Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23f57444-f6f0-4c8c-8b2a-335a485af033.roa
File:                     23f57444-f6f0-4c8c-8b2a-335a485af033.roa (raw, json)
Hash identifier:          wvykT2MpC0RdWMxW/7jTTfvO56hq2B1mMNUx+uFz4Mc=
Subject key identifier:   59:DD:D9:57:AE:09:A9:57:18:32:04:54:53:05:20:1E:88:3B:62:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1339B4301A0A5CAFE15C095C90FA95F771A70178
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23f57444-f6f0-4c8c-8b2a-335a485af033.roa
Signing time:             Sat 18 Oct 2025 01:11:42 +0000
ROA not before:           Sat 18 Oct 2025 01:11:42 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.144.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:39:b4:30:1a:0a:5c:af:e1:5c:09:5c:90:fa:95:f7:71:a7:01:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:11:42 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=ab972535196482e95562eaf240c643357c9e45c454fca23aacd8851c80c030a6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f0:8d:bf:cf:93:34:f5:e1:86:85:90:8a:cb:
                    24:7c:ea:b1:58:6b:13:62:0e:79:c5:52:bd:0d:e0:
                    6e:cf:14:8b:44:d7:61:ee:bc:2a:bd:99:3b:ed:8f:
                    fe:65:e3:e5:f5:55:7c:f2:55:8a:32:7d:e0:29:8e:
                    b1:d3:c2:18:c9:f7:b1:60:27:71:48:62:9a:2d:ce:
                    8d:05:4c:db:00:6e:62:98:a1:0e:9d:47:e4:3d:23:
                    bf:b6:55:d9:5d:db:b2:07:35:57:f2:52:db:a5:45:
                    27:2e:76:eb:12:8b:da:39:7a:b7:0c:d5:36:ce:ba:
                    84:6f:cf:fc:3c:31:f3:ae:2f:82:98:70:e5:6d:1a:
                    7d:bb:f6:f2:46:35:3b:0c:82:61:74:75:55:4e:e0:
                    73:a9:21:c7:9c:6d:34:8c:4a:e4:67:dc:5a:e2:44:
                    76:7f:47:a6:dc:fe:ff:3c:2c:d5:fd:d9:f6:e9:2e:
                    1a:95:01:ae:50:80:02:87:1b:e7:83:b7:bc:b5:ea:
                    1b:d0:1f:cb:fc:9f:ba:36:33:01:3b:c2:1e:03:c5:
                    e9:8b:5f:ca:72:b3:2d:07:d3:08:ec:ac:e6:51:4e:
                    c4:0a:99:71:41:69:19:e5:29:90:eb:75:83:3b:5e:
                    7b:39:89:3c:98:79:a4:0e:02:ad:2e:e5:b8:9c:54:
                    c8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:DD:D9:57:AE:09:A9:57:18:32:04:54:53:05:20:1E:88:3B:62:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23f57444-f6f0-4c8c-8b2a-335a485af033.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:35:de:44:18:b7:4c:db:b0:74:e7:09:cb:d2:09:bf:7c:b0:
         6c:29:2b:71:32:b1:44:0b:ff:d4:1f:57:00:e0:cf:86:75:a4:
         9f:a4:61:6e:71:d2:67:ce:4b:6f:e8:69:7d:5f:59:11:f1:cc:
         01:04:a9:5d:1e:d4:ea:63:4b:1d:9b:23:c8:ce:06:b6:32:c9:
         14:a6:48:50:24:f2:fb:55:1d:b1:05:81:92:75:42:76:bc:f5:
         65:c6:5d:e1:76:6e:43:65:73:15:14:a6:9d:ac:b4:72:05:5c:
         51:a7:93:98:5a:4f:75:11:d6:db:0e:0e:49:b2:e2:67:f4:57:
         4c:ea:ba:34:c4:36:46:aa:5c:c0:5b:37:fa:a4:c1:66:b8:c3:
         d5:b9:50:67:55:91:64:8d:b3:01:69:3c:2e:a4:0c:36:b6:b8:
         35:10:d6:f1:4c:79:96:2f:84:72:0b:3b:1f:9c:6c:06:06:61:
         38:47:af:64:1d:b0:65:61:59:5c:78:6c:4b:95:85:04:83:27:
         aa:7d:1d:ca:d2:04:2e:51:df:d3:01:f5:55:8c:3b:f0:fa:8f:
         7b:e0:7b:f7:60:bc:53:7b:29:b5:36:19:51:e6:ab:1a:6f:33:
         1c:e4:c7:50:31:9b:58:2d:ae:44:56:6d:bc:1e:02:84:5e:c8:
         fc:4f:62:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEzm0MBoKXK/hXAlckPqV93GnAXgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDExMTQyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjk3MjUzNTE5NjQ4MmU5NTU2MmVhZjI0MGM2NDMzNTdj
OWU0NWM0NTRmY2EyM2FhY2Q4ODUxYzgwYzAzMGE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC68I2/z5M09eGGhZCKyyR86rFYaxNiDnnFUr0N4G7PFItE
12HuvCq9mTvtj/5l4+X1VXzyVYoyfeApjrHTwhjJ97FgJ3FIYpotzo0FTNsAbmKY
oQ6dR+Q9I7+2Vdld27IHNVfyUtulRScudusSi9o5ercM1TbOuoRvz/w8MfOuL4KY
cOVtGn279vJGNTsMgmF0dVVO4HOpIcecbTSMSuRn3FriRHZ/R6bc/v88LNX92fbp
LhqVAa5QgAKHG+eDt7y16hvQH8v8n7o2MwE7wh4DxemLX8pysy0H0wjsrOZRTsQK
mXFBaRnlKZDrdYM7Xns5iTyYeaQOAq0u5bicVMjpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWd3ZV64JqVcYMgRUUwUgHog7Yl8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzZjU3NDQ0LWY2ZjAtNGM4Yy04YjJhLTMzNWE0ODVhZjAzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJBCJAwDQYJKoZIhvcNAQELBQADggEBAIE13kQYt0zbsHTnCcvSCb98sGwp
K3EysUQL/9QfVwDgz4Z1pJ+kYW5x0mfOS2/oaX1fWRHxzAEEqV0e1OpjSx2bI8jO
BrYyyRSmSFAk8vtVHbEFgZJ1Qna89WXGXeF2bkNlcxUUpp2stHIFXFGnk5haT3UR
1tsODkmy4mf0V0zqujTENkaqXMBbN/qkwWa4w9W5UGdVkWSNswFpPC6kDDa2uDUQ
1vFMeZYvhHILOx+cbAYGYThHr2QdsGVhWVx4bEuVhQSDJ6p9HcrSBC5R39MB9VWM
O/D6j3vge/dgvFN7KbU2GVHmqxpvMxzkx1Axm1gtrkRWbbweAoReyPxPYmk=
-----END CERTIFICATE-----