Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c8a61e-4b54-49e6-9a8e-e3229656a9ad.roa
File:                     27c8a61e-4b54-49e6-9a8e-e3229656a9ad.roa (raw, json)
Hash identifier:          DA6C/MHcEmXcpxnRB5rOmO8MCCBzE69PxE3TH03bC4A=
Subject key identifier:   D8:F1:09:AE:9B:07:0E:25:56:A5:AE:A8:12:93:5D:52:21:01:1E:06
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0847AAF6E61573AB29DB7A7EB8A92CA1AC561217
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c8a61e-4b54-49e6-9a8e-e3229656a9ad.roa
Signing time:             Wed 01 Oct 2025 00:51:58 +0000
ROA not before:           Wed 01 Oct 2025 00:51:58 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.240.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:47:aa:f6:e6:15:73:ab:29:db:7a:7e:b8:a9:2c:a1:ac:56:12:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:51:58 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=4b1822c938f77f53fba987dc23eafa204f90a2d6250582b62cd11671d4f679dc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bd:b9:40:8b:24:dd:39:e0:89:f8:09:0a:9a:
                    73:86:18:8d:f0:02:6b:98:a5:45:a0:b4:10:7a:d8:
                    38:bd:ea:90:07:e4:be:a0:88:9b:ad:71:59:59:cd:
                    5e:8d:b5:51:e1:89:3d:c4:e3:3a:41:0d:d9:c3:b8:
                    de:0c:a2:21:79:14:dc:5b:d8:8a:eb:8e:fc:e5:dd:
                    a3:c1:bc:a2:b8:6d:60:8f:77:de:6e:6c:69:44:e8:
                    84:54:5c:09:07:18:d6:54:c2:51:7b:22:16:84:ba:
                    84:93:67:99:9e:3f:72:e0:87:df:ea:ae:c4:25:56:
                    c5:64:7f:6a:93:ac:05:a7:77:9d:ec:72:7d:b2:f4:
                    14:ce:d1:06:d6:45:7a:12:56:d4:4e:31:f3:ee:fd:
                    37:6f:0f:a2:c6:0a:cb:f3:6e:9c:de:e0:f0:43:b6:
                    3d:4c:40:f7:83:1f:94:ac:51:fe:98:49:79:44:d5:
                    3d:71:f9:fd:a4:5c:94:04:44:a7:c0:d0:5e:5b:b0:
                    86:89:a1:18:be:83:e5:76:be:d8:8a:b8:2c:c4:aa:
                    fc:4e:4c:f2:a8:90:09:c4:19:60:f9:b6:95:72:8e:
                    60:90:7c:c8:35:35:70:43:87:d4:a2:3d:e9:24:eb:
                    a9:28:dc:fc:81:0f:51:a2:e7:f2:ac:5d:ef:05:5d:
                    88:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F1:09:AE:9B:07:0E:25:56:A5:AE:A8:12:93:5D:52:21:01:1E:06
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c8a61e-4b54-49e6-9a8e-e3229656a9ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.240.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0b:59:05:63:65:71:c0:8f:12:63:5b:ef:69:4a:45:f4:28:48:
         4f:12:43:fd:34:43:eb:70:3e:15:7b:a8:64:5b:9b:df:24:e2:
         0a:96:1e:18:c0:28:0d:52:bc:d3:b4:65:56:e3:37:28:db:52:
         24:de:47:c8:20:75:58:83:2f:90:bc:88:a2:05:36:f8:a6:6a:
         ec:1a:bf:28:5b:d4:3e:1e:4a:8b:d2:6f:1b:33:e6:68:9a:e6:
         01:05:5c:78:46:3d:13:1e:c8:cf:66:09:ae:cc:c7:c3:75:92:
         d6:b2:9a:7e:22:3d:2f:0a:52:76:1e:82:a3:8d:54:2f:66:dc:
         bd:cc:c6:5d:2f:8f:3c:58:3d:bc:d9:b4:51:29:d1:24:e5:fd:
         e4:43:d6:e8:37:49:88:b5:d5:cb:7e:7f:46:1e:7c:04:41:83:
         d2:1f:92:34:0a:43:cf:67:d7:60:51:4c:49:9b:b6:c1:95:73:
         ae:e3:67:cb:93:75:5e:c3:5a:82:2e:3a:2b:06:63:3e:6a:97:
         a6:8e:8e:04:3a:cb:ca:a7:8a:cd:66:33:6c:22:0b:94:73:8c:
         24:e8:70:55:4e:bc:98:27:22:5c:fc:36:44:8e:9b:73:b7:7d:
         04:48:07:7d:a5:93:06:9b:3d:a2:22:d7:6f:4f:de:59:c3:25:
         24:fb:d6:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCEeq9uYVc6sp23p+uKksoaxWEhcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA1MTU4WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjE4MjJjOTM4Zjc3ZjUzZmJhOTg3ZGMyM2VhZmEyMDRm
OTBhMmQ2MjUwNTgyYjYyY2QxMTY3MWQ0ZjY3OWRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJvblAiyTdOeCJ+AkKmnOGGI3wAmuYpUWgtBB62Di96pAH
5L6giJutcVlZzV6NtVHhiT3E4zpBDdnDuN4MoiF5FNxb2Irrjvzl3aPBvKK4bWCP
d95ubGlE6IRUXAkHGNZUwlF7IhaEuoSTZ5meP3Lgh9/qrsQlVsVkf2qTrAWnd53s
cn2y9BTO0QbWRXoSVtROMfPu/TdvD6LGCsvzbpze4PBDtj1MQPeDH5SsUf6YSXlE
1T1x+f2kXJQERKfA0F5bsIaJoRi+g+V2vtiKuCzEqvxOTPKokAnEGWD5tpVyjmCQ
fMg1NXBDh9SiPekk66ko3PyBD1Gi5/KsXe8FXYj7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2PEJrpsHDiVWpa6oEpNdUiEBHgYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI3YzhhNjFlLTRiNTQtNDllNi05YThlLWUzMjI5NjU2YTlhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZG8EAwDQYJKoZIhvcNAQELBQADggEBAAtZBWNlccCPEmNb72lKRfQoSE8S
Q/00Q+twPhV7qGRbm98k4gqWHhjAKA1SvNO0ZVbjNyjbUiTeR8ggdViDL5C8iKIF
Nvimauwavyhb1D4eSovSbxsz5mia5gEFXHhGPRMeyM9mCa7Mx8N1ktaymn4iPS8K
UnYegqONVC9m3L3Mxl0vjzxYPbzZtFEp0STl/eRD1ug3SYi11ct+f0YefARBg9If
kjQKQ89n12BRTEmbtsGVc67jZ8uTdV7DWoIuOisGYz5ql6aOjgQ6y8qnis1mM2wi
C5RzjCTocFVOvJgnIlz8NkSOm3O3fQRIB32lkwabPaIi129P3lnDJST71ms=
-----END CERTIFICATE-----