Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aca7cdb-898e-4187-9140-4f8871c28fb0.roa
File:                     0aca7cdb-898e-4187-9140-4f8871c28fb0.roa (raw, json)
Hash identifier:          iFPQAKiEVrH/1QYkeKPtpYsDh3iDwfTLp9x2bag7gDA=
Subject key identifier:   A1:7B:34:61:73:09:78:75:74:F2:77:78:7E:FA:7C:5D:75:17:B3:B9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       599D63165E80DEB7B02856E3E0CD00B1D030B720
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aca7cdb-898e-4187-9140-4f8871c28fb0.roa
Signing time:             Fri 03 Oct 2025 00:42:10 +0000
ROA not before:           Fri 03 Oct 2025 00:42:10 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        67.220.240.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:9d:63:16:5e:80:de:b7:b0:28:56:e3:e0:cd:00:b1:d0:30:b7:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:42:10 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=0e31ff1cede46d900b525f10c2716bde2589a64033c2e3de8660822146e956a6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6d:e2:14:0e:2d:1b:9c:51:66:00:31:3a:75:
                    af:d9:45:e2:bf:e5:99:d0:b8:75:d5:7d:d6:c3:46:
                    14:44:2a:2d:9e:79:db:52:7f:21:9d:40:45:7c:e1:
                    5f:62:31:d4:24:20:29:44:e8:9e:d4:b2:2b:69:8e:
                    62:2e:ff:11:55:5c:af:fb:3b:eb:c8:83:7d:d8:d7:
                    28:9e:f2:8b:29:46:ba:cb:23:16:bc:07:3e:2c:b9:
                    58:a9:7d:f4:1a:66:84:34:12:8f:bf:7d:66:f0:08:
                    fc:0a:eb:00:28:11:26:00:a6:b6:e8:b9:4d:7c:be:
                    f6:ab:4c:dd:ca:17:23:c6:7c:c0:a5:77:f6:23:40:
                    58:af:4a:4e:c4:6b:95:25:f3:2c:5e:1e:db:fe:3d:
                    22:99:f5:6c:c6:28:b8:16:a5:69:18:e2:76:80:50:
                    e8:0f:0d:8c:f3:19:45:43:ac:f9:e7:7a:6f:96:e9:
                    48:47:91:25:26:1f:dd:38:96:83:39:78:96:d9:2b:
                    2b:b0:a2:b9:06:b3:27:02:61:b4:0c:af:ee:e7:b2:
                    28:0f:87:79:d4:4c:ab:ff:7e:2e:a1:6e:29:d1:8a:
                    8e:58:bb:0d:03:ce:d7:e5:8f:a6:50:98:6e:40:d0:
                    4d:0b:3c:df:c5:36:82:80:87:71:18:24:6c:43:d1:
                    0c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:7B:34:61:73:09:78:75:74:F2:77:78:7E:FA:7C:5D:75:17:B3:B9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aca7cdb-898e-4187-9140-4f8871c28fb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.220.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         81:e4:bd:d3:e5:42:8b:ea:9e:4c:ca:b6:bb:45:c0:76:df:fd:
         9f:f1:2e:cc:d4:19:48:6d:bf:01:1d:15:c5:34:c9:71:b2:7f:
         bf:b1:e0:69:ee:bf:87:df:9f:bc:d8:85:5e:f5:ea:51:e0:c3:
         33:70:4c:55:e8:f3:a7:5e:20:9d:36:f4:a7:ec:e6:19:e4:4f:
         7d:c0:0e:16:79:8f:f4:9b:b4:1d:ba:00:6d:e4:3b:0a:14:73:
         0a:96:95:b7:ba:31:a4:3e:8a:28:97:b1:1b:6a:55:f1:52:71:
         b5:34:27:26:d0:e0:00:24:13:60:29:37:6a:7b:15:0f:11:7e:
         68:5d:48:51:29:f3:00:68:66:3a:b5:4b:50:a5:08:b2:27:f6:
         85:83:c2:10:47:af:83:5b:90:62:0d:a2:db:98:44:df:1f:33:
         b5:15:29:9f:86:64:f1:00:84:b9:49:96:4b:9b:bb:56:3e:93:
         ef:59:db:a4:70:95:8f:0e:0c:88:61:c0:5d:0a:73:91:05:d2:
         70:7a:3b:76:b9:9c:3b:5c:28:c0:e4:c6:41:fe:61:8b:63:7c:
         0c:1e:5a:71:8f:13:9c:ac:1a:59:9b:4a:20:4a:4f:f5:49:f9:
         c6:a6:20:d2:b5:51:44:d9:0b:69:f0:bb:25:8a:ca:e0:a1:69:
         f3:27:4a:d0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWZ1jFl6A3rewKFbj4M0AsdAwtyAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MjEwWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTMxZmYxY2VkZTQ2ZDkwMGI1MjVmMTBjMjcxNmJkZTI1
ODlhNjQwMzNjMmUzZGU4NjYwODIyMTQ2ZTk1NmE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEbeIUDi0bnFFmADE6da/ZReK/5ZnQuHXVfdbDRhREKi2e
edtSfyGdQEV84V9iMdQkIClE6J7UsitpjmIu/xFVXK/7O+vIg33Y1yie8ospRrrL
Ixa8Bz4suVipffQaZoQ0Eo+/fWbwCPwK6wAoESYAprbouU18vvarTN3KFyPGfMCl
d/YjQFivSk7Ea5Ul8yxeHtv+PSKZ9WzGKLgWpWkY4naAUOgPDYzzGUVDrPnnem+W
6UhHkSUmH904loM5eJbZKyuworkGsycCYbQMr+7nsigPh3nUTKv/fi6hbinRio5Y
uw0Dztflj6ZQmG5A0E0LPN/FNoKAh3EYJGxD0QzNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoXs0YXMJeHV08nd4fvp8XXUXs7kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhY2E3Y2RiLTg5OGUtNDE4Ny05MTQwLTRmODg3MWMyOGZiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARD3PAwDQYJKoZIhvcNAQELBQADggEBAIHkvdPlQovqnkzKtrtFwHbf/Z/x
LszUGUhtvwEdFcU0yXGyf7+x4Gnuv4ffn7zYhV716lHgwzNwTFXo86deIJ029Kfs
5hnkT33ADhZ5j/SbtB26AG3kOwoUcwqWlbe6MaQ+iiiXsRtqVfFScbU0JybQ4AAk
E2ApN2p7FQ8RfmhdSFEp8wBoZjq1S1ClCLIn9oWDwhBHr4NbkGINotuYRN8fM7UV
KZ+GZPEAhLlJlkubu1Y+k+9Z26RwlY8ODIhhwF0Kc5EF0nB6O3a5nDtcKMDkxkH+
YYtjfAweWnGPE5ysGlmbSiBKT/VJ+camINK1UUTZC2nwuyWKyuChafMnStA=
-----END CERTIFICATE-----