Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa
File:                     ef392e95-5697-4675-a401-25d090055bed.roa (raw, json)
Hash identifier:          IhHjesRB0kdBEeoGdd5rAlZnKCnJPTxyh9HuM73v/Ic=
Subject key identifier:   83:86:7A:A3:18:A7:B7:7D:D4:ED:9F:04:21:F7:98:45:1A:97:4E:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FF3F9D5AE658615FE2BDFFC95CB21ABDF639F0D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa
Signing time:             Wed 05 Nov 2025 00:10:49 +0000
ROA not before:           Wed 05 Nov 2025 00:10:49 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.87.208.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f3:f9:d5:ae:65:86:15:fe:2b:df:fc:95:cb:21:ab:df:63:9f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:10:49 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=9163cfb475e6ee2fd62e70c960638a16a877c09d6a7563649869504c31e193a1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fc:de:d2:14:b7:a9:33:6b:a6:e2:cd:0c:83:
                    7d:20:49:22:d8:35:29:28:47:4a:e7:e7:e2:0d:e5:
                    41:ec:16:89:ca:b7:b1:11:6a:9e:6b:6e:40:78:04:
                    fb:de:89:e0:6f:ca:67:a5:f0:ed:58:36:cf:22:52:
                    a0:3a:e9:a1:df:31:20:e0:70:39:1c:67:b8:fe:d8:
                    95:97:39:f1:2b:ea:04:c2:e9:04:f7:b1:c0:38:9a:
                    d1:cb:0a:cf:5c:bc:b4:63:28:88:4e:f0:40:ae:e0:
                    f9:49:47:92:e0:47:cd:54:3e:80:1b:30:99:62:d2:
                    c2:a7:7c:7f:00:2a:89:d5:bd:a1:20:9e:d5:65:06:
                    64:cb:45:ab:d6:59:ff:ef:12:a8:4a:2e:b8:72:01:
                    a4:78:3b:ea:70:14:80:b6:aa:8d:95:08:93:b3:0b:
                    63:8c:a7:50:19:c2:e1:3a:0a:34:89:16:e4:82:85:
                    a0:8c:bf:d8:c7:ba:40:d9:b7:e8:34:27:ca:78:bd:
                    9a:72:15:1d:d7:09:19:b6:47:f3:cf:88:c6:d5:bd:
                    b3:f7:94:b2:04:91:7e:3a:cd:81:9a:db:59:19:84:
                    13:89:d8:69:ef:75:db:ed:06:75:df:12:f0:b4:61:
                    ad:4c:09:a6:f7:e3:82:8b:f3:1e:d0:50:25:12:51:
                    c1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:86:7A:A3:18:A7:B7:7D:D4:ED:9F:04:21:F7:98:45:1A:97:4E:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.87.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         af:56:19:a8:20:8b:63:af:67:e5:d6:4f:be:31:b5:90:66:68:
         35:74:b9:81:d8:35:d9:c1:45:08:f1:9e:ff:27:56:29:d6:12:
         93:cc:cb:3b:c3:46:31:98:40:7e:5a:b1:0a:21:31:8c:5d:ab:
         da:30:a9:2d:34:c3:e0:bc:a7:47:b6:74:59:5e:4d:2c:2f:56:
         d5:b7:1b:e5:bf:b6:88:22:05:5b:6f:59:48:d7:06:71:9e:47:
         e9:05:f7:17:01:c6:f6:21:23:6a:8d:b8:8b:42:85:42:09:4d:
         47:3f:ff:f5:0c:5c:75:7b:6b:e0:f7:0c:a8:bb:d4:5e:2c:ec:
         35:86:9a:cf:dd:cc:cc:4a:18:3a:4c:63:88:61:fe:d2:fc:b7:
         20:7f:f0:7d:75:e4:77:86:77:82:99:1f:e7:12:55:fa:b8:a1:
         52:c8:e4:f8:d9:3d:9a:cd:70:de:32:d6:02:f3:c6:b3:a7:74:
         eb:18:83:69:7f:58:89:86:51:09:b5:3c:17:86:d5:29:f7:91:
         65:41:17:d0:a8:39:5c:83:8d:2a:c4:b1:97:6b:92:43:9d:bd:
         a2:98:bc:ff:db:34:b3:5e:8e:b6:d8:57:2c:da:59:33:6e:ea:
         80:13:04:d7:aa:0e:b1:9c:37:8d:25:94:1e:fc:72:e4:8d:aa:
         82:02:7e:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP/P51a5lhhX+K9/8lcshq99jnw0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAxMDQ5WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTYzY2ZiNDc1ZTZlZTJmZDYyZTcwYzk2MDYzOGExNmE4
NzdjMDlkNmE3NTYzNjQ5ODY5NTA0YzMxZTE5M2ExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDH/N7SFLepM2um4s0Mg30gSSLYNSkoR0rn5+IN5UHsFonK
t7ERap5rbkB4BPveieBvymel8O1YNs8iUqA66aHfMSDgcDkcZ7j+2JWXOfEr6gTC
6QT3scA4mtHLCs9cvLRjKIhO8ECu4PlJR5LgR81UPoAbMJli0sKnfH8AKonVvaEg
ntVlBmTLRavWWf/vEqhKLrhyAaR4O+pwFIC2qo2VCJOzC2OMp1AZwuE6CjSJFuSC
haCMv9jHukDZt+g0J8p4vZpyFR3XCRm2R/PPiMbVvbP3lLIEkX46zYGa21kZhBOJ
2GnvddvtBnXfEvC0Ya1MCab344KL8x7QUCUSUcGbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUg4Z6oxint33U7Z8EIfeYRRqXTlgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmMzkyZTk1LTU2OTctNDY3NS1hNDAxLTI1ZDA5MDA1NWJlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPYV9AwDQYJKoZIhvcNAQELBQADggEBAK9WGaggi2OvZ+XWT74xtZBmaDV0
uYHYNdnBRQjxnv8nVinWEpPMyzvDRjGYQH5asQohMYxdq9owqS00w+C8p0e2dFle
TSwvVtW3G+W/togiBVtvWUjXBnGeR+kF9xcBxvYhI2qNuItChUIJTUc///UMXHV7
a+D3DKi71F4s7DWGms/dzMxKGDpMY4hh/tL8tyB/8H115HeGd4KZH+cSVfq4oVLI
5PjZPZrNcN4y1gLzxrOndOsYg2l/WImGUQm1PBeG1Sn3kWVBF9CoOVyDjSrEsZdr
kkOdvaKYvP/bNLNejrbYVyzaWTNu6oATBNeqDrGcN40llB78cuSNqoICfgM=
-----END CERTIFICATE-----