Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa
File:                     28d33436-53d2-4ebd-bddc-4f8b317802ba.roa (raw, json)
Hash identifier:          6WxWCaawbzbBjeK8c0YvJCXrBVj8Bw8mNYPmupN4wq0=
Subject key identifier:   D2:9D:E4:75:BD:0F:0E:3F:3F:F0:83:4B:5A:D2:E1:B8:AB:37:FB:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       699EB144674C214BD5BBCE3075F1BD76E5BCE172
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa
Signing time:             Fri 10 Oct 2025 00:12:00 +0000
ROA not before:           Fri 10 Oct 2025 00:12:00 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.22.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:9e:b1:44:67:4c:21:4b:d5:bb:ce:30:75:f1:bd:76:e5:bc:e1:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:12:00 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=7443c0464ffc83d06178ec1a1d74135e3bfc779a51f1da1d3ca8a5674566f6c9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d3:a0:f2:d9:72:92:c2:d2:14:0a:05:aa:87:
                    8b:00:64:15:5c:59:d3:0d:44:2b:ca:db:c2:7d:d5:
                    cf:d6:33:33:16:84:fa:5a:85:ba:d9:a4:d0:2b:9e:
                    a5:c5:ed:da:47:ac:b3:65:ae:2e:7e:0b:bf:c1:31:
                    56:a1:60:73:18:d6:3c:42:9c:58:33:bb:b6:f7:48:
                    75:1c:fd:e7:1d:87:32:85:66:5c:48:53:91:e3:a9:
                    be:af:81:63:56:a9:0f:09:06:00:8d:9c:ea:5e:09:
                    7a:ac:d2:61:7c:bf:a6:58:d8:81:ed:29:ec:cc:32:
                    a0:51:1b:c2:9f:41:a6:d7:fe:67:f5:e3:1c:b3:ba:
                    75:90:e7:a3:49:8d:71:fb:c2:11:1a:5a:db:ea:b1:
                    2a:8a:68:7c:a7:1b:aa:b7:c4:83:73:56:75:e1:f4:
                    64:7b:ea:0b:c6:4d:76:81:96:95:ec:ea:59:cd:fc:
                    22:f4:c3:67:bf:8c:32:3d:45:58:40:1e:c8:71:54:
                    0f:95:60:08:3f:b4:04:fd:57:89:62:61:d4:10:98:
                    40:ba:17:7b:ac:29:de:e3:17:e3:af:60:dc:8c:29:
                    a7:c4:3f:95:56:fe:82:46:a7:cf:c3:e4:23:e6:72:
                    13:cd:95:fc:68:52:f2:52:1b:17:25:3a:c7:82:31:
                    79:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:9D:E4:75:BD:0F:0E:3F:3F:F0:83:4B:5A:D2:E1:B8:AB:37:FB:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.22.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         c7:4f:e3:7e:76:5b:f2:9e:f4:21:51:36:56:ae:db:a3:d3:42:
         0a:ed:fe:6f:d8:ec:c0:10:d1:39:78:e3:30:b5:71:78:a6:5c:
         48:31:7d:6f:0b:7b:db:25:77:31:fb:fe:9e:f7:77:73:2b:06:
         c4:0e:f6:b5:31:ae:1f:3a:62:31:f4:42:be:ff:1f:4e:c0:cb:
         48:ea:19:59:81:a9:15:5a:e2:8a:cf:e1:d9:9e:a3:e9:27:96:
         ed:9e:62:b0:26:4c:92:98:f1:b4:58:0b:f8:ed:e0:fe:f0:10:
         68:23:ce:56:59:54:86:e5:f1:d1:77:8e:c0:18:57:5a:de:47:
         4d:55:ef:5f:b8:48:91:39:14:de:74:6a:57:c4:82:c0:82:fa:
         d1:b1:b2:06:90:73:59:07:26:a4:01:dc:ff:b6:0f:db:92:48:
         7b:1e:4a:b1:40:b2:3b:7b:72:c8:f3:26:fd:a5:ce:58:cc:fd:
         53:6d:05:2e:d8:b1:48:74:f7:d4:4b:f7:e7:87:65:b9:69:94:
         dd:46:36:b8:57:31:92:d3:74:45:d7:fb:9d:98:12:dd:80:41:
         99:66:4a:6d:8e:72:dc:9d:65:65:9d:1f:92:ab:3f:e2:0b:c7:
         01:1e:b3:2b:26:ee:8f:9c:a4:fb:ee:0a:1a:4b:fc:7a:c2:d3:
         1f:06:26:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaZ6xRGdMIUvVu84wdfG9duW84XIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAxMjAwWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDQzYzA0NjRmZmM4M2QwNjE3OGVjMWExZDc0MTM1ZTNi
ZmM3NzlhNTFmMWRhMWQzY2E4YTU2NzQ1NjZmNmM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz06Dy2XKSwtIUCgWqh4sAZBVcWdMNRCvK28J91c/WMzMW
hPpahbrZpNArnqXF7dpHrLNlri5+C7/BMVahYHMY1jxCnFgzu7b3SHUc/ecdhzKF
ZlxIU5Hjqb6vgWNWqQ8JBgCNnOpeCXqs0mF8v6ZY2IHtKezMMqBRG8KfQabX/mf1
4xyzunWQ56NJjXH7whEaWtvqsSqKaHynG6q3xINzVnXh9GR76gvGTXaBlpXs6lnN
/CL0w2e/jDI9RVhAHshxVA+VYAg/tAT9V4liYdQQmEC6F3usKd7jF+OvYNyMKafE
P5VW/oJGp8/D5CPmchPNlfxoUvJSGxclOseCMXnlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0p3kdb0PDj8/8INLWtLhuKs3+1gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4ZDMzNDM2LTUzZDItNGViZC1iZGRjLTRmOGIzMTc4MDJiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdFFgAwDQYJKoZIhvcNAQELBQADggEBAMdP4352W/Ke9CFRNlau26PTQgrt
/m/Y7MAQ0Tl44zC1cXimXEgxfW8Le9sldzH7/p73d3MrBsQO9rUxrh86YjH0Qr7/
H07Ay0jqGVmBqRVa4orP4dmeo+knlu2eYrAmTJKY8bRYC/jt4P7wEGgjzlZZVIbl
8dF3jsAYV1reR01V71+4SJE5FN50alfEgsCC+tGxsgaQc1kHJqQB3P+2D9uSSHse
SrFAsjt7csjzJv2lzljM/VNtBS7YsUh099RL9+eHZblplN1GNrhXMZLTdEXX+52Y
Et2AQZlmSm2OctydZWWdH5KrP+ILxwEesysm7o+cpPvuChpL/HrC0x8GJgg=
-----END CERTIFICATE-----