Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c7f3524-c172-4363-bc54-bef6dba7ad58.roa
File:                     0c7f3524-c172-4363-bc54-bef6dba7ad58.roa (raw, json)
Hash identifier:          aFb1PCsn2b9Ftgo7jTOFa4y/PQkzugYHmG3ByEXxvAc=
Subject key identifier:   D4:F5:76:5C:B3:8F:95:EC:42:7A:F2:BA:FA:90:36:61:A1:B5:38:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A213AE1538999FD316FF0A8E21AF52A128E16E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c7f3524-c172-4363-bc54-bef6dba7ad58.roa
Signing time:             Sat 18 Oct 2025 05:20:07 +0000
ROA not before:           Sat 18 Oct 2025 05:20:07 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.186.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:21:3a:e1:53:89:99:fd:31:6f:f0:a8:e2:1a:f5:2a:12:8e:16:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 05:20:07 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=47eface607f70c30d0ea7acd73e8800a5e36590da8ee2e63ea4c4a1cbeb28cda, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:1f:97:9d:88:83:60:36:3f:09:2b:ee:81:47:
                    47:ed:e1:3f:9d:6b:8f:5f:dd:ad:01:15:11:08:de:
                    59:7f:66:85:c3:6e:8d:a9:86:6b:c2:12:eb:71:a4:
                    83:5b:de:91:c7:0c:2a:0f:06:87:bf:79:20:d4:f2:
                    64:6f:de:2d:ad:cc:2a:94:43:b8:26:02:f6:e5:1c:
                    10:67:bf:d1:d2:9e:53:23:d4:de:fa:6a:19:a6:98:
                    fb:92:e7:a8:2e:57:c5:dd:20:05:1f:10:f7:73:de:
                    46:09:96:3f:86:b9:fa:2d:95:19:91:af:1f:46:ba:
                    12:2e:0a:8c:20:8e:aa:70:d4:25:2d:81:b5:18:dc:
                    49:9b:5a:66:f8:7f:d6:35:3c:d9:f8:3f:dc:f2:75:
                    b5:66:92:ec:23:51:53:9d:1d:4b:94:e6:00:7d:bd:
                    e0:fc:83:42:a8:ae:78:80:16:2e:3a:bf:7d:66:ba:
                    b7:2e:ba:fb:3a:9e:ba:15:98:b5:04:69:dd:08:fb:
                    94:91:88:21:8a:64:e0:dd:58:6f:3f:45:d5:0b:73:
                    85:1b:51:4b:1c:94:d6:ac:6b:ee:80:b1:1a:76:a5:
                    3a:27:36:c4:e6:5d:d9:41:13:0a:7f:3d:69:31:2e:
                    6c:b0:a8:79:ab:c8:b0:0f:5a:4b:3e:43:8f:c3:4a:
                    d8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F5:76:5C:B3:8F:95:EC:42:7A:F2:BA:FA:90:36:61:A1:B5:38:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c7f3524-c172-4363-bc54-bef6dba7ad58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:71:82:d2:cf:d7:ba:3b:f3:ed:0c:0c:ec:bb:42:41:4d:e7:
         92:da:81:c6:ff:b1:0a:27:78:4a:13:6a:ce:e8:f8:d5:18:80:
         d2:ef:3a:91:18:30:9a:d9:18:6b:ac:86:38:3d:55:83:90:d2:
         77:25:d4:5e:73:2a:9a:de:f6:86:fc:5d:84:62:37:12:bd:69:
         2b:6c:93:4e:63:44:85:d9:9a:bb:b5:a8:d5:dc:16:f6:55:f2:
         e8:30:0f:30:60:c9:4a:19:14:14:33:86:73:c2:42:a0:91:45:
         2a:fd:3a:ee:21:db:a5:d0:2d:38:2b:54:42:4d:56:38:b9:c8:
         e3:6c:c8:91:ab:46:80:b8:49:78:57:77:48:3e:37:30:07:28:
         36:16:aa:30:d5:59:3b:83:d6:be:ce:e9:cc:05:62:c9:63:5a:
         38:8d:c4:26:74:d3:9d:d3:be:b2:d0:45:64:cd:9e:13:22:ba:
         ee:ae:c0:24:d0:18:27:50:35:74:61:7c:a6:54:ed:43:6f:3b:
         31:0e:58:37:fa:bb:b9:d7:fd:25:c3:bc:6a:eb:20:eb:e8:e0:
         1d:70:31:46:09:49:35:42:eb:61:fd:45:ef:18:54:15:28:ff:
         c0:c0:b9:1c:6d:8f:56:75:a2:19:72:e4:a4:7c:8c:f8:09:93:
         1b:34:e9:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWiE64VOJmf0xb/Co4hr1KhKOFuUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDUyMDA3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0N2VmYWNlNjA3ZjcwYzMwZDBlYTdhY2Q3M2U4ODAwYTVl
MzY1OTBkYThlZTJlNjNlYTRjNGExY2JlYjI4Y2RhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpH5ediINgNj8JK+6BR0ft4T+da49f3a0BFREI3ll/ZoXD
bo2phmvCEutxpINb3pHHDCoPBoe/eSDU8mRv3i2tzCqUQ7gmAvblHBBnv9HSnlMj
1N76ahmmmPuS56guV8XdIAUfEPdz3kYJlj+GufotlRmRrx9GuhIuCowgjqpw1CUt
gbUY3EmbWmb4f9Y1PNn4P9zydbVmkuwjUVOdHUuU5gB9veD8g0KorniAFi46v31m
urcuuvs6nroVmLUEad0I+5SRiCGKZODdWG8/RdULc4UbUUsclNasa+6AsRp2pTon
NsTmXdlBEwp/PWkxLmywqHmryLAPWks+Q4/DStgLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1PV2XLOPlexCevK6+pA2YaG1ONEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjN2YzNTI0LWMxNzItNDM2My1iYzU0LWJlZjZkYmE3YWQ1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFBCLowDQYJKoZIhvcNAQELBQADggEBAIRxgtLP17o78+0MDOy7QkFN55La
gcb/sQoneEoTas7o+NUYgNLvOpEYMJrZGGushjg9VYOQ0ncl1F5zKpre9ob8XYRi
NxK9aStsk05jRIXZmru1qNXcFvZV8ugwDzBgyUoZFBQzhnPCQqCRRSr9Ou4h26XQ
LTgrVEJNVji5yONsyJGrRoC4SXhXd0g+NzAHKDYWqjDVWTuD1r7O6cwFYsljWjiN
xCZ0053TvrLQRWTNnhMiuu6uwCTQGCdQNXRhfKZU7UNvOzEOWDf6u7nX/SXDvGrr
IOvo4B1wMUYJSTVC62H9Re8YVBUo/8DAuRxtj1Z1ohly5KR8jPgJkxs06XI=
-----END CERTIFICATE-----