Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e659df86-5699-4684-b361-7572c40d2a53.roa
File:                     e659df86-5699-4684-b361-7572c40d2a53.roa (raw, json)
Hash identifier:          8JYOvmjLbAClDb34x7DLenO55BedJF63ZNhtXwYeu48=
Subject key identifier:   C0:ED:B7:D6:24:EC:F3:11:48:8D:93:66:8B:C7:53:4E:96:2E:BC:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1F050C4BE35F3A650A519A023CFBA092FB9795A8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e659df86-5699-4684-b361-7572c40d2a53.roa
Signing time:             Fri 31 Oct 2025 21:38:33 +0000
ROA not before:           Fri 31 Oct 2025 21:38:33 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        166.117.32.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:05:0c:4b:e3:5f:3a:65:0a:51:9a:02:3c:fb:a0:92:fb:97:95:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 21:38:33 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=81d0275948e13ccbbb520d34b492a9c0ac254a8c51d7855887810f82e58cd9c9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:89:1d:6f:78:fb:77:93:58:eb:48:60:11:03:
                    b9:84:f8:74:47:0f:78:2c:be:9e:c1:80:f2:a8:d7:
                    58:60:e8:cb:e0:2d:2e:a7:96:64:e9:48:cf:44:ec:
                    ab:39:04:64:7a:d5:67:9c:3a:af:40:27:c5:ff:3f:
                    69:30:cc:ab:1f:e3:ab:7d:27:52:17:89:10:9b:5a:
                    63:97:33:ce:a7:09:26:dd:69:80:de:2d:99:bf:60:
                    34:f2:58:37:11:b8:17:e4:32:7a:fe:a7:31:64:84:
                    be:36:18:80:d4:71:44:6c:a1:7d:40:e2:61:2a:9e:
                    a4:81:35:56:16:92:5a:6c:54:76:1a:46:2e:db:05:
                    96:a7:ce:78:01:42:c8:23:bd:37:59:83:3f:d5:d2:
                    e6:83:00:ff:87:d0:e0:ca:93:09:3c:ba:f2:57:be:
                    29:3a:d9:ae:75:8c:a0:02:ff:76:b9:d2:26:16:e3:
                    cc:2c:59:3a:d9:46:50:94:58:30:f8:b0:8f:40:2f:
                    d0:47:68:1e:d4:17:6c:7f:ff:e6:c4:84:88:db:30:
                    ba:1b:63:99:49:3b:b7:c9:95:a9:0e:7a:da:30:d4:
                    7c:71:a2:9c:41:a8:75:6b:3f:c0:51:5c:4f:ef:fb:
                    73:d6:84:21:ea:69:a3:b4:19:ed:d5:03:d7:87:ff:
                    54:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:ED:B7:D6:24:EC:F3:11:48:8D:93:66:8B:C7:53:4E:96:2E:BC:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e659df86-5699-4684-b361-7572c40d2a53.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.117.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1f:5c:83:2e:99:0c:84:6d:3c:0f:d1:37:ca:37:12:62:8d:a8:
         14:59:de:39:27:d4:65:b6:1a:b7:9d:8c:53:8c:9f:6a:6c:c7:
         a0:9d:34:90:c2:32:97:b2:e1:bc:b8:a5:f4:b4:32:55:58:06:
         34:c5:5c:ba:55:38:5d:b5:d2:b2:4a:f1:d6:57:76:6e:ec:b7:
         ba:f6:d7:45:ee:1d:1c:a3:8a:7c:0b:1c:7c:21:fe:6d:fe:3a:
         60:48:d5:bc:aa:4a:0a:da:30:3e:b8:f2:75:a5:43:da:9d:75:
         2b:9c:e6:68:bf:9b:a5:8b:dc:ab:30:bb:d4:2e:63:f9:a1:d5:
         c9:3c:38:5c:5c:00:42:f5:3d:07:69:c9:4f:3e:3f:7e:fa:20:
         c3:c2:10:87:b0:81:05:01:60:b9:bc:3b:f6:5b:2b:60:46:f4:
         09:f7:fe:58:9d:81:e4:31:7b:e1:ff:69:02:71:81:a0:01:34:
         fe:aa:ac:28:d9:33:03:18:6f:fb:33:14:ee:78:fa:48:00:58:
         07:d2:36:f6:55:0c:d4:01:75:ef:7b:d8:9c:b7:8d:c5:ab:f0:
         93:1b:06:5c:c1:1e:bb:98:bb:88:69:be:3b:35:54:2b:19:45:
         5c:df:ef:72:c7:ec:ce:db:1e:93:23:ba:c1:dd:f9:86:a3:63:
         5d:59:35:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHwUMS+NfOmUKUZoCPPugkvuXlagwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMjEzODMzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MWQwMjc1OTQ4ZTEzY2NiYmI1MjBkMzRiNDkyYTljMGFj
MjU0YThjNTFkNzg1NTg4NzgxMGY4MmU1OGNkOWM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBiR1vePt3k1jrSGARA7mE+HRHD3gsvp7BgPKo11hg6Mvg
LS6nlmTpSM9E7Ks5BGR61WecOq9AJ8X/P2kwzKsf46t9J1IXiRCbWmOXM86nCSbd
aYDeLZm/YDTyWDcRuBfkMnr+pzFkhL42GIDUcURsoX1A4mEqnqSBNVYWklpsVHYa
Ri7bBZanzngBQsgjvTdZgz/V0uaDAP+H0ODKkwk8uvJXvik62a51jKAC/3a50iYW
48wsWTrZRlCUWDD4sI9AL9BHaB7UF2x//+bEhIjbMLobY5lJO7fJlakOetow1Hxx
opxBqHVrP8BRXE/v+3PWhCHqaaO0Ge3VA9eH/1RxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwO231iTs8xFIjZNmi8dTTpYuvKcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U2NTlkZjg2LTU2OTktNDY4NC1iMzYxLTc1NzJjNDBkMmE1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASmdSAwDQYJKoZIhvcNAQELBQADggEBAB9cgy6ZDIRtPA/RN8o3EmKNqBRZ
3jkn1GW2GredjFOMn2psx6CdNJDCMpey4by4pfS0MlVYBjTFXLpVOF210rJK8dZX
dm7st7r210XuHRyjinwLHHwh/m3+OmBI1byqSgraMD648nWlQ9qddSuc5mi/m6WL
3Kswu9QuY/mh1ck8OFxcAEL1PQdpyU8+P376IMPCEIewgQUBYLm8O/ZbK2BG9An3
/lidgeQxe+H/aQJxgaABNP6qrCjZMwMYb/szFO54+kgAWAfSNvZVDNQBde972Jy3
jcWr8JMbBlzBHruYu4hpvjs1VCsZRVzf73LH7M7bHpMjusHd+YajY11ZNQw=
-----END CERTIFICATE-----