Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b24275-0a40-4f1f-b043-0d914be98547.roa
File:                     d6b24275-0a40-4f1f-b043-0d914be98547.roa (raw, json)
Hash identifier:          Ql4FIwqJB+vmK+h3LD/tpfw0hfAzsHtyes+kk18TDPQ=
Subject key identifier:   93:6B:33:41:2E:E4:50:7B:95:B0:8A:D8:E2:C8:40:EE:F3:C6:88:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D3AD63219C44AF81E358785C387C3031A3BBD94
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b24275-0a40-4f1f-b043-0d914be98547.roa
Signing time:             Sat 25 Oct 2025 00:30:48 +0000
ROA not before:           Sat 25 Oct 2025 00:30:48 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        160.221.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:3a:d6:32:19:c4:4a:f8:1e:35:87:85:c3:87:c3:03:1a:3b:bd:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:30:48 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=cc682682bc6dc08845b60812b8ae88c4c6918dec0e8e83689b5537d4281ff122, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:20:37:30:22:de:58:d1:aa:ff:42:65:d2:06:
                    b0:c5:8b:f3:79:e8:26:75:43:97:8d:3a:b2:99:d5:
                    2e:0b:8c:73:dc:e4:65:d6:fe:d7:a1:f2:8c:d0:94:
                    9e:80:27:20:b1:4c:73:0e:14:ed:62:44:d4:fc:c5:
                    7d:f3:bf:cc:ab:d3:5e:5e:c7:4e:ae:de:1d:ec:b5:
                    61:99:dc:a5:13:c6:35:70:2f:76:4f:8c:55:48:43:
                    fa:7d:be:bb:b4:59:31:cb:25:07:b5:b8:29:9b:9f:
                    8d:b4:d7:d6:16:28:ba:c4:27:5a:fb:57:be:0e:4a:
                    2e:37:b7:04:a1:ea:f0:80:45:64:0f:83:49:1d:00:
                    ca:b8:27:05:50:f1:b0:04:48:49:9b:08:68:ba:eb:
                    17:82:e6:f5:05:49:48:40:00:3d:f7:81:93:bb:d9:
                    03:a7:5a:43:9c:b0:8e:84:56:74:83:fb:8e:70:23:
                    f1:04:41:8e:d0:22:1b:93:26:52:d4:56:c6:9b:4f:
                    e7:ec:3e:2b:c3:b0:86:4a:be:2d:7c:9a:9f:fd:09:
                    6f:4b:13:7a:18:60:9e:c6:80:bd:61:b3:e0:2c:ec:
                    13:5d:e1:ed:2f:e6:39:bd:4c:9c:8c:3f:43:73:99:
                    00:3a:98:af:bf:a9:00:dd:26:f2:3b:e9:23:cb:3f:
                    e0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:6B:33:41:2E:E4:50:7B:95:B0:8A:D8:E2:C8:40:EE:F3:C6:88:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6b24275-0a40-4f1f-b043-0d914be98547.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.221.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         96:da:6c:ff:57:ad:79:6c:0c:ad:19:ad:0e:08:20:9a:5e:83:
         8b:fd:98:57:f9:86:b8:76:12:3a:aa:75:b0:5f:89:71:85:fc:
         be:9f:2b:6f:b8:a1:ca:f5:a1:68:cf:ce:63:c4:f6:c2:94:77:
         5d:ce:21:0c:c5:51:7e:b8:4c:82:9a:62:a1:41:07:2c:a4:34:
         c0:25:9d:aa:00:33:c3:e1:56:b2:dc:f6:86:41:cd:03:ce:6c:
         6f:9c:5e:d8:1e:ad:f6:4d:c8:52:f2:4c:42:7e:b2:d6:9c:06:
         33:d0:df:22:20:e8:a0:99:9c:a3:07:16:b7:e6:8a:69:92:42:
         e9:77:69:2d:7a:be:44:ee:1a:dd:98:d2:b4:b0:a1:bb:78:39:
         76:c1:45:ce:d1:8b:0b:e3:17:63:9e:b1:02:ee:a4:d1:a3:6d:
         b4:25:28:ff:8c:b8:aa:a9:a5:fc:80:3d:e5:f8:84:21:72:aa:
         52:c2:6d:68:4c:f2:7d:85:8a:ab:4d:16:a3:b1:dc:4d:ef:5b:
         ac:42:7d:8b:36:da:cb:a5:c2:2f:bd:9e:69:37:24:4b:69:2f:
         46:fd:e2:b9:c1:0a:e1:0f:61:21:e7:c2:ef:59:89:75:20:a4:
         bc:c8:72:47:89:81:1a:3a:8f:58:5e:90:16:e8:2f:23:96:b7:
         0b:0b:62:02
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfTrWMhnESvgeNYeFw4fDAxo7vZQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAzMDQ4WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzY4MjY4MmJjNmRjMDg4NDViNjA4MTJiOGFlODhjNGM2
OTE4ZGVjMGU4ZTgzNjg5YjU1MzdkNDI4MWZmMTIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCIDcwIt5Y0ar/QmXSBrDFi/N56CZ1Q5eNOrKZ1S4LjHPc
5GXW/teh8ozQlJ6AJyCxTHMOFO1iRNT8xX3zv8yr015ex06u3h3stWGZ3KUTxjVw
L3ZPjFVIQ/p9vru0WTHLJQe1uCmbn42019YWKLrEJ1r7V74OSi43twSh6vCARWQP
g0kdAMq4JwVQ8bAESEmbCGi66xeC5vUFSUhAAD33gZO72QOnWkOcsI6EVnSD+45w
I/EEQY7QIhuTJlLUVsabT+fsPivDsIZKvi18mp/9CW9LE3oYYJ7GgL1hs+As7BNd
4e0v5jm9TJyMP0NzmQA6mK+/qQDdJvI76SPLP+D/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUk2szQS7kUHuVsIrY4shA7vPGiCkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2YjI0Mjc1LTBhNDAtNGYxZi1iMDQzLTBkOTE0YmU5ODU0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCg3TANBgkqhkiG9w0BAQsFAAOCAQEAltps/1eteWwMrRmtDgggml6Di/2Y
V/mGuHYSOqp1sF+JcYX8vp8rb7ihyvWhaM/OY8T2wpR3Xc4hDMVRfrhMgppioUEH
LKQ0wCWdqgAzw+FWstz2hkHNA85sb5xe2B6t9k3IUvJMQn6y1pwGM9DfIiDooJmc
owcWt+aKaZJC6XdpLXq+RO4a3ZjStLChu3g5dsFFztGLC+MXY56xAu6k0aNttCUo
/4y4qqml/IA95fiEIXKqUsJtaEzyfYWKq00Wo7HcTe9brEJ9izbay6XCL72eaTck
S2kvRv3iucEK4Q9hIefC71mJdSCkvMhyR4mBGjqPWF6QFugvI5a3CwtiAg==
-----END CERTIFICATE-----