Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c88f27e-36bd-4da7-8797-ef971cd2b167.roa
File:                     2c88f27e-36bd-4da7-8797-ef971cd2b167.roa (raw, json)
Hash identifier:          v++N9F8B9FI8RX+sIHME8tLS7lTMjZC7qsVWyJOqM/o=
Subject key identifier:   88:BB:5C:06:AA:72:1C:17:13:70:EF:F4:D8:4D:50:DD:1E:6B:BC:B6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68709A58555C1E8CE3BC399F553F31DAA25FA11C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c88f27e-36bd-4da7-8797-ef971cd2b167.roa
Signing time:             Sun 19 Oct 2025 00:00:49 +0000
ROA not before:           Sun 19 Oct 2025 00:00:49 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.2.128.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:70:9a:58:55:5c:1e:8c:e3:bc:39:9f:55:3f:31:da:a2:5f:a1:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 00:00:49 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=b07343abca7576baf413eccf471826e358dcee2e83e3b09c8b5b298f9a7be7c9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:65:64:16:41:8d:4e:7c:b4:66:71:5c:cf:ae:
                    4c:b4:e0:95:47:87:e6:96:4d:c1:9d:f9:98:c9:4a:
                    6c:8b:60:42:ec:c6:4f:b3:07:52:22:0d:02:51:59:
                    22:e4:32:f8:08:bb:5f:23:65:31:1d:6d:2e:09:0a:
                    65:82:5e:05:37:dd:ee:33:73:54:b3:01:0e:bb:35:
                    bf:19:c9:57:25:48:95:ef:22:3f:d9:a3:1b:47:0d:
                    9b:a6:02:4d:d6:b5:8c:57:40:54:7d:8a:29:0a:e4:
                    94:e7:79:d7:22:03:b0:c8:21:3d:ea:c6:cb:1a:ec:
                    f0:ae:eb:15:c4:03:c0:4c:ad:8f:4a:0f:4e:2f:eb:
                    26:6b:8d:a6:6f:96:04:51:bb:a4:0e:cb:57:c1:05:
                    ef:3d:1e:ae:f2:fa:46:dd:b8:14:4d:cc:7d:00:f2:
                    1c:78:f4:1d:c7:49:4d:48:bd:6c:d8:23:1b:fb:52:
                    00:b7:b2:02:3c:7f:b1:dc:1f:ac:33:5c:d9:8d:d5:
                    d5:a8:d2:1a:fb:c0:1b:97:27:60:65:38:0e:ad:81:
                    0d:69:3d:e5:2e:75:10:0e:bb:93:d2:34:26:ab:6a:
                    60:ba:77:90:25:79:85:75:5f:ea:aa:c1:9d:12:3b:
                    17:50:1b:58:77:ac:ef:8d:b6:93:45:9d:cb:27:8c:
                    26:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:BB:5C:06:AA:72:1C:17:13:70:EF:F4:D8:4D:50:DD:1E:6B:BC:B6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c88f27e-36bd-4da7-8797-ef971cd2b167.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.2.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         bc:e2:6b:d7:9e:82:9d:57:c9:ec:68:a7:89:76:85:20:e1:7b:
         a5:24:44:cf:c3:93:ad:79:8a:2f:c2:18:c7:c1:97:43:bd:ff:
         19:01:a4:9c:c5:bf:cc:e7:44:d8:51:da:24:2c:11:7e:c0:f1:
         c2:90:06:e0:f0:3a:21:4d:39:71:c3:51:53:87:91:be:00:bb:
         e0:33:8f:1b:09:d8:da:0e:7e:42:a8:fe:10:76:da:89:f7:ac:
         85:ef:f2:c0:b1:dc:aa:fc:af:a8:35:58:35:63:54:1d:fa:06:
         14:5c:e6:34:63:64:54:3f:7f:cc:44:b1:fd:57:7e:e5:e4:58:
         63:4f:51:6b:6e:17:52:b5:14:8f:5d:d1:6d:15:78:29:08:20:
         c9:ce:01:89:b1:89:86:af:9a:d1:bf:5d:e4:9e:79:19:be:3c:
         dc:67:34:46:10:94:2c:98:f5:b8:50:10:45:dc:56:71:c6:01:
         c5:47:98:3a:4e:89:76:08:4a:b3:b2:e1:e9:eb:15:c3:af:99:
         f6:f6:cd:e8:9d:64:3e:49:8b:1b:cb:8c:4b:df:77:2d:19:db:
         f5:c5:02:46:51:f6:1c:6b:66:4e:ef:c7:46:f5:af:06:0a:80:
         61:6d:a3:a2:56:c0:6a:b2:4e:2b:13:63:80:9a:45:e7:59:29:
         24:e7:e9:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaHCaWFVcHozjvDmfVT8x2qJfoRwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDAwMDQ5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDczNDNhYmNhNzU3NmJhZjQxM2VjY2Y0NzE4MjZlMzU4
ZGNlZTJlODNlM2IwOWM4YjViMjk4ZjlhN2JlN2M5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjZWQWQY1OfLRmcVzPrky04JVHh+aWTcGd+ZjJSmyLYELs
xk+zB1IiDQJRWSLkMvgIu18jZTEdbS4JCmWCXgU33e4zc1SzAQ67Nb8ZyVclSJXv
Ij/ZoxtHDZumAk3WtYxXQFR9iikK5JTnedciA7DIIT3qxssa7PCu6xXEA8BMrY9K
D04v6yZrjaZvlgRRu6QOy1fBBe89Hq7y+kbduBRNzH0A8hx49B3HSU1IvWzYIxv7
UgC3sgI8f7HcH6wzXNmN1dWo0hr7wBuXJ2BlOA6tgQ1pPeUudRAOu5PSNCaramC6
d5AleYV1X+qqwZ0SOxdQG1h3rO+NtpNFncsnjCbhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiLtcBqpyHBcTcO/02E1Q3R5rvLYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJjODhmMjdlLTM2YmQtNGRhNy04Nzk3LWVmOTcxY2QyYjE2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVLAoAwDQYJKoZIhvcNAQELBQADggEBALzia9eegp1Xyexop4l2hSDhe6Uk
RM/Dk615ii/CGMfBl0O9/xkBpJzFv8znRNhR2iQsEX7A8cKQBuDwOiFNOXHDUVOH
kb4Au+AzjxsJ2NoOfkKo/hB22on3rIXv8sCx3Kr8r6g1WDVjVB36BhRc5jRjZFQ/
f8xEsf1XfuXkWGNPUWtuF1K1FI9d0W0VeCkIIMnOAYmxiYavmtG/XeSeeRm+PNxn
NEYQlCyY9bhQEEXcVnHGAcVHmDpOiXYISrOy4enrFcOvmfb2zeidZD5JixvLjEvf
dy0Z2/XFAkZR9hxrZk7vx0b1rwYKgGFto6JWwGqyTisTY4CaRedZKSTn6cU=
-----END CERTIFICATE-----