a-4738-b87e-2238ade2ae31.roa
Signing time:             Fri 31 Oct 2025 21:38:31 +0000
ROA not before:           Fri 31 Oct 2025 21:38:31 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        166.117.208.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:35:f9:7a:39:8c:c8:14:29:63:b3:67:4e:64:aa:e1:7d:96:cb:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 21:38:31 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=8d51da5323424ecca64b2ff23fe35556d002a856edb50c21241b51182cad5c06, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ab:c0:00:a5:89:f8:89:20:8e:2b:bd:1c:50:
                    0c:be:f3:fc:65:48:f1:39:c5:da:38:b0:59:b2:69:
                    34:21:61:49:68:e7:60:de:17:14:9c:88:9a:9e:33:
                    8d:1b:69:fd:cf:cb:7d:9f:19:bf:9c:26:d6:6f:cf:
                    04:63:8a:0a:5f:6a:2d:38:8d:ff:10:05:c6:fd:ec:
                    02:c5:3c:4f:03:2b:1b:e5:cc:48:db:dd:16:7e:1e:
                    c3:d7:df:76:66:f8:d1:ca:9f:e0:b0:6f:39:a4:e0:
                    a0:58:d0:ee:12:47:a7:62:e2:fd:75:be:f8:bb:e7:
                    8c:dd:37:6b:b6:66:4c:94:85:97:c8:2e:87:b6:21:
                    ac:d9:c3:09:d7:28:33:92:65:05:10:a6:ac:1a:1f:
                    32:fe:24:86:a0:4f:89:11:3e:fc:08:ba:bc:d8:a1:
                    b5:7b:c2:6b:5d:61:80:ec:68:15:a4:cb:d3:d0:93:
                    93:d7:e6:ce:6e:24:10:d7:16:71:be:29:9b:e5:cf:
                    af:fb:0e:71:59:55:b6:aa:d8:44:92:2e:60:ee:20:
                    4a:11:82:7a:24:b7:b3:22:de:6f:23:39:17:96:db:
                    af:d2:58:81:42:6a:0d:e2:e9:22:14:a8:e7:5d:fd:
                    65:c2:f7:3a:d8:28:ea:b0:8f:f3:d1:4e:0b:34:de:
                    11:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:62:17:EF:D1:BF:12:65:52:CE:13:75:CE:F9:03:93:FE:02:63:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f9362-416a-4738-b87e-2238ade2ae31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.117.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         12:a3:3c:ce:c0:e0:02:3b:52:c3:59:3a:b2:6b:8b:71:56:1b:
         62:d6:01:1e:94:00:90:9b:bc:59:a7:3f:57:72:9e:15:59:14:
         bf:fc:1c:be:67:2a:f1:f3:71:d7:b8:d1:40:05:e3:8c:7b:91:
         be:23:a1:63:f4:34:12:98:f6:af:a9:23:1b:3b:32:f1:b5:50:
         10:27:9e:66:c0:00:d5:56:72:26:b2:1e:94:1e:58:6d:0a:a3:
         e8:1c:b0:8f:2e:ce:11:5c:71:17:28:d2:21:f3:92:57:41:48:
         72:f7:d6:9b:2c:72:13:96:d5:db:4b:7e:31:6b:76:cb:c5:53:
         71:75:d2:54:94:ff:7e:7a:0f:24:a2:12:89:4c:70:b5:8d:79:
         05:09:83:2a:e5:00:a5:7c:f7:b9:6e:14:cb:cd:02:f0:02:ab:
         1f:75:22:7f:56:a8:75:58:00:a0:df:f6:f9:6a:e1:6d:59:3e:
         e6:dc:8f:45:e2:6d:d7:c1:95:60:f4:3c:a1:06:e2:4f:f0:35:
         77:19:ce:38:4d:b8:8a:0a:b1:64:88:a2:71:b9:96:0f:84:fc:
         76:f7:ce:81:95:66:8e:0b:98:77:89:7b:80:20:d2:d0:ab:b0:
         3d:19:aa:75:7a:93:01:d7:3f:50:54:a8:f0:28:4a:1d:e0:37:
         e1:0c:0c:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDDX5ejmMyBQpY7NnTmSq4X2Wy8gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMjEzODMxWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDUxZGE1MzIzNDI0ZWNjYTY0YjJmZjIzZmUzNTU1NmQw
MDJhODU2ZWRiNTBjMjEyNDFiNTExODJjYWQ1YzA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhq8AApYn4iSCOK70cUAy+8/xlSPE5xdo4sFmyaTQhYUlo
52DeFxSciJqeM40baf3Py32fGb+cJtZvzwRjigpfai04jf8QBcb97ALFPE8DKxvl
zEjb3RZ+HsPX33Zm+NHKn+Cwbzmk4KBY0O4SR6di4v11vvi754zdN2u2ZkyUhZfI
Loe2IazZwwnXKDOSZQUQpqwaHzL+JIagT4kRPvwIurzYobV7wmtdYYDsaBWky9PQ
k5PX5s5uJBDXFnG+KZvlz6/7DnFZVbaq2ESSLmDuIEoRgnokt7Mi3m8jOReW26/S
WIFCag3i6SIUqOdd/WXC9zrYKOqwj/PRTgs03hG9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFWIX79G/EmVSzhN1zvkDk/4CY0owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1N2Y5MzYyLTQxNmEtNDczOC1iODdlLTIyMzhhZGUyYWUzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASmddAwDQYJKoZIhvcNAQELBQADggEBABKjPM7A4AI7UsNZOrJri3FWG2LW
AR6UAJCbvFmnP1dynhVZFL/8HL5nKvHzcde40UAF44x7kb4joWP0NBKY9q+pIxs7
MvG1UBAnnmbAANVWciayHpQeWG0Ko+gcsI8uzhFccRco0iHzkldBSHL31psschOW
1dtLfjFrdsvFU3F10lSU/356DySiEolMcLWNeQUJgyrlAKV897luFMvNAvACqx91
In9WqHVYAKDf9vlq4W1ZPubcj0XibdfBlWD0PKEG4k/wNXcZzjhNuIoKsWSIonG5
lg+E/Hb3zoGVZo4LmHeJe4Ag0tCrsD0ZqnV6kwHXP1BUqPAoSh3gN+EMDCc=
-----END CERTIFICATE-----