Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14093ced-0677-41a7-9db0-a2497340d51e.roa
File:                     14093ced-0677-41a7-9db0-a2497340d51e.roa (raw, json)
Hash identifier:          ZL2Az8n75sl9K3I7kMFAZGxVHxLnflfhUeaFMET8KPE=
Subject key identifier:   73:35:BC:A9:28:12:6C:DA:27:B1:C9:97:E6:E2:2C:06:87:2D:C1:B6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32404B7DB3AE2FAE0F42FC719A3F897B9F3252C8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14093ced-0677-41a7-9db0-a2497340d51e.roa
Signing time:             Mon 13 Oct 2025 15:52:37 +0000
ROA not before:           Mon 13 Oct 2025 15:52:37 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.91.18.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:40:4b:7d:b3:ae:2f:ae:0f:42:fc:71:9a:3f:89:7b:9f:32:52:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 13 15:52:37 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=7a4e2b332ade1d8cef235150bf8e7b233bb68f958c8d33b30fa23fad378874ef, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ad:f5:8c:1b:b3:4e:c5:49:0c:5c:b7:7b:65:
                    11:dd:04:3d:6b:93:de:30:a2:e3:02:6a:2d:31:47:
                    50:de:c4:4d:ef:27:f2:b8:2d:95:56:49:bf:0f:89:
                    10:dc:e0:3c:f9:d2:c4:99:4f:23:4c:af:a0:87:25:
                    a7:3c:c1:25:a5:3d:f7:ce:8d:af:b3:15:c8:2d:00:
                    d1:43:8a:2c:90:1a:67:ac:3f:1c:e1:7f:71:01:52:
                    b1:0d:20:ea:f9:64:7e:69:39:8f:b8:3a:de:86:fe:
                    42:c7:80:09:e2:51:b2:13:e1:a5:93:5a:7b:19:7a:
                    b9:9a:e0:bc:b7:8f:04:6d:4c:c3:e3:93:50:e5:12:
                    f5:9c:84:64:04:77:97:42:e1:9e:e9:5b:00:40:39:
                    5c:6a:22:3f:21:8e:6a:a0:6a:e6:f2:f7:60:cd:57:
                    3b:85:8a:78:61:00:1c:a1:2f:0d:94:d0:9e:65:5c:
                    ef:3a:fd:12:1f:f1:b1:cb:65:4a:fa:9d:64:30:4e:
                    82:a5:21:a8:cf:73:b0:54:91:58:b7:cf:c8:30:75:
                    e7:5e:e4:77:53:46:ee:b2:f3:2a:87:8b:33:75:65:
                    22:c7:fd:35:24:e1:e1:d7:6b:ff:a5:ba:93:26:64:
                    9d:5f:5d:92:3d:76:b6:b3:ae:06:a9:a4:98:46:69:
                    63:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:35:BC:A9:28:12:6C:DA:27:B1:C9:97:E6:E2:2C:06:87:2D:C1:B6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14093ced-0677-41a7-9db0-a2497340d51e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.91.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ed:d3:da:0d:8c:10:90:3d:1d:c9:18:9a:08:91:f3:8c:7c:
         cc:c8:5c:d0:c1:11:ed:5b:08:02:2f:50:b0:94:95:f0:d0:5f:
         17:05:28:f0:31:70:20:5c:8b:5c:64:b6:32:4b:9d:81:9d:f6:
         cd:a5:01:5e:ea:f5:c4:59:7b:28:17:55:43:1e:5a:7e:78:d1:
         ba:07:ef:67:0d:c6:f7:26:41:30:a8:5d:6a:ae:7b:e9:86:9c:
         0b:aa:0e:44:ab:7e:db:d1:59:5b:ca:8c:b2:f4:dd:21:4a:cb:
         42:a2:b1:89:0d:58:c8:fd:5c:be:8b:12:c0:38:fc:4f:75:37:
         96:11:04:81:37:d4:dd:fc:80:8f:26:94:c8:6b:b0:7b:97:db:
         4d:da:eb:19:24:3d:91:e3:36:1a:0a:07:cb:48:6c:f8:6e:64:
         1c:df:3f:ff:2b:b1:07:54:80:b4:42:49:5a:ab:d3:6b:cb:72:
         2f:a2:90:f1:b1:0c:0d:4c:fb:eb:d8:33:7a:6f:3c:0d:06:ff:
         2b:03:39:0a:52:e6:04:fc:e2:19:ae:b3:15:ba:8a:46:2b:74:
         85:46:35:c4:7a:66:51:3f:5a:18:ee:19:24:1e:d3:f1:92:29:
         56:a9:df:a2:f7:8c:31:b2:56:5f:96:5a:b2:28:d2:49:aa:95:
         16:cf:89:04
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMkBLfbOuL64PQvxxmj+Je58yUsgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEzMTU1MjM3WhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YTRlMmIzMzJhZGUxZDhjZWYyMzUxNTBiZjhlN2IyMzNi
YjY4Zjk1OGM4ZDMzYjMwZmEyM2ZhZDM3ODg3NGVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyrfWMG7NOxUkMXLd7ZRHdBD1rk94wouMCai0xR1DexE3v
J/K4LZVWSb8PiRDc4Dz50sSZTyNMr6CHJac8wSWlPffOja+zFcgtANFDiiyQGmes
Pxzhf3EBUrENIOr5ZH5pOY+4Ot6G/kLHgAniUbIT4aWTWnsZerma4Ly3jwRtTMPj
k1DlEvWchGQEd5dC4Z7pWwBAOVxqIj8hjmqgauby92DNVzuFinhhAByhLw2U0J5l
XO86/RIf8bHLZUr6nWQwToKlIajPc7BUkVi3z8gwdede5HdTRu6y8yqHizN1ZSLH
/TUk4eHXa/+lupMmZJ1fXZI9drazrgappJhGaWPXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUczW8qSgSbNonscmX5uIsBoctwbYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0MDkzY2VkLTA2NzctNDFhNy05ZGIwLWEyNDk3MzQwZDUxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXWxIwDQYJKoZIhvcNAQELBQADggEBAEvt09oNjBCQPR3JGJoIkfOMfMzI
XNDBEe1bCAIvULCUlfDQXxcFKPAxcCBci1xktjJLnYGd9s2lAV7q9cRZeygXVUMe
Wn540boH72cNxvcmQTCoXWque+mGnAuqDkSrftvRWVvKjLL03SFKy0KisYkNWMj9
XL6LEsA4/E91N5YRBIE31N38gI8mlMhrsHuX203a6xkkPZHjNhoKB8tIbPhuZBzf
P/8rsQdUgLRCSVqr02vLci+ikPGxDA1M++vYM3pvPA0G/ysDOQpS5gT84hmusxW6
ikYrdIVGNcR6ZlE/WhjuGSQe0/GSKVap36L3jDGyVl+WWrIo0kmqlRbPiQQ=
-----END CERTIFICATE-----