Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/183b2359-812f-4db8-b13a-b849330f3651.roa
File:                     183b2359-812f-4db8-b13a-b849330f3651.roa (raw, json)
Hash identifier:          769b7/T7mTBkXPAyfeiWwFSeIEvmqAW/2fGU1qduIwg=
Subject key identifier:   1A:6F:49:38:F0:64:46:8E:49:58:E3:5A:94:D0:9B:CB:9D:C1:74:4C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C5F0BEB46E7C6D02E4CD69127AFFCAB3BBA4095
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/183b2359-812f-4db8-b13a-b849330f3651.roa
Signing time:             Fri 03 Oct 2025 00:11:12 +0000
ROA not before:           Fri 03 Oct 2025 00:11:12 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.254.0.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:5f:0b:eb:46:e7:c6:d0:2e:4c:d6:91:27:af:fc:ab:3b:ba:40:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:11:12 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=6ed685065fdc8bf30cb5cdae46483dd510bc839b4ce020a14238cbb33989b35c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c2:d3:f3:08:1b:30:90:be:09:a9:d7:9e:b2:
                    c5:94:83:c2:29:6c:ad:26:72:93:c2:1e:af:fa:08:
                    20:2e:9f:82:78:e8:17:2c:6c:3f:5f:b3:23:c2:52:
                    23:6e:bc:e5:5b:e5:9d:c1:88:58:7d:47:84:29:1d:
                    0b:f6:4b:91:02:8b:b2:9f:f3:79:25:bc:97:0b:a0:
                    fc:ff:84:b2:b6:cf:4f:12:dc:e6:05:c7:64:d1:df:
                    d7:cb:9b:0d:04:b7:3f:c4:32:6f:ed:3b:42:59:9d:
                    87:94:16:65:0b:2d:e4:c6:65:3c:08:be:61:12:cd:
                    84:e7:2c:50:ae:e0:d9:1a:ae:a0:07:14:76:6a:fa:
                    50:49:f7:7f:2d:64:c3:a3:26:ae:28:e2:ad:a8:04:
                    74:12:f3:4f:71:f5:6a:2b:5d:79:25:69:a6:a6:20:
                    2a:68:92:c0:5a:de:27:56:05:69:c0:c4:67:23:d4:
                    f5:fd:cd:fd:e1:71:15:ae:32:50:57:f2:60:e4:3f:
                    37:c6:41:e4:88:d7:25:17:1d:5c:fa:4b:c8:d1:62:
                    ee:70:d1:34:87:9a:ef:8c:39:8e:bd:7b:87:3f:2a:
                    67:c5:99:61:f2:e1:14:1f:ac:50:c1:8a:cd:83:06:
                    54:6e:a6:42:05:53:73:35:03:b4:96:5f:f6:e2:0c:
                    36:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:6F:49:38:F0:64:46:8E:49:58:E3:5A:94:D0:9B:CB:9D:C1:74:4C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/183b2359-812f-4db8-b13a-b849330f3651.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.254.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         cd:fd:e9:11:3e:e8:3f:84:72:61:0a:b1:af:e5:b5:07:9d:f4:
         b1:cf:7f:8d:c5:15:cf:b6:72:62:04:26:4d:28:42:7c:62:26:
         ba:ae:3c:81:78:69:2e:c4:e3:9e:6a:ca:21:51:82:8c:f5:b8:
         9c:ae:12:18:bc:8e:27:df:dc:24:3d:7d:5b:71:e0:aa:ea:0b:
         fd:7b:0d:6b:7c:8a:47:6c:cd:c1:b0:60:6c:3e:33:09:e7:81:
         b3:53:25:43:88:52:de:fb:a8:0a:9c:bc:ae:62:22:e7:ab:3b:
         a5:39:4c:17:e7:8a:04:5d:65:79:25:15:59:df:41:09:70:01:
         6d:69:37:e5:75:c7:54:e2:92:b6:5b:35:1e:54:88:73:ae:14:
         20:cd:02:fa:78:a1:56:bc:c9:a3:f1:ca:e1:17:35:17:0c:39:
         31:51:04:b2:a2:2b:c9:5d:2b:4b:f8:fa:8b:75:1c:08:69:85:
         97:10:4c:bc:7c:c1:ad:b7:3b:55:b2:fd:23:98:89:0b:8e:a3:
         5c:9b:8e:52:ff:35:0a:71:85:22:97:9b:65:19:65:66:12:47:
         6e:34:da:85:a6:1e:ee:fa:a2:7b:2a:bf:5f:81:85:12:9f:47:
         b2:b3:6f:6e:d6:29:06:df:ca:1d:94:b8:f4:ae:b2:25:cb:18:
         84:d3:35:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXF8L60bnxtAuTNaRJ6/8qzu6QJUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAxMTEyWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZWQ2ODUwNjVmZGM4YmYzMGNiNWNkYWU0NjQ4M2RkNTEw
YmM4MzliNGNlMDIwYTE0MjM4Y2JiMzM5ODliMzVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCewtPzCBswkL4JqdeessWUg8IpbK0mcpPCHq/6CCAun4J4
6BcsbD9fsyPCUiNuvOVb5Z3BiFh9R4QpHQv2S5ECi7Kf83klvJcLoPz/hLK2z08S
3OYFx2TR39fLmw0Etz/EMm/tO0JZnYeUFmULLeTGZTwIvmESzYTnLFCu4NkarqAH
FHZq+lBJ938tZMOjJq4o4q2oBHQS809x9WorXXklaaamICpoksBa3idWBWnAxGcj
1PX9zf3hcRWuMlBX8mDkPzfGQeSI1yUXHVz6S8jRYu5w0TSHmu+MOY69e4c/KmfF
mWHy4RQfrFDBis2DBlRupkIFU3M1A7SWX/biDDapAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGm9JOPBkRo5JWONalNCby53BdEwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE4M2IyMzU5LTgxMmYtNGRiOC1iMTNhLWI4NDkzMzBmMzY1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcX/gAwDQYJKoZIhvcNAQELBQADggEBAM396RE+6D+EcmEKsa/ltQed9LHP
f43FFc+2cmIEJk0oQnxiJrquPIF4aS7E455qyiFRgoz1uJyuEhi8jiff3CQ9fVtx
4KrqC/17DWt8ikdszcGwYGw+MwnngbNTJUOIUt77qAqcvK5iIuerO6U5TBfnigRd
ZXklFVnfQQlwAW1pN+V1x1TikrZbNR5UiHOuFCDNAvp4oVa8yaPxyuEXNRcMOTFR
BLKiK8ldK0v4+ot1HAhphZcQTLx8wa23O1Wy/SOYiQuOo1ybjlL/NQpxhSKXm2UZ
ZWYSR2402oWmHu76onsqv1+BhRKfR7Kzb27WKQbfyh2UuPSusiXLGITTNfA=
-----END CERTIFICATE-----