Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a1e61f5-c3f2-45c6-9711-174bfa8bfa6e.roa
File:                     2a1e61f5-c3f2-45c6-9711-174bfa8bfa6e.roa (raw, json)
Hash identifier:          UOiI7oezDNl0U860y2bS2W50QgF5/QoOhYGBEOYVNc8=
Subject key identifier:   AC:4C:22:F5:E4:7B:5C:37:F5:82:97:4A:31:7C:13:B1:60:C2:9F:81
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       07F2620B0D371717D968AC21393A34FFA4F07FC1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a1e61f5-c3f2-45c6-9711-174bfa8bfa6e.roa
Signing time:             Tue 14 Oct 2025 16:39:41 +0000
ROA not before:           Tue 14 Oct 2025 16:39:41 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.158.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:f2:62:0b:0d:37:17:17:d9:68:ac:21:39:3a:34:ff:a4:f0:7f:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 16:39:41 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=77140ed7788e4e7ef1e397d9ce0899179a1c972abc5a43cd3a184142888d8848, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4f:81:2a:61:b9:fc:bb:d4:c4:06:c3:72:ff:
                    5a:47:58:4b:ce:85:66:ab:d6:61:f5:8a:3f:da:3e:
                    10:27:19:e1:de:eb:67:b8:89:e0:6a:38:ef:e4:ab:
                    7c:bf:35:db:13:93:f9:51:3e:43:fa:10:99:6d:6c:
                    a8:ce:b3:82:aa:99:3d:31:05:a7:f5:89:bc:37:d8:
                    0b:19:21:9b:79:3a:5f:a0:e1:6a:b6:13:6b:ba:0b:
                    b9:9b:ad:d4:0a:a8:67:70:c5:91:68:ec:b0:87:e6:
                    da:90:76:0b:ec:2a:10:6b:4d:05:55:fe:24:9b:db:
                    62:d8:f5:ec:11:89:c8:e6:4e:2e:1b:5e:a6:cb:65:
                    19:ed:e6:6f:81:1e:4a:6f:a0:7d:83:7d:1c:6a:38:
                    e8:70:a4:8d:ba:ec:f8:bc:f4:42:23:45:c0:80:20:
                    73:c1:b8:68:18:05:fa:be:36:a5:b3:da:f0:f7:c8:
                    74:df:f1:d8:65:87:fc:2b:ed:ad:a9:64:5d:90:69:
                    27:08:fe:c1:7e:60:aa:28:bd:74:88:58:a0:39:42:
                    f9:52:ec:57:94:ac:fe:55:a7:10:68:84:b5:47:28:
                    d6:ae:a0:aa:a7:f4:15:06:1b:e3:dd:d4:eb:7f:7b:
                    71:aa:f9:d9:80:82:5c:4c:9d:de:f3:4a:4a:3d:84:
                    0d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:4C:22:F5:E4:7B:5C:37:F5:82:97:4A:31:7C:13:B1:60:C2:9F:81
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2a1e61f5-c3f2-45c6-9711-174bfa8bfa6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:c6:35:2a:fd:86:b8:dc:f3:f8:3b:c9:fb:86:0c:16:9d:78:
         b8:98:f0:bc:d4:99:2a:af:04:41:4e:df:0c:99:dd:3d:ae:e7:
         c7:4d:8a:b5:2f:43:be:f5:ad:8a:cc:50:6e:17:5b:d6:9d:e9:
         fe:ef:8d:fc:7f:82:1d:5d:68:68:b8:92:ed:78:80:ce:13:f2:
         80:c7:56:f8:29:db:18:45:61:4f:d8:73:86:d3:93:51:ca:ad:
         b8:6a:9b:80:e3:8b:8d:cd:c5:d1:35:30:5f:61:03:8f:59:0e:
         b7:5a:3f:81:ec:8e:bc:fd:3e:4a:d2:02:3d:e1:c9:01:9d:b4:
         c2:84:3b:65:79:e5:b9:07:7b:fe:00:41:fa:5e:b6:5e:f2:13:
         fa:1d:24:a4:eb:bd:04:cf:68:c3:ef:c7:82:4d:a6:3f:92:f2:
         ae:ae:ec:cd:4a:1d:be:50:da:66:0e:2a:ca:fb:ca:a5:6a:24:
         bb:0d:b6:ff:26:67:7a:08:0f:66:e6:21:2a:4f:6d:4d:82:54:
         ca:20:89:d2:e1:44:b7:38:11:67:4c:db:df:7e:62:85:e5:42:
         4b:05:92:4e:b5:23:70:c8:4b:94:4c:83:1e:c3:41:14:8a:ec:
         2f:09:cc:a5:1f:2a:cd:5a:a1:10:59:09:ec:8d:92:59:34:60:
         57:90:f8:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUB/JiCw03FxfZaKwhOTo0/6Twf8EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTYzOTQxWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NzE0MGVkNzc4OGU0ZTdlZjFlMzk3ZDljZTA4OTkxNzlh
MWM5NzJhYmM1YTQzY2QzYTE4NDE0Mjg4OGQ4ODQ4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChT4EqYbn8u9TEBsNy/1pHWEvOhWar1mH1ij/aPhAnGeHe
62e4ieBqOO/kq3y/NdsTk/lRPkP6EJltbKjOs4KqmT0xBaf1ibw32AsZIZt5Ol+g
4Wq2E2u6C7mbrdQKqGdwxZFo7LCH5tqQdgvsKhBrTQVV/iSb22LY9ewRicjmTi4b
XqbLZRnt5m+BHkpvoH2DfRxqOOhwpI267Pi89EIjRcCAIHPBuGgYBfq+NqWz2vD3
yHTf8dhlh/wr7a2pZF2QaScI/sF+YKoovXSIWKA5QvlS7FeUrP5VpxBohLVHKNau
oKqn9BUGG+Pd1Ot/e3Gq+dmAglxMnd7zSko9hA21AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrEwi9eR7XDf1gpdKMXwTsWDCn4EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJhMWU2MWY1LWMzZjItNDVjNi05NzExLTE3NGJmYThiZmE2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/J4wDQYJKoZIhvcNAQELBQADggEBAMLGNSr9hrjc8/g7yfuGDBadeLiY
8LzUmSqvBEFO3wyZ3T2u58dNirUvQ771rYrMUG4XW9ad6f7vjfx/gh1daGi4ku14
gM4T8oDHVvgp2xhFYU/Yc4bTk1HKrbhqm4Dji43NxdE1MF9hA49ZDrdaP4Hsjrz9
PkrSAj3hyQGdtMKEO2V55bkHe/4AQfpetl7yE/odJKTrvQTPaMPvx4JNpj+S8q6u
7M1KHb5Q2mYOKsr7yqVqJLsNtv8mZ3oID2bmISpPbU2CVMogidLhRLc4EWdM299+
YoXlQksFkk61I3DIS5RMgx7DQRSK7C8JzKUfKs1aoRBZCeyNklk0YFeQ+I0=
-----END CERTIFICATE-----