Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ba48806-c985-4d6d-bd00-180947f864e0.roa
File:                     2ba48806-c985-4d6d-bd00-180947f864e0.roa (raw, json)
Hash identifier:          ez/wmdD1NE20f/lngiEoe/xysL6Xb/GlRWcccWIh54Y=
Subject key identifier:   C0:40:80:CF:29:26:E5:C3:DD:B3:66:CD:08:56:CD:01:21:15:AB:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5554A723FD915D41F8E2E2CE6A0A6780C6901686
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ba48806-c985-4d6d-bd00-180947f864e0.roa
Signing time:             Sat 11 Oct 2025 00:41:57 +0000
ROA not before:           Sat 11 Oct 2025 00:41:57 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.190.92.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:54:a7:23:fd:91:5d:41:f8:e2:e2:ce:6a:0a:67:80:c6:90:16:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:41:57 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=99724e9ddc323708362cf50e2af202f717c4ae469bc98da1e4a04244c9ff50e9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:45:a9:50:69:32:d9:a8:9e:68:d1:f4:b5:5e:
                    fe:5b:83:cd:91:e4:26:4f:93:db:c8:3a:19:6e:d4:
                    0f:69:4e:79:f4:55:5a:ba:01:9a:6a:82:ec:52:dd:
                    06:d6:02:71:79:88:4e:0d:19:37:c2:cb:4f:2e:0e:
                    4e:c8:ad:58:80:dd:83:90:e4:f4:98:ae:fc:27:3e:
                    4c:c6:f9:6b:f3:57:9d:12:93:74:e7:64:2f:d6:6a:
                    f8:14:4b:48:be:e6:9d:89:a9:bd:e2:90:03:34:49:
                    18:bf:a2:d5:b1:b1:cb:a8:46:a0:9c:3b:96:06:ed:
                    2e:70:3e:26:9f:89:91:2d:2c:f1:c1:07:24:3a:d2:
                    6c:45:ed:fd:0d:d4:9d:5b:01:80:6c:0f:73:19:c8:
                    fd:9b:88:5f:4c:80:ac:88:63:a8:39:69:f6:35:56:
                    27:c8:69:ca:ec:cd:b9:f3:df:28:1c:82:35:93:1b:
                    be:68:2d:36:94:9f:88:fc:25:2c:40:16:c4:d8:ec:
                    68:c9:03:bb:0a:2b:c5:32:3d:70:d1:c7:cd:fe:f9:
                    c6:97:db:fb:0b:50:67:30:a0:f9:f6:b5:97:6b:25:
                    14:60:36:6f:67:76:9d:c3:39:dd:89:78:06:d6:71:
                    22:b8:1b:f8:23:fd:e2:6f:d0:12:7a:36:50:e6:93:
                    f7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:40:80:CF:29:26:E5:C3:DD:B3:66:CD:08:56:CD:01:21:15:AB:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ba48806-c985-4d6d-bd00-180947f864e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:1b:e6:fa:5f:3b:5a:4f:9e:29:3c:40:45:14:71:da:c7:f7:
         5f:59:59:d3:a8:a1:67:85:92:2c:5b:71:72:86:1e:fa:9c:7d:
         77:81:52:2b:73:66:a6:33:3d:26:9c:58:2b:92:61:0b:99:fd:
         c8:2f:3c:4a:5c:77:22:25:85:5e:fd:4b:57:3f:24:a8:a5:8d:
         0e:19:1a:23:bf:fa:a8:0d:39:8e:69:25:92:da:01:8e:85:27:
         2e:63:90:93:b7:c5:bf:dd:d1:f8:ef:bc:2f:9c:9d:7c:09:a5:
         1f:44:3f:ee:87:33:80:75:17:f3:ad:30:3d:2b:c1:bd:c3:1b:
         78:c2:e4:09:45:bd:0f:8a:08:d1:33:d5:92:d7:11:e7:27:2e:
         84:32:74:a6:b5:8f:00:95:83:4c:d9:c3:61:93:c5:df:e8:46:
         67:13:0a:e1:90:6f:06:a2:0b:d0:ab:7b:30:f2:3b:5d:47:7b:
         b2:99:8c:dd:a3:64:e5:45:1f:60:88:71:ed:74:7c:89:ff:29:
         b8:f0:68:06:25:8b:c6:6b:39:2e:d0:68:72:4f:34:08:9c:a0:
         ec:9b:a3:0c:fa:e9:ee:fd:c2:44:db:e2:42:52:f8:b3:52:30:
         93:75:f6:5f:07:9e:e7:7a:58:4a:de:e9:cb:60:7d:aa:40:cd:
         03:5e:d7:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVVSnI/2RXUH44uLOagpngMaQFoYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDA0MTU3WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTcyNGU5ZGRjMzIzNzA4MzYyY2Y1MGUyYWYyMDJmNzE3
YzRhZTQ2OWJjOThkYTFlNGEwNDI0NGM5ZmY1MGU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfRalQaTLZqJ5o0fS1Xv5bg82R5CZPk9vIOhlu1A9pTnn0
VVq6AZpqguxS3QbWAnF5iE4NGTfCy08uDk7IrViA3YOQ5PSYrvwnPkzG+WvzV50S
k3TnZC/WavgUS0i+5p2Jqb3ikAM0SRi/otWxscuoRqCcO5YG7S5wPiafiZEtLPHB
ByQ60mxF7f0N1J1bAYBsD3MZyP2biF9MgKyIY6g5afY1VifIacrszbnz3ygcgjWT
G75oLTaUn4j8JSxAFsTY7GjJA7sKK8UyPXDRx83++caX2/sLUGcwoPn2tZdrJRRg
Nm9ndp3DOd2JeAbWcSK4G/gj/eJv0BJ6NlDmk/dtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwECAzykm5cPds2bNCFbNASEVqzkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiYTQ4ODA2LWM5ODUtNGQ2ZC1iZDAwLTE4MDk0N2Y4NjRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJAvlwwDQYJKoZIhvcNAQELBQADggEBAFsb5vpfO1pPnik8QEUUcdrH919Z
WdOooWeFkixbcXKGHvqcfXeBUitzZqYzPSacWCuSYQuZ/cgvPEpcdyIlhV79S1c/
JKiljQ4ZGiO/+qgNOY5pJZLaAY6FJy5jkJO3xb/d0fjvvC+cnXwJpR9EP+6HM4B1
F/OtMD0rwb3DG3jC5AlFvQ+KCNEz1ZLXEecnLoQydKa1jwCVg0zZw2GTxd/oRmcT
CuGQbwaiC9CrezDyO11He7KZjN2jZOVFH2CIce10fIn/KbjwaAYli8ZrOS7QaHJP
NAicoOybowz66e79wkTb4kJS+LNSMJN19l8Hnud6WEre6ctgfapAzQNe10E=
-----END CERTIFICATE-----