Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c35551e-a01f-4f64-b39a-f1ada190eab2.roa
File:                     2c35551e-a01f-4f64-b39a-f1ada190eab2.roa (raw, json)
Hash identifier:          Q9a5ck1KsWjrpleVViZHhifCIdZfpiQpoknQEgofdRI=
Subject key identifier:   BB:02:AF:26:4D:46:7C:6E:7E:12:D3:AF:89:B1:CF:68:CC:F4:77:62
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A80AA701ADB64F19DDA2C5DAB0C5E2F018BE554
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c35551e-a01f-4f64-b39a-f1ada190eab2.roa
Signing time:             Fri 26 Sep 2025 00:01:25 +0000
ROA not before:           Fri 26 Sep 2025 00:01:25 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        100.42.64.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:80:aa:70:1a:db:64:f1:9d:da:2c:5d:ab:0c:5e:2f:01:8b:e5:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:01:25 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e2482edd0fbaecfe52edba951dd7be7e775c9dd00f2b55d5a2f13c4931ce7134, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6a:e7:35:d5:72:1e:75:5c:de:cd:9c:7c:71:
                    f6:52:28:ea:bd:6f:f0:2f:15:93:95:41:86:f5:52:
                    cd:36:94:70:37:ea:98:16:ed:d6:cc:64:6f:bc:4c:
                    1f:b3:b0:db:71:4c:23:13:7d:a0:ad:5c:90:fa:13:
                    61:04:35:14:5d:67:86:d3:17:63:39:7b:eb:d8:a9:
                    b1:97:85:82:d5:07:b7:33:6a:6c:c9:e9:ca:02:06:
                    62:55:8b:1c:aa:7f:d8:c4:53:c0:33:69:e8:4f:96:
                    04:aa:e8:b6:89:a8:9a:fc:ec:f1:0f:85:8b:04:67:
                    b4:27:ab:9e:df:ef:4c:53:19:02:64:98:9b:f2:eb:
                    93:3f:8d:b8:81:3b:e7:58:d8:51:ae:64:9c:a5:e5:
                    83:97:78:58:1f:4b:b4:c6:bf:d8:0e:e9:76:c7:2b:
                    ef:c0:f6:76:59:0a:c3:85:05:c1:69:10:b1:09:5e:
                    5a:d6:3d:1c:39:48:af:ce:b6:44:a3:46:d0:16:ff:
                    3b:0a:33:72:18:82:56:0b:bd:47:63:de:3e:96:b2:
                    0e:6d:18:ab:38:c7:a2:88:bc:31:de:73:d1:f7:a9:
                    1a:9c:ea:8b:cd:13:a4:a1:bc:98:a2:ee:49:63:1a:
                    d3:64:07:fe:d0:bb:52:1f:71:49:2b:7c:88:49:dc:
                    94:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:02:AF:26:4D:46:7C:6E:7E:12:D3:AF:89:B1:CF:68:CC:F4:77:62
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c35551e-a01f-4f64-b39a-f1ada190eab2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  100.42.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ad:4f:15:c2:ac:c9:90:e9:d2:60:d4:df:5e:48:5b:4f:c7:74:
         7f:2d:d8:b7:ee:20:d9:01:ea:65:a7:99:6b:ae:1e:64:8d:d6:
         25:b0:a4:98:10:55:4c:f5:43:8d:42:6a:13:24:b9:f2:fc:c9:
         79:81:33:bc:25:e2:37:06:b4:af:4f:5f:ef:67:53:ef:74:c8:
         81:07:1d:80:36:2f:76:af:e4:7e:40:81:c3:68:3d:b8:23:c0:
         dd:89:de:9b:c7:9c:58:49:d4:52:73:98:b7:46:5a:49:f2:6d:
         fa:2d:9e:b0:2c:05:e9:6f:d5:13:c2:b7:7f:0b:46:61:a2:72:
         8a:40:69:1f:d0:8e:af:cf:f4:9f:c5:fe:00:23:70:ba:c4:14:
         ab:1b:e2:b6:ef:93:bf:2c:48:90:56:39:19:46:78:08:35:56:
         65:aa:4a:9e:f6:a4:e7:6c:63:b3:2e:bc:e0:62:19:e5:67:ec:
         3c:76:45:3e:2e:30:d8:19:0e:9d:ef:07:81:e5:f2:b7:e7:bb:
         5f:64:68:84:7c:07:52:73:98:98:f6:e2:52:82:e8:15:c2:82:
         8d:10:89:0d:a9:db:ef:bf:dd:70:64:9c:8a:0f:1e:0f:7f:33:
         a6:4c:f9:ab:7e:78:b3:23:2f:b2:78:15:5e:08:2a:c1:15:3c:
         d2:f0:3b:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCoCqcBrbZPGd2ixdqwxeLwGL5VQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAwMTI1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjQ4MmVkZDBmYmFlY2ZlNTJlZGJhOTUxZGQ3YmU3ZTc3
NWM5ZGQwMGYyYjU1ZDVhMmYxM2M0OTMxY2U3MTM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaauc11XIedVzezZx8cfZSKOq9b/AvFZOVQYb1Us02lHA3
6pgW7dbMZG+8TB+zsNtxTCMTfaCtXJD6E2EENRRdZ4bTF2M5e+vYqbGXhYLVB7cz
amzJ6coCBmJVixyqf9jEU8AzaehPlgSq6LaJqJr87PEPhYsEZ7Qnq57f70xTGQJk
mJvy65M/jbiBO+dY2FGuZJyl5YOXeFgfS7TGv9gO6XbHK+/A9nZZCsOFBcFpELEJ
XlrWPRw5SK/OtkSjRtAW/zsKM3IYglYLvUdj3j6Wsg5tGKs4x6KIvDHec9H3qRqc
6ovNE6ShvJii7kljGtNkB/7Qu1IfcUkrfIhJ3JRHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuwKvJk1GfG5+EtOvibHPaMz0d2IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJjMzU1NTFlLWEwMWYtNGY2NC1iMzlhLWYxYWRhMTkwZWFiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARkKkAwDQYJKoZIhvcNAQELBQADggEBAK1PFcKsyZDp0mDU315IW0/HdH8t
2LfuINkB6mWnmWuuHmSN1iWwpJgQVUz1Q41CahMkufL8yXmBM7wl4jcGtK9PX+9n
U+90yIEHHYA2L3av5H5AgcNoPbgjwN2J3pvHnFhJ1FJzmLdGWknybfotnrAsBelv
1RPCt38LRmGicopAaR/Qjq/P9J/F/gAjcLrEFKsb4rbvk78sSJBWORlGeAg1VmWq
Sp72pOdsY7MuvOBiGeVn7Dx2RT4uMNgZDp3vB4Hl8rfnu19kaIR8B1JzmJj24lKC
6BXCgo0QiQ2p2++/3XBknIoPHg9/M6ZM+at+eLMjL7J4FV4IKsEVPNLwO6o=
-----END CERTIFICATE-----