Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e27e6a-31da-41fe-92f4-ae61707162ed.roa
File:                     21e27e6a-31da-41fe-92f4-ae61707162ed.roa (raw, json)
Hash identifier:          k76C4DC7EsxVaxzl+GEsNFZ3vJ6S7gLn0PrBz838FTA=
Subject key identifier:   61:35:25:FD:87:FE:41:40:B0:AE:CA:3B:53:68:51:C7:7D:67:49:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0C4FCC308A494C3050F81A4585073091D19FF883
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e27e6a-31da-41fe-92f4-ae61707162ed.roa
Signing time:             Wed 01 Oct 2025 00:42:38 +0000
ROA not before:           Wed 01 Oct 2025 00:42:38 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        68.215.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:4f:cc:30:8a:49:4c:30:50:f8:1a:45:85:07:30:91:d1:9f:f8:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:42:38 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=4bc42a25ff874cbdb16b5b9041728edb03ff32d4405fe1471fbe48e7b35af3e6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:50:6b:15:9c:dc:b1:4a:5b:10:79:09:83:e4:
                    c6:94:c4:66:ec:92:2c:ce:13:0c:b4:47:de:a5:9e:
                    1f:eb:af:36:43:59:ed:d9:d4:37:ea:ac:1b:73:4b:
                    13:68:68:f3:1b:cf:4b:76:9f:54:4a:45:7d:6e:c2:
                    6b:24:17:d1:b2:4e:58:fe:16:49:d9:dc:64:8a:07:
                    2a:05:33:f8:e0:3d:99:8e:b4:c0:84:1d:ec:47:38:
                    ab:00:de:41:f7:92:5c:fa:49:61:21:b4:09:e3:50:
                    61:52:b3:15:75:0c:b1:16:1e:67:0a:7d:1e:1d:0e:
                    ba:c9:ee:4c:f7:e4:18:d5:20:1c:f4:1d:22:8a:40:
                    f9:70:09:c3:8b:d4:86:1e:c3:e8:d1:49:10:74:b7:
                    3d:32:d8:36:57:20:16:db:15:0b:2c:f1:ee:f3:70:
                    a5:36:c7:92:a6:4c:7b:84:10:aa:8d:ee:4b:a3:90:
                    e1:9f:64:29:c2:de:ec:5c:df:39:e3:ad:0c:e4:f5:
                    c1:4d:c4:47:4f:2c:03:31:09:98:91:26:21:2c:9d:
                    6a:75:b6:e0:c2:b2:d2:26:77:d9:7c:6e:79:e4:5b:
                    a3:9f:56:c9:a3:73:89:42:54:25:53:fc:3b:19:fc:
                    a9:96:27:38:00:d6:5d:7f:97:33:16:e0:09:0b:c9:
                    c8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:35:25:FD:87:FE:41:40:B0:AE:CA:3B:53:68:51:C7:7D:67:49:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e27e6a-31da-41fe-92f4-ae61707162ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.215.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:df:21:74:9b:7d:82:90:cb:39:e2:85:a8:a3:33:db:ef:f6:
         40:74:26:62:ea:27:e9:ce:5a:91:16:e6:93:6d:cb:0a:6e:78:
         0e:03:a4:16:d1:31:24:20:33:ca:ab:f1:31:a2:db:61:58:82:
         4a:79:f4:aa:60:3c:1d:be:a9:b7:7a:dd:e8:ea:b5:36:36:5d:
         d6:38:a3:6d:e0:af:2a:fb:bc:88:39:0d:5d:48:2b:33:2b:66:
         4e:de:6a:d7:1f:6b:20:15:50:6e:a5:de:e9:c8:d5:25:fe:ad:
         f6:69:2c:55:d6:ee:c9:6e:e3:b4:74:97:a6:01:1e:3d:88:46:
         9a:f4:54:07:90:3c:24:ca:00:e9:11:93:37:2e:8d:16:2a:9e:
         9d:98:8d:61:c6:af:fe:66:ae:b4:b7:4e:ee:31:b8:3a:6a:4b:
         c7:80:fe:6f:45:da:e3:77:b0:b4:53:b4:10:64:25:6a:b0:39:
         92:a1:11:e6:93:37:79:ce:18:9d:27:40:4f:dd:1f:8a:c5:1f:
         96:3e:1f:1a:e9:74:ba:5f:7a:8b:a4:54:df:c8:1a:f3:d8:40:
         cd:8f:cc:9b:d9:04:1f:0f:08:80:d2:32:2d:2b:52:55:96:d7:
         cc:d8:01:c6:11:74:88:81:88:8d:a5:b6:9e:67:3e:82:22:af:
         b9:09:87:7b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDE/MMIpJTDBQ+BpFhQcwkdGf+IMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA0MjM4WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YmM0MmEyNWZmODc0Y2JkYjE2YjViOTA0MTcyOGVkYjAz
ZmYzMmQ0NDA1ZmUxNDcxZmJlNDhlN2IzNWFmM2U2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYUGsVnNyxSlsQeQmD5MaUxGbskizOEwy0R96lnh/rrzZD
We3Z1DfqrBtzSxNoaPMbz0t2n1RKRX1uwmskF9GyTlj+FknZ3GSKByoFM/jgPZmO
tMCEHexHOKsA3kH3klz6SWEhtAnjUGFSsxV1DLEWHmcKfR4dDrrJ7kz35BjVIBz0
HSKKQPlwCcOL1IYew+jRSRB0tz0y2DZXIBbbFQss8e7zcKU2x5KmTHuEEKqN7kuj
kOGfZCnC3uxc3znjrQzk9cFNxEdPLAMxCZiRJiEsnWp1tuDCstImd9l8bnnkW6Of
Vsmjc4lCVCVT/DsZ/KmWJzgA1l1/lzMW4AkLycizAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYTUl/Yf+QUCwrso7U2hRx31nSakwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxZTI3ZTZhLTMxZGEtNDFmZS05MmY0LWFlNjE3MDcxNjJlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBE1zANBgkqhkiG9w0BAQsFAAOCAQEAG98hdJt9gpDLOeKFqKMz2+/2QHQm
Yuon6c5akRbmk23LCm54DgOkFtExJCAzyqvxMaLbYViCSnn0qmA8Hb6pt3rd6Oq1
NjZd1jijbeCvKvu8iDkNXUgrMytmTt5q1x9rIBVQbqXe6cjVJf6t9mksVdbuyW7j
tHSXpgEePYhGmvRUB5A8JMoA6RGTNy6NFiqenZiNYcav/mautLdO7jG4OmpLx4D+
b0Xa43ewtFO0EGQlarA5kqER5pM3ec4YnSdAT90fisUflj4fGul0ul96i6RU38ga
89hAzY/Mm9kEHw8IgNIyLStSVZbXzNgBxhF0iIGIjaW2nmc+giKvuQmHew==
-----END CERTIFICATE-----