Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/123aa7ca-27f4-4ac9-ba6f-bce10fd156ad.roa
File:                     123aa7ca-27f4-4ac9-ba6f-bce10fd156ad.roa (raw, json)
Hash identifier:          Qm2KcL9uMSYeL3pI2BKwofYmMVuE+e8xDKpsK3yeurM=
Subject key identifier:   2B:02:2F:88:F1:B5:B4:B5:98:19:39:B5:BC:3F:BE:F6:AD:E1:A8:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A0245E0058660F2175C83F5A692878DAAD4F455
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/123aa7ca-27f4-4ac9-ba6f-bce10fd156ad.roa
Signing time:             Sat 18 Oct 2025 01:00:12 +0000
ROA not before:           Sat 18 Oct 2025 01:00:12 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.152.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:02:45:e0:05:86:60:f2:17:5c:83:f5:a6:92:87:8d:aa:d4:f4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:00:12 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=43e36763ec455fd1f7ac78f2ad1af334c10db12dd36e26ecf96e70c985a90bac, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:73:a0:cf:d5:8d:34:07:67:31:f6:95:56:09:
                    66:b4:67:1e:c8:5b:86:e2:33:4b:45:1f:d6:8c:cf:
                    94:61:33:96:49:e0:ef:4a:37:5f:40:22:0b:70:27:
                    dd:95:71:40:56:37:01:44:2f:66:7a:7d:aa:35:89:
                    2c:30:f1:f4:30:90:25:7c:d6:e4:f3:b6:e5:2a:bb:
                    e7:ab:bc:7c:5c:0f:a3:61:1f:4d:10:c7:8e:f0:80:
                    61:d8:a3:9d:61:14:2e:57:e8:bc:13:4f:b5:89:c7:
                    72:2d:5f:ac:92:97:a0:4c:5e:ae:57:35:24:72:6a:
                    06:fd:24:76:e9:8b:ff:98:b3:5a:70:7b:2e:8f:08:
                    5b:96:37:76:f2:c3:7f:b6:b6:47:7b:5c:44:41:3a:
                    5a:19:91:43:11:b3:55:ff:4e:c2:9d:97:f3:f6:02:
                    f4:52:52:18:14:fe:41:ef:cb:46:35:c4:41:bd:62:
                    1f:10:1f:50:9e:d0:f7:2a:41:96:54:7c:67:46:7a:
                    5c:9d:ca:4b:55:c8:d0:b5:9e:78:b8:c7:8a:39:9e:
                    e9:b9:c0:92:5a:58:5e:61:ab:ed:e5:c7:24:3a:fd:
                    c5:53:6e:de:4e:6e:53:05:8c:62:ec:4b:ea:43:14:
                    b7:d9:07:e6:94:ef:55:76:40:38:69:b1:23:eb:58:
                    68:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:02:2F:88:F1:B5:B4:B5:98:19:39:B5:BC:3F:BE:F6:AD:E1:A8:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/123aa7ca-27f4-4ac9-ba6f-bce10fd156ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:f8:0d:4a:ce:90:e7:2c:0b:4b:af:b0:27:ed:76:35:95:14:
         96:70:33:75:ab:49:af:04:a8:f5:3b:fe:fe:e6:54:32:7d:8d:
         89:21:18:a3:17:49:29:ad:98:2f:25:99:1e:f9:07:40:22:b3:
         7a:1e:fe:d0:31:8c:f1:be:4f:75:db:59:33:19:49:03:c7:53:
         0e:d5:b2:41:59:60:ad:af:5f:a2:b5:0f:ea:39:a7:d2:a6:52:
         9c:1d:0f:a5:d1:bc:7c:05:f4:28:62:b1:0b:f2:b3:0f:e8:7d:
         43:5d:82:2e:bb:a8:24:db:d6:f5:7c:5d:f7:46:d5:f7:a9:f6:
         27:5f:6e:64:08:57:af:bc:2b:4c:02:f4:80:f3:0e:8b:0c:e0:
         49:47:00:4d:8b:49:5f:cc:99:c0:b2:99:25:c3:f7:9e:2b:ef:
         a0:31:99:5a:fb:af:6c:55:2c:67:9b:05:af:14:2f:ec:9f:db:
         ad:27:44:f6:6e:fe:5a:17:1b:19:70:8f:4a:1e:7a:00:39:88:
         b9:60:fd:a6:25:8e:51:29:a9:3f:af:b0:ba:eb:5f:20:ca:88:
         04:ec:cc:8b:2f:12:ae:b5:25:8f:c4:70:56:db:e6:01:a4:12:
         3f:dd:73:ed:bb:c2:d3:5f:e2:53:48:b3:36:0f:41:70:f5:62:
         fc:fa:1b:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSgJF4AWGYPIXXIP1ppKHjarU9FUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDEwMDEyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0M2UzNjc2M2VjNDU1ZmQxZjdhYzc4ZjJhZDFhZjMzNGMx
MGRiMTJkZDM2ZTI2ZWNmOTZlNzBjOTg1YTkwYmFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcc6DP1Y00B2cx9pVWCWa0Zx7IW4biM0tFH9aMz5RhM5ZJ
4O9KN19AIgtwJ92VcUBWNwFEL2Z6fao1iSww8fQwkCV81uTztuUqu+ervHxcD6Nh
H00Qx47wgGHYo51hFC5X6LwTT7WJx3ItX6ySl6BMXq5XNSRyagb9JHbpi/+Ys1pw
ey6PCFuWN3byw3+2tkd7XERBOloZkUMRs1X/TsKdl/P2AvRSUhgU/kHvy0Y1xEG9
Yh8QH1Ce0PcqQZZUfGdGelydyktVyNC1nni4x4o5num5wJJaWF5hq+3lxyQ6/cVT
bt5OblMFjGLsS+pDFLfZB+aU71V2QDhpsSPrWGgbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKwIviPG1tLWYGTm1vD++9q3hqNIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEyM2FhN2NhLTI3ZjQtNGFjOS1iYTZmLWJjZTEwZmQxNTZhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJBCZgwDQYJKoZIhvcNAQELBQADggEBAHD4DUrOkOcsC0uvsCftdjWVFJZw
M3WrSa8EqPU7/v7mVDJ9jYkhGKMXSSmtmC8lmR75B0Ais3oe/tAxjPG+T3XbWTMZ
SQPHUw7VskFZYK2vX6K1D+o5p9KmUpwdD6XRvHwF9ChisQvysw/ofUNdgi67qCTb
1vV8XfdG1fep9idfbmQIV6+8K0wC9IDzDosM4ElHAE2LSV/MmcCymSXD954r76Ax
mVr7r2xVLGebBa8UL+yf260nRPZu/loXGxlwj0oeegA5iLlg/aYljlEpqT+vsLrr
XyDKiATszIsvEq61JY/EcFbb5gGkEj/dc+27wtNf4lNIszYPQXD1Yvz6G7g=
-----END CERTIFICATE-----