Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d2f72a8-d1a4-4628-bff5-931332c05619.roa
File:                     2d2f72a8-d1a4-4628-bff5-931332c05619.roa (raw, json)
Hash identifier:          BhUWXtSCtURvb2pnKRWntXDt9eNkreBc5OaLgy/7YjU=
Subject key identifier:   FF:0F:B5:02:1C:F2:32:62:D9:2B:28:DD:79:BF:E3:E6:4C:9B:F1:4C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E72856EB3E13A46AE59AB2E113D22228C042DA3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d2f72a8-d1a4-4628-bff5-931332c05619.roa
Signing time:             Mon 29 Sep 2025 15:12:42 +0000
ROA not before:           Mon 29 Sep 2025 15:12:42 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        74.166.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:72:85:6e:b3:e1:3a:46:ae:59:ab:2e:11:3d:22:22:8c:04:2d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 29 15:12:42 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=be0081a1886089f5611e52c02e5653c7c1c51ca850db9d7cbe6f84c613643d44, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:56:af:5a:c7:aa:81:f0:2a:e5:8f:54:51:7b:
                    88:cc:7b:8f:a8:67:b3:b8:a8:c7:ad:da:6b:1e:88:
                    1d:09:92:ba:f5:39:fb:3a:5f:95:78:35:a5:b0:34:
                    99:7c:a1:aa:09:4e:0f:28:44:6e:ff:b1:46:02:6f:
                    cd:e8:23:0c:f1:f0:d8:2f:24:27:1a:9a:35:17:61:
                    45:2f:7f:39:cf:23:c4:cd:8a:bd:b9:d8:6e:9a:0f:
                    76:1f:60:39:52:81:1a:55:25:58:15:05:e5:67:f4:
                    67:7f:4a:54:02:a8:9a:5a:9a:ba:34:33:77:96:bf:
                    11:a2:22:d8:f7:dd:6b:81:cf:15:4e:42:e0:12:60:
                    ba:0c:18:cd:da:34:05:ac:eb:9a:e3:8f:32:d1:77:
                    bb:7a:35:ff:a8:38:f6:3e:43:a6:46:76:5b:71:da:
                    89:dd:9f:bf:dc:ec:5b:79:53:9f:e9:52:9a:18:48:
                    6c:bd:fc:34:f5:6f:71:25:09:d0:b8:b6:ea:ad:89:
                    eb:e3:5e:04:a1:6d:ef:ec:35:a3:a7:57:bf:31:6e:
                    03:1b:84:95:dc:78:5b:50:6c:6a:9c:88:90:ff:2f:
                    5c:fc:39:0e:03:1c:05:df:e8:5a:50:27:0a:b5:d6:
                    a1:e0:f2:11:2d:9b:7a:95:92:ca:97:ff:00:e7:0e:
                    df:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:0F:B5:02:1C:F2:32:62:D9:2B:28:DD:79:BF:E3:E6:4C:9B:F1:4C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d2f72a8-d1a4-4628-bff5-931332c05619.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.166.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:32:4a:bb:2b:b0:bd:c8:7a:15:c0:6e:39:e6:be:be:34:c5:
         e2:44:08:22:b5:26:44:0f:d6:19:8e:60:31:f9:30:d4:97:6e:
         d3:27:32:6d:64:81:56:fb:66:33:ae:3a:a3:e1:c1:a3:87:f3:
         d7:0c:c4:62:e1:cf:45:48:cf:46:cb:eb:c1:b1:74:c2:77:f8:
         f2:03:92:57:40:41:4e:78:81:d0:ba:f1:37:2a:72:b5:f7:3c:
         3c:c9:51:de:c1:f9:52:bb:5a:b5:54:fa:08:b2:c2:8c:9c:54:
         e9:37:b6:3d:f8:c6:d1:e7:99:f1:a9:2f:7a:aa:b9:84:04:f3:
         06:af:7d:76:b7:3b:98:0b:4b:5f:8e:c0:22:ed:81:d7:32:80:
         37:f5:89:c9:f2:fb:14:3e:d2:80:1c:7e:ce:d3:82:0c:23:3e:
         f4:57:f4:08:0b:34:fb:d4:7b:cb:9f:fa:38:67:e9:cd:64:1f:
         23:fe:af:e7:31:af:b1:c1:f9:ce:ff:40:4d:b0:43:59:8a:a8:
         a2:af:66:ae:61:a0:27:53:e0:29:47:76:06:0b:69:19:39:c4:
         d1:28:62:3d:48:6b:35:dd:14:22:59:c4:d7:1e:42:43:78:ad:
         79:30:7c:98:1e:84:f1:a0:3e:e4:13:4c:73:a2:18:a4:3e:5c:
         e5:6d:a0:cc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbnKFbrPhOkauWasuET0iIowELaMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI5MTUxMjQyWhcNMjUxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTAwODFhMTg4NjA4OWY1NjExZTUyYzAyZTU2NTNjN2Mx
YzUxY2E4NTBkYjlkN2NiZTZmODRjNjEzNjQzZDQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtVq9ax6qB8Crlj1RRe4jMe4+oZ7O4qMet2mseiB0Jkrr1
Ofs6X5V4NaWwNJl8oaoJTg8oRG7/sUYCb83oIwzx8NgvJCcamjUXYUUvfznPI8TN
ir252G6aD3YfYDlSgRpVJVgVBeVn9Gd/SlQCqJpamro0M3eWvxGiItj33WuBzxVO
QuASYLoMGM3aNAWs65rjjzLRd7t6Nf+oOPY+Q6ZGdltx2ondn7/c7Ft5U5/pUpoY
SGy9/DT1b3ElCdC4tuqtievjXgShbe/sNaOnV78xbgMbhJXceFtQbGqciJD/L1z8
OQ4DHAXf6FpQJwq11qHg8hEtm3qVksqX/wDnDt9nAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/w+1AhzyMmLZKyjdeb/j5kyb8UwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkMmY3MmE4LWQxYTQtNDYyOC1iZmY1LTkzMTMzMmMwNTYxOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBKpjANBgkqhkiG9w0BAQsFAAOCAQEAPDJKuyuwvch6FcBuOea+vjTF4kQI
IrUmRA/WGY5gMfkw1Jdu0ycybWSBVvtmM646o+HBo4fz1wzEYuHPRUjPRsvrwbF0
wnf48gOSV0BBTniB0LrxNypytfc8PMlR3sH5UrtatVT6CLLCjJxU6Te2PfjG0eeZ
8akveqq5hATzBq99drc7mAtLX47AIu2B1zKAN/WJyfL7FD7SgBx+ztOCDCM+9Ff0
CAs0+9R7y5/6OGfpzWQfI/6v5zGvscH5zv9ATbBDWYqooq9mrmGgJ1PgKUd2Bgtp
GTnE0ShiPUhrNd0UIlnE1x5CQ3iteTB8mB6E8aA+5BNMc6IYpD5c5W2gzA==
-----END CERTIFICATE-----