Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0cb95a9a-688c-4e7d-8983-619a1a64bc2f.roa
File:                     0cb95a9a-688c-4e7d-8983-619a1a64bc2f.roa (raw, json)
Hash identifier:          dLJZ/+9wG2wesqsLcnf0QEunEtUNdn4/m54d4kX/ZxE=
Subject key identifier:   50:CA:06:7D:35:69:29:0A:B8:16:BD:30:94:CA:98:41:DB:E3:8F:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       162F9E40ADE112B13867E1B2BE546A1F498655AA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0cb95a9a-688c-4e7d-8983-619a1a64bc2f.roa
Signing time:             Wed 01 Oct 2025 00:41:13 +0000
ROA not before:           Wed 01 Oct 2025 00:41:13 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.246.112.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:2f:9e:40:ad:e1:12:b1:38:67:e1:b2:be:54:6a:1f:49:86:55:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:41:13 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=f3171229a29d9c5a24ea3dd4b4b77261eafbc2804b666f0a5fae9cfdb455e400, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:60:36:ac:fa:c6:f1:27:b7:52:04:73:41:bc:
                    e1:7e:db:6a:ee:96:90:b0:8a:e1:76:1a:90:dd:e5:
                    60:09:cf:06:99:c2:f5:12:7f:e9:bb:b7:95:8e:18:
                    5d:28:5d:cf:7e:df:16:6b:da:e9:b7:4e:f8:ae:b4:
                    75:39:d1:bb:9f:1f:6f:6c:74:92:16:b9:67:a5:44:
                    43:db:05:98:3b:62:51:91:7e:08:93:3b:6b:d1:fc:
                    c7:48:ad:35:c5:e5:bf:56:7c:93:2a:e9:51:df:3a:
                    87:75:5d:bb:8e:1d:71:29:a8:ff:24:fd:e7:1e:1b:
                    4c:46:1d:d7:ee:3d:cc:9e:cb:3e:91:53:e7:64:73:
                    03:75:e8:5a:da:50:9b:62:c0:f4:61:ea:4f:2b:b4:
                    6b:b2:34:60:9b:c3:70:fa:89:29:89:36:4a:91:fc:
                    4c:6a:1c:cd:fc:da:69:d4:76:ff:dc:fc:97:aa:c5:
                    40:c6:e6:34:8a:14:35:dc:5f:20:e0:ef:b0:fc:a3:
                    ed:f4:f3:c6:cb:ee:1b:42:9b:88:f3:fa:8d:99:68:
                    49:da:1f:da:08:73:17:fb:33:a7:2a:cd:0a:db:76:
                    c5:b0:f7:04:f9:39:a4:c8:64:b0:83:70:f8:ba:f8:
                    d1:d8:4a:8f:24:42:f9:9d:4b:22:d5:75:22:27:30:
                    f2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:CA:06:7D:35:69:29:0A:B8:16:BD:30:94:CA:98:41:DB:E3:8F:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0cb95a9a-688c-4e7d-8983-619a1a64bc2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.246.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:69:a0:47:00:22:44:db:0e:0d:7d:99:c8:84:a2:75:42:c4:
         e2:52:7e:5f:92:ad:c1:11:ce:84:fe:cd:bd:7e:fc:13:db:dd:
         63:38:f5:88:60:71:c6:25:37:ef:60:67:8b:c9:33:75:88:1c:
         74:00:33:e3:6f:d7:16:3f:93:ee:3e:72:d5:72:2a:89:32:24:
         c6:a6:8e:4f:5e:ac:a4:ee:e1:3d:ef:3f:c8:4e:04:eb:ce:63:
         92:2a:65:42:d3:32:85:12:8f:8d:22:5b:94:09:20:98:8b:69:
         08:cd:6c:17:f6:18:32:55:e6:3d:46:84:84:5c:32:7b:48:d2:
         a7:cd:3b:31:ba:ed:9c:38:d9:10:b3:ec:b8:d1:5d:51:b2:4a:
         c9:d3:73:2a:15:88:27:ec:88:8f:96:6c:7b:47:66:3c:87:bc:
         2a:0b:51:6d:25:0c:c6:b6:83:ce:8c:39:05:0d:ca:02:93:ef:
         c1:98:b5:c5:95:5a:8c:6f:7b:32:41:72:b3:9b:29:1a:4d:df:
         bc:74:d3:68:86:94:b0:95:cd:a3:71:f6:d0:fd:c3:2e:c1:4d:
         ab:40:48:60:88:db:44:86:e5:0f:94:e7:fe:3a:7a:42:38:1a:
         63:be:ac:f3:63:09:c6:9c:6b:06:a5:76:bd:52:dc:21:6f:f1:
         c0:d3:54:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFi+eQK3hErE4Z+GyvlRqH0mGVaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA0MTEzWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzE3MTIyOWEyOWQ5YzVhMjRlYTNkZDRiNGI3NzI2MWVh
ZmJjMjgwNGI2NjZmMGE1ZmFlOWNmZGI0NTVlNDAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmYDas+sbxJ7dSBHNBvOF+22rulpCwiuF2GpDd5WAJzwaZ
wvUSf+m7t5WOGF0oXc9+3xZr2um3TviutHU50bufH29sdJIWuWelREPbBZg7YlGR
fgiTO2vR/MdIrTXF5b9WfJMq6VHfOod1XbuOHXEpqP8k/eceG0xGHdfuPcyeyz6R
U+dkcwN16FraUJtiwPRh6k8rtGuyNGCbw3D6iSmJNkqR/ExqHM382mnUdv/c/Jeq
xUDG5jSKFDXcXyDg77D8o+3088bL7htCm4jz+o2ZaEnaH9oIcxf7M6cqzQrbdsWw
9wT5OaTIZLCDcPi6+NHYSo8kQvmdSyLVdSInMPLDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUMoGfTVpKQq4Fr0wlMqYQdvjj5MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjYjk1YTlhLTY4OGMtNGU3ZC04OTgzLTYxOWExYTY0YmMyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA/9nAwDQYJKoZIhvcNAQELBQADggEBAKZpoEcAIkTbDg19mciEonVCxOJS
fl+SrcERzoT+zb1+/BPb3WM49YhgccYlN+9gZ4vJM3WIHHQAM+Nv1xY/k+4+ctVy
KokyJMamjk9erKTu4T3vP8hOBOvOY5IqZULTMoUSj40iW5QJIJiLaQjNbBf2GDJV
5j1GhIRcMntI0qfNOzG67Zw42RCz7LjRXVGySsnTcyoViCfsiI+WbHtHZjyHvCoL
UW0lDMa2g86MOQUNygKT78GYtcWVWoxvezJBcrObKRpN37x002iGlLCVzaNx9tD9
wy7BTatASGCI20SG5Q+U5/46ekI4GmO+rPNjCcacawaldr1S3CFv8cDTVMo=
-----END CERTIFICATE-----