Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/06bef077-f186-4620-b0e8-edae475c1fe6.roa
File:                     06bef077-f186-4620-b0e8-edae475c1fe6.roa (raw, json)
Hash identifier:          y9ydqqu2RZDTc2VRFuEp3dLuNGnw7KwbMKdxQh9/uko=
Subject key identifier:   35:1A:B4:6C:71:A3:83:22:FE:9D:A9:C1:7F:B4:59:66:D6:7C:01:5A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A81F58EA53499928FF74763FBAC53B44D9D6B5C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/06bef077-f186-4620-b0e8-edae475c1fe6.roa
Signing time:             Fri 03 Oct 2025 00:41:42 +0000
ROA not before:           Fri 03 Oct 2025 00:41:42 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.131.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:81:f5:8e:a5:34:99:92:8f:f7:47:63:fb:ac:53:b4:4d:9d:6b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:41:42 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=59cf10bdb1f522058072773d452c32c6f9fefcfbb3f61e1e6086975fa6de20b1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:37:36:1a:b0:02:af:df:af:f7:3f:4d:c9:2c:
                    8d:b7:6a:61:13:a0:8c:58:22:6f:05:e8:6e:d9:41:
                    45:01:12:60:79:0b:9d:55:57:b3:9e:07:8a:77:45:
                    cc:b5:9d:c3:6a:15:02:d2:f0:b2:87:ab:4f:64:03:
                    24:f1:8d:25:82:3e:63:a9:58:c4:58:8c:df:9d:49:
                    a5:66:65:70:0c:3b:cc:20:a4:4f:f9:fb:24:85:e3:
                    eb:3d:0d:66:58:23:cd:68:41:17:d9:2f:f6:e2:81:
                    c6:ff:01:78:9a:3c:cd:db:34:a7:82:46:b3:48:83:
                    c0:4e:38:06:f2:38:24:fc:c9:74:7d:09:6c:de:fb:
                    f6:fd:82:f8:e3:52:a1:74:b2:a9:5a:2a:ed:5f:8a:
                    4e:04:84:7d:23:13:89:b3:87:d6:ef:fb:e1:c3:62:
                    3a:1e:08:41:bd:a2:6e:60:e4:18:e9:20:30:2c:81:
                    49:13:d6:10:30:7d:cd:e8:81:81:0e:e1:aa:93:80:
                    41:fd:6b:62:d3:7f:27:88:ae:7d:46:2d:3d:d8:c7:
                    41:b8:d5:e5:3b:02:9d:29:cb:45:a7:4b:0c:9f:fd:
                    c5:5a:7e:0e:88:3a:29:91:3c:67:e5:3f:70:03:a9:
                    27:bf:21:3d:8f:8c:2a:bf:78:94:a3:4e:4f:e6:f2:
                    a1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:1A:B4:6C:71:A3:83:22:FE:9D:A9:C1:7F:B4:59:66:D6:7C:01:5A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/06bef077-f186-4620-b0e8-edae475c1fe6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:e7:55:41:26:9b:4f:4f:cd:6b:0c:78:23:53:ee:19:6f:91:
         aa:8f:ed:69:c5:34:7e:3f:d5:0e:36:e0:d5:d0:cb:60:01:09:
         63:40:24:05:b1:f5:26:8c:71:5f:10:aa:8c:0d:09:04:35:9a:
         03:dc:82:e2:a8:e3:2f:6d:b9:bf:3a:5a:50:47:99:08:c9:9d:
         e3:75:86:e1:f5:b4:b2:00:9b:a6:04:ba:de:ce:bd:cc:61:9a:
         40:c4:54:9a:7c:ae:36:1d:4c:fe:4d:1f:f3:74:bb:17:8f:5a:
         57:f7:49:ed:f3:c0:c3:c8:df:47:52:cf:a3:70:41:27:8f:5b:
         b7:84:b3:02:12:3f:45:49:97:91:28:6a:13:cf:96:e4:ff:f0:
         c1:cd:ab:cc:93:3b:5d:6e:09:ff:f4:20:a0:54:28:2e:d6:ae:
         87:b8:2c:b7:2f:ab:23:ce:26:00:e4:a9:06:dc:1d:0e:a0:65:
         77:b9:9d:c1:2d:7f:9c:eb:d9:c0:87:94:33:c0:2f:a7:5d:62:
         df:21:36:0b:d6:b6:df:f8:34:14:30:69:f6:54:13:ef:80:ca:
         d9:98:17:b4:72:40:34:5a:db:57:e4:80:50:0c:f7:d8:0b:97:
         ba:89:cc:b3:6f:e2:70:50:16:ab:f2:2d:b4:b8:e8:fb:9b:e7:
         28:12:9f:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaoH1jqU0mZKP90dj+6xTtE2da1wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MTQyWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1OWNmMTBiZGIxZjUyMjA1ODA3Mjc3M2Q0NTJjMzJjNmY5
ZmVmY2ZiYjNmNjFlMWU2MDg2OTc1ZmE2ZGUyMGIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRNzYasAKv36/3P03JLI23amEToIxYIm8F6G7ZQUUBEmB5
C51VV7OeB4p3Rcy1ncNqFQLS8LKHq09kAyTxjSWCPmOpWMRYjN+dSaVmZXAMO8wg
pE/5+ySF4+s9DWZYI81oQRfZL/bigcb/AXiaPM3bNKeCRrNIg8BOOAbyOCT8yXR9
CWze+/b9gvjjUqF0sqlaKu1fik4EhH0jE4mzh9bv++HDYjoeCEG9om5g5BjpIDAs
gUkT1hAwfc3ogYEO4aqTgEH9a2LTfyeIrn1GLT3Yx0G41eU7Ap0py0WnSwyf/cVa
fg6IOimRPGflP3ADqSe/IT2PjCq/eJSjTk/m8qGTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNRq0bHGjgyL+nanBf7RZZtZ8AVowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA2YmVmMDc3LWYxODYtNDYyMC1iMGU4LWVkYWU0NzVjMWZlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABgAIMwDQYJKoZIhvcNAQELBQADggEBAGHnVUEmm09PzWsMeCNT7hlvkaqP
7WnFNH4/1Q424NXQy2ABCWNAJAWx9SaMcV8QqowNCQQ1mgPcguKo4y9tub86WlBH
mQjJneN1huH1tLIAm6YEut7OvcxhmkDEVJp8rjYdTP5NH/N0uxePWlf3Se3zwMPI
30dSz6NwQSePW7eEswISP0VJl5EoahPPluT/8MHNq8yTO11uCf/0IKBUKC7Wroe4
LLcvqyPOJgDkqQbcHQ6gZXe5ncEtf5zr2cCHlDPAL6ddYt8hNgvWtt/4NBQwafZU
E++AytmYF7RyQDRa21fkgFAM99gLl7qJzLNv4nBQFqvyLbS46Pub5ygSnwg=
-----END CERTIFICATE-----