Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03353232-f773-4ecd-a8d3-0b9aa5dcc857.roa
File:                     03353232-f773-4ecd-a8d3-0b9aa5dcc857.roa (raw, json)
Hash identifier:          0HktOf4LvLLYrDtE7gunlbMzcK1+RDE6yTnsjdQ6Kko=
Subject key identifier:   59:C6:C7:82:E4:EC:59:3E:C2:48:57:9E:0C:4F:1C:07:78:D4:3E:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2BA05C88E92CD5D73CAEDCA3C4820911C0885115
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03353232-f773-4ecd-a8d3-0b9aa5dcc857.roa
Signing time:             Sun 19 Oct 2025 01:30:19 +0000
ROA not before:           Sun 19 Oct 2025 01:30:19 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.101.128.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:a0:5c:88:e9:2c:d5:d7:3c:ae:dc:a3:c4:82:09:11:c0:88:51:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 01:30:19 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=bca404906e09d9c1219419da21e477fd39c12228246a1c10162d0dbb81b6e39c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:44:40:57:f1:b8:77:e7:df:9a:29:65:34:c6:
                    a6:d0:54:db:fc:60:82:1f:27:d5:dd:8b:58:95:e8:
                    a9:5c:bc:2b:19:b3:de:37:c2:52:81:88:15:d5:18:
                    71:b7:d5:ad:8e:ce:82:43:48:d4:f7:41:7e:7e:3d:
                    06:8e:6a:10:a6:33:df:0a:6a:5f:26:02:eb:46:24:
                    4a:f5:44:14:5e:26:30:1d:c1:f1:92:56:f7:78:bd:
                    c3:b9:bc:98:92:89:d6:ca:e8:96:21:23:36:e5:0d:
                    df:3e:eb:1c:a6:96:4e:60:09:6f:5e:35:30:1b:dc:
                    6d:d3:97:84:bb:6b:5e:51:52:01:ae:a1:d2:53:f9:
                    c7:d2:0b:6e:36:d8:6d:31:fc:32:48:63:0f:04:54:
                    32:61:5c:f4:a9:70:b6:a1:81:b7:61:a4:b5:71:bf:
                    c5:93:d4:92:26:2e:e9:d1:1d:4c:55:b4:7f:d6:4c:
                    bb:d2:01:a8:86:a5:6a:ce:34:cf:28:80:70:1b:0f:
                    3a:49:56:79:48:ce:d3:db:43:d5:1c:50:62:35:c4:
                    ed:43:72:6d:e8:09:49:bd:c6:7d:ae:85:9c:2d:e0:
                    91:ac:69:1d:10:02:7e:b1:51:90:da:84:5d:28:d4:
                    69:d7:44:c4:6f:81:d1:af:e3:1e:8c:36:c0:ef:71:
                    e7:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C6:C7:82:E4:EC:59:3E:C2:48:57:9E:0C:4F:1C:07:78:D4:3E:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03353232-f773-4ecd-a8d3-0b9aa5dcc857.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.101.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         0f:aa:ca:af:84:1a:ef:af:62:7d:e0:c8:72:d2:cd:bf:34:d8:
         4c:a6:ea:a6:98:f4:35:e4:16:9a:ef:f6:d2:b0:ab:62:fa:2c:
         03:5e:e0:12:0d:67:97:49:80:d4:c2:36:08:06:17:e4:7c:5c:
         2d:39:47:12:a0:07:5b:fd:9d:0b:88:3e:90:a7:d4:f4:b3:f5:
         7c:62:83:28:87:45:2d:5e:2d:98:b6:f3:2c:8f:28:2c:ca:fb:
         29:ed:40:1d:4c:21:fb:dd:1c:1c:83:70:b1:dc:d2:e5:50:10:
         d8:6f:e9:b5:79:b6:64:39:fc:51:bc:76:73:7c:61:b3:f6:ae:
         74:a9:01:1b:5d:e4:5e:b6:e8:26:0d:67:ed:da:c1:ef:64:79:
         41:6b:16:72:f9:48:0d:ab:eb:1d:95:d3:e5:2a:e7:30:56:ff:
         77:89:ea:5d:dd:fa:c8:d6:a9:36:4b:1c:87:ab:aa:56:1c:fc:
         0a:48:f1:84:54:27:a1:09:74:0b:73:82:b7:b9:0d:d9:4a:04:
         31:b9:08:79:db:ff:57:d5:e0:f5:5e:20:3e:43:1e:23:05:40:
         e4:30:91:a2:09:2e:2e:b2:f3:61:06:33:52:eb:74:13:a8:cf:
         79:3e:08:31:02:40:ca:82:18:28:82:bf:8e:4e:53:db:e6:32:
         03:46:41:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK6BciOks1dc8rtyjxIIJEcCIURUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDEzMDE5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiY2E0MDQ5MDZlMDlkOWMxMjE5NDE5ZGEyMWU0NzdmZDM5
YzEyMjI4MjQ2YTFjMTAxNjJkMGRiYjgxYjZlMzljMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSREBX8bh359+aKWU0xqbQVNv8YIIfJ9Xdi1iV6KlcvCsZ
s943wlKBiBXVGHG31a2OzoJDSNT3QX5+PQaOahCmM98Kal8mAutGJEr1RBReJjAd
wfGSVvd4vcO5vJiSidbK6JYhIzblDd8+6xymlk5gCW9eNTAb3G3Tl4S7a15RUgGu
odJT+cfSC2422G0x/DJIYw8EVDJhXPSpcLahgbdhpLVxv8WT1JImLunRHUxVtH/W
TLvSAaiGpWrONM8ogHAbDzpJVnlIztPbQ9UcUGI1xO1Dcm3oCUm9xn2uhZwt4JGs
aR0QAn6xUZDahF0o1GnXRMRvgdGv4x6MNsDvcecNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWcbHguTsWT7CSFeeDE8cB3jUPpYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzMzUzMjMyLWY3NzMtNGVjZC1hOGQzLTBiOWFhNWRjYzg1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdLZYAwDQYJKoZIhvcNAQELBQADggEBAA+qyq+EGu+vYn3gyHLSzb802Eym
6qaY9DXkFprv9tKwq2L6LANe4BINZ5dJgNTCNggGF+R8XC05RxKgB1v9nQuIPpCn
1PSz9XxigyiHRS1eLZi28yyPKCzK+yntQB1MIfvdHByDcLHc0uVQENhv6bV5tmQ5
/FG8dnN8YbP2rnSpARtd5F626CYNZ+3awe9keUFrFnL5SA2r6x2V0+Uq5zBW/3eJ
6l3d+sjWqTZLHIerqlYc/ApI8YRUJ6EJdAtzgre5DdlKBDG5CHnb/1fV4PVeID5D
HiMFQOQwkaIJLi6y82EGM1LrdBOoz3k+CDECQMqCGCiCv45OU9vmMgNGQYU=
-----END CERTIFICATE-----