Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feb67440-ac4a-462e-8b15-5450c649275e.roa
File:                     feb67440-ac4a-462e-8b15-5450c649275e.roa (raw, json)
Hash identifier:          HSfE0YNlwh+QSoHEIpA+QTXvxsi9CExPLDrcaAF+tOk=
Subject key identifier:   29:55:1B:E4:92:3F:B8:3D:28:34:88:9D:73:8C:21:C2:9C:68:3C:55
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       69F6D8C808A3C9573BE4F8526FC16489BA6008CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feb67440-ac4a-462e-8b15-5450c649275e.roa
Signing time:             Fri 31 Oct 2025 01:01:25 +0000
ROA not before:           Fri 31 Oct 2025 01:01:25 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.253.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:f6:d8:c8:08:a3:c9:57:3b:e4:f8:52:6f:c1:64:89:ba:60:08:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:01:25 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=4b9eb4d5595eaf67fce8858f0b13a1b45396613aee2addded7b8cc5ba7585922, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:01:78:e0:6f:2b:74:3d:c9:f3:bd:9e:63:c4:
                    77:ec:75:b3:75:8c:ca:a8:76:e7:26:a8:9b:c3:68:
                    53:55:0b:43:6e:bd:73:24:ed:66:fe:cd:67:dd:0f:
                    a9:5f:50:d7:75:60:af:3c:37:fa:dd:22:05:8d:8f:
                    69:ff:c4:fa:c7:49:e2:72:8a:80:f9:d7:44:94:6f:
                    63:81:68:28:ec:8d:7c:e4:52:1d:fb:ad:ce:34:0c:
                    62:a8:68:b9:e6:c3:e6:39:54:14:9b:a9:4b:69:51:
                    0f:b3:11:b9:30:e7:4a:4e:e9:cc:45:4a:7c:5e:b9:
                    b7:f0:72:45:80:32:8b:38:0b:bb:0a:2a:ca:34:a2:
                    7a:ce:1f:76:46:58:d0:15:54:36:03:66:da:d6:bf:
                    20:3c:22:f7:ae:b9:d6:d6:44:dc:c3:8e:73:df:c1:
                    4d:bc:a6:c7:2c:b6:2b:5e:ea:95:95:05:ef:5c:9a:
                    5f:20:a9:c7:40:99:cf:67:5f:40:17:30:a3:62:90:
                    52:e5:01:bf:43:7d:2c:a4:3a:4d:9d:91:99:3f:41:
                    46:bf:0f:b9:5c:e6:e0:bd:71:d1:6f:f2:44:3b:bb:
                    40:c5:34:ad:7a:f6:32:00:70:51:14:c1:3d:80:d8:
                    88:61:e4:1a:1b:dc:f4:de:56:09:93:16:6f:d4:4e:
                    ce:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:55:1B:E4:92:3F:B8:3D:28:34:88:9D:73:8C:21:C2:9C:68:3C:55
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feb67440-ac4a-462e-8b15-5450c649275e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.253.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9a:21:93:b4:a7:2b:e7:ee:89:d0:06:f6:80:2e:07:16:21:55:
         af:6d:c8:ec:79:24:1c:06:30:1b:a3:ad:76:35:d9:28:00:2b:
         71:f4:c3:8f:0d:45:5d:11:e3:ee:90:7e:c1:48:d0:38:f4:b0:
         d1:9b:46:26:a1:d3:19:84:7a:06:3d:79:ff:ac:13:8b:3b:7e:
         11:ac:cf:90:a0:88:30:3f:6e:d0:33:7d:ef:2a:f6:1e:28:20:
         81:91:25:34:d6:db:0e:c7:dd:58:4f:f4:93:19:de:b3:7b:63:
         cf:42:aa:f5:87:0d:4b:da:e0:84:94:ce:e4:a1:52:5e:d8:92:
         98:1f:58:0b:5f:b3:44:be:25:60:06:01:30:ca:71:41:c3:00:
         ae:49:32:c9:68:2c:fd:6f:72:0f:5d:4c:87:af:24:4e:91:a5:
         16:04:3e:ef:0e:8f:71:1b:8c:f1:22:6b:4a:d8:bb:27:51:ca:
         40:e2:df:7c:8b:c4:c2:75:d0:33:e1:2a:c0:21:be:bb:7d:1e:
         02:bf:4e:49:c8:21:14:6f:3c:ca:99:8c:0f:b2:21:d1:2a:b1:
         a4:79:46:91:c0:2d:d8:98:43:cf:34:72:d6:11:75:a3:ec:79:
         d6:30:86:f9:c7:ad:3a:3e:2f:01:d0:46:ee:74:cb:62:1b:3c:
         4c:56:be:2b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUafbYyAijyVc75PhSb8FkibpgCMowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMTI1WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjllYjRkNTU5NWVhZjY3ZmNlODg1OGYwYjEzYTFiNDUz
OTY2MTNhZWUyYWRkZGVkN2I4Y2M1YmE3NTg1OTIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlAXjgbyt0PcnzvZ5jxHfsdbN1jMqoducmqJvDaFNVC0Nu
vXMk7Wb+zWfdD6lfUNd1YK88N/rdIgWNj2n/xPrHSeJyioD510SUb2OBaCjsjXzk
Uh37rc40DGKoaLnmw+Y5VBSbqUtpUQ+zEbkw50pO6cxFSnxeubfwckWAMos4C7sK
Kso0onrOH3ZGWNAVVDYDZtrWvyA8IveuudbWRNzDjnPfwU28pscstite6pWVBe9c
ml8gqcdAmc9nX0AXMKNikFLlAb9DfSykOk2dkZk/QUa/D7lc5uC9cdFv8kQ7u0DF
NK169jIAcFEUwT2A2Ihh5Bob3PTeVgmTFm/UTs4ZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKVUb5JI/uD0oNIidc4whwpxoPFUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZlYjY3NDQwLWFjNGEtNDYyZS04YjE1LTU0NTBjNjQ5Mjc1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCP/TANBgkqhkiG9w0BAQsFAAOCAQEAmiGTtKcr5+6J0Ab2gC4HFiFVr23I
7HkkHAYwG6OtdjXZKAArcfTDjw1FXRHj7pB+wUjQOPSw0ZtGJqHTGYR6Bj15/6wT
izt+EazPkKCIMD9u0DN97yr2HigggZElNNbbDsfdWE/0kxnes3tjz0Kq9YcNS9rg
hJTO5KFSXtiSmB9YC1+zRL4lYAYBMMpxQcMArkkyyWgs/W9yD11Mh68kTpGlFgQ+
7w6PcRuM8SJrSti7J1HKQOLffIvEwnXQM+EqwCG+u30eAr9OScghFG88ypmMD7Ih
0SqxpHlGkcAt2JhDzzRy1hF1o+x51jCG+cetOj4vAdBG7nTLYhs8TFa+Kw==
-----END CERTIFICATE-----