Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07db827d-5458-468d-8395-d3b2b4a26a9b.roa
File:                     07db827d-5458-468d-8395-d3b2b4a26a9b.roa (raw, json)
Hash identifier:          mJjTGIkH3wXT42NpJsTmFOTr8TVSBnOU+2odK/U6LnE=
Subject key identifier:   35:2A:0B:A4:EE:5B:5E:82:18:8C:96:A4:32:A1:96:E3:27:03:2C:1A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0362E271DE442B2FA6009CD7975A38444CD4FE8A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07db827d-5458-468d-8395-d3b2b4a26a9b.roa
Signing time:             Tue 07 Oct 2025 00:51:15 +0000
ROA not before:           Tue 07 Oct 2025 00:51:15 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        31.220.220.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:62:e2:71:de:44:2b:2f:a6:00:9c:d7:97:5a:38:44:4c:d4:fe:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:51:15 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=9f1c7dcb15b7d7ca28581e52c076074bb9f61ccbe6754dcd82c5d49c19a5be12, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2d:f8:98:99:00:00:21:8b:ed:c7:3a:4c:78:
                    1c:b5:41:90:45:79:fb:9b:03:aa:8c:ef:d7:d0:6d:
                    09:99:74:5a:b1:c9:eb:f0:1a:d8:32:6f:e7:1d:b2:
                    03:71:45:36:c8:fd:cb:60:a3:0e:8e:b1:69:ac:78:
                    f0:aa:66:a7:9b:b1:ef:57:2a:2b:2a:9f:e5:53:53:
                    4b:4b:d0:1c:75:15:ce:52:99:d6:da:8a:b2:e5:87:
                    e9:96:65:7a:8a:36:4e:7c:4e:5e:18:8f:0a:ea:23:
                    d2:c6:f4:fb:ee:aa:cb:72:57:d5:8b:07:a5:8b:02:
                    1a:e7:6c:d7:32:69:41:13:98:47:84:04:e0:76:35:
                    ea:98:e4:49:96:3d:a1:4c:ba:be:2d:11:91:1c:f9:
                    ab:9c:3a:c3:8c:9e:12:03:7d:0f:2f:61:6e:41:d6:
                    53:1d:93:2b:8b:a0:88:62:53:f9:0a:73:fa:56:f7:
                    99:91:c7:ad:72:08:32:79:52:73:64:3d:cb:0a:bf:
                    a2:f4:01:20:ab:fd:de:41:04:c2:64:82:58:90:bb:
                    3a:f9:0e:59:33:01:ae:c0:b6:17:71:9e:8c:01:71:
                    86:03:74:73:ce:0c:ff:c8:fb:2d:c9:5a:9a:08:2a:
                    0e:67:78:0e:94:8a:df:27:da:5c:06:83:00:02:1c:
                    f7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2A:0B:A4:EE:5B:5E:82:18:8C:96:A4:32:A1:96:E3:27:03:2C:1A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07db827d-5458-468d-8395-d3b2b4a26a9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:f4:15:41:7b:ce:d4:28:ce:8a:c7:6f:05:af:db:2f:19:01:
         12:c3:3c:a7:6f:ff:b6:ed:35:b3:46:ab:63:6b:64:cb:eb:dc:
         0a:af:00:54:4a:8c:c3:07:7d:c2:a2:55:9f:ce:92:45:e2:05:
         a8:20:65:76:bc:38:db:8a:74:04:39:57:6a:af:f8:14:e3:e2:
         41:1d:3d:00:92:6a:15:4d:51:79:a3:f2:46:fe:0f:dd:02:10:
         a8:24:24:7c:3d:27:ef:8b:11:6c:7a:b4:33:d2:bc:0b:b3:5e:
         28:68:e8:58:11:1a:6d:79:d9:07:f8:cf:e5:f8:b8:df:0a:fe:
         c6:40:a9:68:0d:c6:a8:e5:5e:14:ce:47:92:53:98:1e:3f:d6:
         e4:24:fb:d7:54:e2:90:bf:a0:ab:5d:fe:12:f8:7d:4a:ff:61:
         f7:0c:d1:f5:a7:ca:2f:cd:81:96:d9:7f:50:67:33:f2:1e:19:
         17:2b:2d:fa:c9:8f:d5:3a:09:f9:ce:1e:8b:05:1c:69:47:89:
         0d:08:99:b1:d5:4c:3f:de:25:f4:7c:2b:eb:17:e3:e6:ec:ae:
         b1:d2:17:da:75:ed:a1:1f:b6:65:ab:32:39:ac:6a:d1:13:b2:
         36:94:e8:60:ca:60:dd:f6:fe:8e:8e:47:85:16:5f:3c:98:33:
         cf:83:4c:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA2Licd5EKy+mAJzXl1o4REzU/oowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA1MTE1WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjFjN2RjYjE1YjdkN2NhMjg1ODFlNTJjMDc2MDc0YmI5
ZjYxY2NiZTY3NTRkY2Q4MmM1ZDQ5YzE5YTViZTEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCILfiYmQAAIYvtxzpMeBy1QZBFefubA6qM79fQbQmZdFqx
yevwGtgyb+cdsgNxRTbI/ctgow6OsWmsePCqZqebse9XKisqn+VTU0tL0Bx1Fc5S
mdbairLlh+mWZXqKNk58Tl4YjwrqI9LG9PvuqstyV9WLB6WLAhrnbNcyaUETmEeE
BOB2NeqY5EmWPaFMur4tEZEc+aucOsOMnhIDfQ8vYW5B1lMdkyuLoIhiU/kKc/pW
95mRx61yCDJ5UnNkPcsKv6L0ASCr/d5BBMJkgliQuzr5DlkzAa7AthdxnowBcYYD
dHPODP/I+y3JWpoIKg5neA6Uit8n2lwGgwACHPetAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNSoLpO5bXoIYjJakMqGW4ycDLBowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA3ZGI4MjdkLTU0NTgtNDY4ZC04Mzk1LWQzYjJiNGEyNmE5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIf3NwwDQYJKoZIhvcNAQELBQADggEBALD0FUF7ztQozorHbwWv2y8ZARLD
PKdv/7btNbNGq2NrZMvr3AqvAFRKjMMHfcKiVZ/OkkXiBaggZXa8ONuKdAQ5V2qv
+BTj4kEdPQCSahVNUXmj8kb+D90CEKgkJHw9J++LEWx6tDPSvAuzXiho6FgRGm15
2Qf4z+X4uN8K/sZAqWgNxqjlXhTOR5JTmB4/1uQk+9dU4pC/oKtd/hL4fUr/YfcM
0fWnyi/NgZbZf1BnM/IeGRcrLfrJj9U6CfnOHosFHGlHiQ0ImbHVTD/eJfR8K+sX
4+bsrrHSF9p17aEftmWrMjmsatETsjaU6GDKYN32/o6OR4UWXzyYM8+DTEY=
-----END CERTIFICATE-----