Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d9d7bd3-1ddb-48f0-b445-7c3d44fa09af.roa
File:                     2d9d7bd3-1ddb-48f0-b445-7c3d44fa09af.roa (raw, json)
Hash identifier:          71YeWDYvjPN8iZguIdVL1pYTJyLKwYYir6hknHNgDPQ=
Subject key identifier:   C0:DC:43:86:29:EF:4E:23:52:CC:3F:24:77:31:3E:FB:95:32:A0:18
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       48CE446EC295AAB363B896CDC1B6C071CD01E8D6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d9d7bd3-1ddb-48f0-b445-7c3d44fa09af.roa
Signing time:             Wed 08 Oct 2025 00:22:12 +0000
ROA not before:           Wed 08 Oct 2025 00:22:12 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.113.192.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:ce:44:6e:c2:95:aa:b3:63:b8:96:cd:c1:b6:c0:71:cd:01:e8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:22:12 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=622446a99fa3456748a60ac6123a302869ac7a70bd28f9768b90b0018688b85f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:df:5d:07:b5:17:e3:64:20:0a:0f:d2:b5:da:
                    62:de:3f:9d:01:1c:54:86:65:f2:83:9b:8f:0a:ae:
                    a7:a5:32:29:d5:3e:23:31:54:5b:81:77:b4:59:ed:
                    82:f6:61:12:16:be:22:c0:8c:64:35:b5:09:21:6f:
                    ee:96:06:fc:48:a8:81:df:81:71:47:28:a2:01:ef:
                    60:35:38:e7:ba:32:ae:17:2d:a4:0e:55:57:9a:bc:
                    9d:2a:59:25:e9:da:b0:44:15:98:35:79:3c:c4:1e:
                    6d:50:db:4b:62:ae:61:88:aa:b8:81:0c:a3:aa:8e:
                    60:f9:59:c4:9e:1c:3d:80:de:8a:f6:40:16:0c:b7:
                    eb:67:5e:71:e5:29:7f:64:53:00:84:8a:5a:e3:98:
                    d3:f0:60:35:ac:76:dc:5a:c4:f3:69:34:ee:f3:a9:
                    ea:03:80:b9:2e:6d:82:8d:1a:8a:2e:be:68:86:a4:
                    57:df:27:8a:09:01:79:e1:87:82:19:14:b0:b2:bc:
                    96:61:e7:11:13:a8:b3:4e:09:40:fa:46:3c:10:63:
                    b8:95:10:a4:75:d6:25:cb:b9:6f:a9:4a:5d:4b:91:
                    b0:3e:e4:27:e0:3e:ea:f4:18:d9:1a:70:5c:73:cc:
                    93:04:1b:cb:5a:4e:c6:cc:b6:59:b9:ac:10:91:63:
                    89:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:DC:43:86:29:EF:4E:23:52:CC:3F:24:77:31:3E:FB:95:32:A0:18
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d9d7bd3-1ddb-48f0-b445-7c3d44fa09af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.113.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0b:3d:40:8a:d9:72:fd:d9:1c:b7:7b:d5:ec:e8:98:ed:bf:65:
         a2:6b:af:47:97:3c:c2:4b:44:57:55:0d:59:c3:8f:0a:2b:91:
         0b:31:bf:7f:b9:9d:33:08:c7:86:a9:60:2d:63:71:2c:a0:36:
         f1:66:a1:0f:9c:2a:00:5a:78:af:07:dc:0a:4e:b0:e1:2b:58:
         0d:ad:2b:70:3b:18:8b:80:d6:e5:c0:a1:8d:55:cd:a4:0e:1c:
         44:e1:7a:3b:ff:a4:97:ca:67:84:df:58:39:8e:f9:27:71:16:
         d0:85:77:fd:2c:4b:4a:9f:d5:e0:95:35:d3:19:e2:3f:29:30:
         0e:28:5d:d2:cb:91:8b:c6:e6:da:c3:12:ac:a8:44:be:bc:91:
         13:14:38:f9:0e:6f:81:1a:b7:8f:2b:b9:74:84:a1:03:e1:6d:
         86:f2:2e:41:31:ac:e9:03:f3:6c:80:e7:28:3a:d3:00:fb:32:
         2f:f7:7c:c3:da:17:98:ec:1c:8c:27:d4:a6:06:73:54:d2:d2:
         e0:9c:15:5b:4f:73:5b:78:b5:cf:77:57:47:2d:72:41:8a:5c:
         f0:0c:ca:1f:f1:4c:86:44:ef:88:ad:e3:5e:f0:49:db:41:46:
         72:74:e3:28:dd:6e:02:2c:3d:78:76:52:11:c6:1f:3a:27:2b:
         68:d0:c9:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSM5EbsKVqrNjuJbNwbbAcc0B6NYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAyMjEyWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjI0NDZhOTlmYTM0NTY3NDhhNjBhYzYxMjNhMzAyODY5
YWM3YTcwYmQyOGY5NzY4YjkwYjAwMTg2ODhiODVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCy310HtRfjZCAKD9K12mLeP50BHFSGZfKDm48KrqelMinV
PiMxVFuBd7RZ7YL2YRIWviLAjGQ1tQkhb+6WBvxIqIHfgXFHKKIB72A1OOe6Mq4X
LaQOVVeavJ0qWSXp2rBEFZg1eTzEHm1Q20tirmGIqriBDKOqjmD5WcSeHD2A3or2
QBYMt+tnXnHlKX9kUwCEilrjmNPwYDWsdtxaxPNpNO7zqeoDgLkubYKNGoouvmiG
pFffJ4oJAXnhh4IZFLCyvJZh5xETqLNOCUD6RjwQY7iVEKR11iXLuW+pSl1LkbA+
5CfgPur0GNkacFxzzJMEG8taTsbMtlm5rBCRY4nLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwNxDhinvTiNSzD8kdzE++5UyoBgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkOWQ3YmQzLTFkZGItNDhmMC1iNDQ1LTdjM2Q0NGZhMDlhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVAccAwDQYJKoZIhvcNAQELBQADggEBAAs9QIrZcv3ZHLd71ezomO2/ZaJr
r0eXPMJLRFdVDVnDjworkQsxv3+5nTMIx4apYC1jcSygNvFmoQ+cKgBaeK8H3ApO
sOErWA2tK3A7GIuA1uXAoY1VzaQOHEThejv/pJfKZ4TfWDmO+SdxFtCFd/0sS0qf
1eCVNdMZ4j8pMA4oXdLLkYvG5trDEqyoRL68kRMUOPkOb4Eat48ruXSEoQPhbYby
LkExrOkD82yA5yg60wD7Mi/3fMPaF5jsHIwn1KYGc1TS0uCcFVtPc1t4tc93V0ct
ckGKXPAMyh/xTIZE74it417wSdtBRnJ04yjdbgIsPXh2UhHGHzonK2jQya0=
-----END CERTIFICATE-----