Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fefa7d9-baf0-4d92-a29b-fd2710f5effe.roa
File:                     1fefa7d9-baf0-4d92-a29b-fd2710f5effe.roa (raw, json)
Hash identifier:          P9o2ten0j+fdnP7qYX54OVAeeI88WP2BYqvne1SRsZ4=
Subject key identifier:   31:28:A1:CF:6C:A9:30:BD:47:E8:A8:36:53:50:49:68:36:66:0A:37
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D32D8E9226309DCB12321B5E175260450B9A9B9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fefa7d9-baf0-4d92-a29b-fd2710f5effe.roa
Signing time:             Sat 27 Sep 2025 00:03:22 +0000
ROA not before:           Sat 27 Sep 2025 00:03:22 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     398378
IP address blocks:        192.189.196.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:32:d8:e9:22:63:09:dc:b1:23:21:b5:e1:75:26:04:50:b9:a9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:03:22 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=0bfecbe71f541ff7d4f30530500b2b2ae4b7e6c643cce233dcbd0c08e900557e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9e:9d:ea:37:cc:67:4d:36:75:46:ec:76:36:
                    20:55:1c:59:86:51:43:12:22:95:39:84:fd:e5:22:
                    a4:2e:76:a7:5e:15:71:2a:6a:ec:b5:9d:f5:e6:3d:
                    37:52:c3:35:6c:4a:20:35:0e:06:55:00:2d:ce:a9:
                    0f:ad:d1:da:25:89:37:25:e1:7f:d7:8b:b4:cd:72:
                    65:2a:1c:1c:56:2a:11:f7:d0:f5:74:ea:38:cc:f5:
                    56:31:53:d1:73:9d:fe:79:32:61:4f:cc:fc:58:4f:
                    4b:e5:1b:e2:1c:01:f0:be:bc:9d:c3:a2:48:3e:ad:
                    ae:20:6d:c3:a5:f2:89:1f:84:e4:5c:19:1b:2b:6f:
                    45:da:b4:d3:e3:44:c5:0c:74:ff:61:76:c5:5e:d2:
                    f7:63:90:94:a8:6d:0e:a7:70:7b:3d:f2:69:a7:f3:
                    fd:1a:41:40:d6:d2:8b:9f:5e:17:24:a8:65:f5:a2:
                    0b:e6:d0:7d:90:3c:0c:62:75:a5:1e:b5:79:51:59:
                    d3:64:92:22:ae:41:0a:02:8b:16:93:a9:8e:a3:50:
                    db:d1:d9:0e:e9:bf:b9:ec:78:f0:a5:ec:a4:10:a6:
                    fb:a5:34:65:20:0d:9b:55:44:2d:09:29:4c:d9:73:
                    76:70:6a:e4:7b:63:a8:b4:53:21:00:fa:16:4b:2d:
                    3f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:28:A1:CF:6C:A9:30:BD:47:E8:A8:36:53:50:49:68:36:66:0A:37
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fefa7d9-baf0-4d92-a29b-fd2710f5effe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.189.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:92:a3:58:ec:e7:0f:cb:7e:c5:65:3f:f4:67:4f:df:3a:12:
         df:bf:99:96:4d:71:2e:45:9f:d4:f8:d0:b0:8b:b7:37:1a:91:
         21:99:f3:3a:30:da:15:8e:b1:f2:e1:bf:e4:82:ba:39:29:ad:
         3c:0b:cd:d9:83:f3:94:f5:08:78:d4:f0:a1:d3:01:0b:67:20:
         99:75:b6:84:ce:a3:63:27:67:80:79:ea:a9:25:c6:ce:75:5c:
         2b:9d:3e:98:ea:65:96:25:ea:8a:1f:89:5f:01:46:5e:29:36:
         8c:04:c8:17:d1:c3:10:be:83:81:cd:30:16:3f:8c:34:c8:8b:
         40:d7:a5:f3:a7:dd:f7:4a:a7:e9:3e:b2:3b:94:25:21:f4:3b:
         1e:05:56:9b:bd:a9:23:86:8e:03:7b:26:0f:0e:5c:54:b7:73:
         1e:32:70:b6:4b:ed:d1:53:a0:69:b5:03:d9:6e:13:4c:7e:6e:
         b4:9f:fd:22:c5:66:73:1f:38:62:8d:85:90:3c:5e:c7:54:cc:
         95:e4:80:88:d3:ec:3d:a2:09:75:29:61:3e:c6:53:4a:14:20:
         87:ca:2e:0d:82:9c:d6:a0:fa:f8:1c:1f:8b:b6:95:c7:8d:2d:
         ca:63:95:a3:7d:ba:fa:8a:17:67:6d:bc:11:40:42:bf:9e:ca:
         d3:25:20:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfTLY6SJjCdyxIyG14XUmBFC5qbkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAwMzIyWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmZlY2JlNzFmNTQxZmY3ZDRmMzA1MzA1MDBiMmIyYWU0
YjdlNmM2NDNjY2UyMzNkY2JkMGMwOGU5MDA1NTdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChnp3qN8xnTTZ1Rux2NiBVHFmGUUMSIpU5hP3lIqQudqde
FXEqauy1nfXmPTdSwzVsSiA1DgZVAC3OqQ+t0doliTcl4X/Xi7TNcmUqHBxWKhH3
0PV06jjM9VYxU9Fznf55MmFPzPxYT0vlG+IcAfC+vJ3Dokg+ra4gbcOl8okfhORc
GRsrb0XatNPjRMUMdP9hdsVe0vdjkJSobQ6ncHs98mmn8/0aQUDW0oufXhckqGX1
ogvm0H2QPAxidaUetXlRWdNkkiKuQQoCixaTqY6jUNvR2Q7pv7nsePCl7KQQpvul
NGUgDZtVRC0JKUzZc3ZwauR7Y6i0UyEA+hZLLT9jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMSihz2ypML1H6Kg2U1BJaDZmCjcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmZWZhN2Q5LWJhZjAtNGQ5Mi1hMjliLWZkMjcxMGY1ZWZmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAvcQwDQYJKoZIhvcNAQELBQADggEBAIySo1js5w/LfsVlP/RnT986Et+/
mZZNcS5Fn9T40LCLtzcakSGZ8zow2hWOsfLhv+SCujkprTwLzdmD85T1CHjU8KHT
AQtnIJl1toTOo2MnZ4B56qklxs51XCudPpjqZZYl6oofiV8BRl4pNowEyBfRwxC+
g4HNMBY/jDTIi0DXpfOn3fdKp+k+sjuUJSH0Ox4FVpu9qSOGjgN7Jg8OXFS3cx4y
cLZL7dFToGm1A9luE0x+brSf/SLFZnMfOGKNhZA8XsdUzJXkgIjT7D2iCXUpYT7G
U0oUIIfKLg2CnNag+vgcH4u2lceNLcpjlaN9uvqKF2dtvBFAQr+eytMlIJY=
-----END CERTIFICATE-----