Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f98c6682-15ea-4f71-9c0e-97127590dea1.roa
File:                     f98c6682-15ea-4f71-9c0e-97127590dea1.roa (raw, json)
Hash identifier:          mDIDge4wFSivn56XEJ86fDioeP7WmKbHIb41l+rbiJc=
Subject key identifier:   0A:C0:76:78:D8:C8:73:93:6E:1E:D7:DA:9B:62:EC:2E:11:F0:0D:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5049EF112A40E2543395F988BE3B438B1C432992
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f98c6682-15ea-4f71-9c0e-97127590dea1.roa
Signing time:             Tue 28 Oct 2025 00:51:31 +0000
ROA not before:           Tue 28 Oct 2025 00:51:31 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.176.0.0/14 maxlen: 14
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:49:ef:11:2a:40:e2:54:33:95:f9:88:be:3b:43:8b:1c:43:29:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:51:31 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=900df44d4fb93a48649788c755c9544ee0bf27db081bb6a7e7663fbcd3cedff7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e6:56:a1:b6:b3:96:eb:e3:85:a7:97:4b:3c:
                    66:d5:5b:30:90:82:08:4a:66:39:7b:92:38:ff:69:
                    57:92:bd:0e:28:a9:81:08:48:6f:8a:c7:e4:71:98:
                    35:05:cf:a6:d9:f7:ed:a8:f6:01:8f:52:2f:99:5d:
                    35:6c:3f:8b:34:99:c8:f3:30:ba:bf:cc:ae:72:67:
                    80:53:5e:1d:94:6c:e6:91:13:7d:61:6c:72:c7:4d:
                    6f:89:41:40:2f:e3:8d:27:42:c5:57:8c:ea:26:71:
                    01:fd:b4:b4:be:ed:c9:68:64:d0:4a:69:16:17:2b:
                    ce:0c:de:c1:c1:99:71:95:fb:00:eb:2a:c1:a2:fe:
                    3e:42:77:58:53:10:4f:2a:36:d0:4f:04:0a:30:e2:
                    f8:30:a3:7b:af:56:98:eb:90:22:d8:ed:79:96:3a:
                    ba:3f:05:08:ce:98:41:5e:72:44:17:41:ed:47:b8:
                    75:7e:f0:f3:01:81:05:6c:35:79:46:d1:d1:ca:00:
                    d4:8c:4f:73:ca:98:d5:77:60:6e:e4:ec:8a:d6:e7:
                    0f:55:48:88:df:f8:1f:c6:81:fd:01:9f:af:3e:9d:
                    19:b4:1e:64:a3:e4:70:9e:64:57:e2:0a:c4:56:9d:
                    6c:07:52:8b:ec:f2:d4:a0:47:a4:38:68:5e:da:f9:
                    3b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:C0:76:78:D8:C8:73:93:6E:1E:D7:DA:9B:62:EC:2E:11:F0:0D:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f98c6682-15ea-4f71-9c0e-97127590dea1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.176.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         a8:1a:7a:62:92:1c:55:c2:cc:84:ea:ef:a4:d6:eb:a9:ad:c0:
         8a:3b:6c:68:23:8f:54:6e:38:35:bb:8f:59:a1:1e:a3:bb:b9:
         99:1a:47:49:f8:b6:d6:f1:d8:7f:ee:65:6a:a4:9c:92:e5:58:
         c1:8a:96:b1:25:25:b9:c5:69:ca:9e:1f:5c:a6:ee:90:5f:82:
         f4:fe:9d:b1:73:3f:3f:11:cc:90:9a:46:fe:e2:78:cb:a9:28:
         91:33:a9:ff:a2:87:a8:ec:9d:4e:f6:5f:89:53:cf:e4:aa:af:
         b7:c6:b6:20:96:e6:93:f7:7c:5c:13:d6:68:82:45:7d:b2:cd:
         38:b7:02:a7:0f:a5:97:98:01:4e:ef:6a:c9:5d:f5:43:20:3f:
         17:d9:f4:99:9d:e2:c5:b7:66:4a:3f:0a:a0:02:27:32:01:9d:
         d9:16:e5:2e:6e:f5:d9:4d:ab:38:b3:e6:c7:39:47:73:8c:b2:
         16:4e:dd:43:d5:d9:78:83:70:2c:b0:e3:99:bb:ce:c7:a9:7c:
         c2:5e:b4:74:54:05:e3:0e:18:9d:0d:95:d6:cd:58:26:a2:1b:
         f4:df:3a:eb:2d:d1:2d:16:37:51:f3:95:d7:55:e6:9b:0a:a0:
         72:54:57:8a:dc:2b:6e:a8:89:f7:aa:a1:bf:1b:06:b3:27:ee:
         36:aa:db:eb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUEnvESpA4lQzlfmIvjtDixxDKZIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA1MTMxWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDBkZjQ0ZDRmYjkzYTQ4NjQ5Nzg4Yzc1NWM5NTQ0ZWUw
YmYyN2RiMDgxYmI2YTdlNzY2M2ZiY2QzY2VkZmY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDA5lahtrOW6+OFp5dLPGbVWzCQgghKZjl7kjj/aVeSvQ4o
qYEISG+Kx+RxmDUFz6bZ9+2o9gGPUi+ZXTVsP4s0mcjzMLq/zK5yZ4BTXh2UbOaR
E31hbHLHTW+JQUAv440nQsVXjOomcQH9tLS+7cloZNBKaRYXK84M3sHBmXGV+wDr
KsGi/j5Cd1hTEE8qNtBPBAow4vgwo3uvVpjrkCLY7XmWOro/BQjOmEFeckQXQe1H
uHV+8PMBgQVsNXlG0dHKANSMT3PKmNV3YG7k7IrW5w9VSIjf+B/Ggf0Bn68+nRm0
HmSj5HCeZFfiCsRWnWwHUovs8tSgR6Q4aF7a+TvdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCsB2eNjIc5NuHtfam2LsLhHwDbowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5OGM2NjgyLTE1ZWEtNGY3MS05YzBlLTk3MTI3NTkwZGVhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwI/sDANBgkqhkiG9w0BAQsFAAOCAQEAqBp6YpIcVcLMhOrvpNbrqa3Aijts
aCOPVG44NbuPWaEeo7u5mRpHSfi21vHYf+5laqSckuVYwYqWsSUlucVpyp4fXKbu
kF+C9P6dsXM/PxHMkJpG/uJ4y6kokTOp/6KHqOydTvZfiVPP5Kqvt8a2IJbmk/d8
XBPWaIJFfbLNOLcCpw+ll5gBTu9qyV31QyA/F9n0mZ3ixbdmSj8KoAInMgGd2Rbl
Lm712U2rOLPmxzlHc4yyFk7dQ9XZeINwLLDjmbvOx6l8wl60dFQF4w4YnQ2V1s1Y
JqIb9N866y3RLRY3UfOV11XmmwqgclRXitwrbqiJ96qhvxsGsyfuNqrb6w==
-----END CERTIFICATE-----