Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2e34b6f6-970c-422b-a50a-c63cbe392aab.roa
File:                     2e34b6f6-970c-422b-a50a-c63cbe392aab.roa (raw, json)
Hash identifier:          jfBlISUwvgn57l9PW0uBMKf8U9xf3QWQRYkjqCq2RjM=
Subject key identifier:   49:AB:53:9F:9A:C7:BD:F6:66:80:DC:79:95:CB:11:34:D0:25:A0:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26EB6AD106661A42D8AA43EB0CC7E4971131F7E9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2e34b6f6-970c-422b-a50a-c63cbe392aab.roa
Signing time:             Tue 14 Oct 2025 17:42:04 +0000
ROA not before:           Tue 14 Oct 2025 17:42:04 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.85.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:eb:6a:d1:06:66:1a:42:d8:aa:43:eb:0c:c7:e4:97:11:31:f7:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:42:04 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=b546596d3ccb1c2624d4757bfe4aeb951af19045f37ec0646bf0f12c32e45104, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c0:72:53:bc:4a:d2:db:44:90:9c:77:28:dc:
                    25:de:0a:8c:1c:52:a8:85:c7:48:e4:30:85:69:ac:
                    a2:c9:da:5e:e1:a9:64:7a:40:07:79:91:50:04:d2:
                    ce:ea:c4:04:77:44:66:43:6a:d5:5d:83:16:2e:c8:
                    ee:1c:dd:7e:8b:cf:c2:ae:c6:11:4c:89:d4:6d:bc:
                    ab:2b:45:4e:ce:b0:7f:a0:e2:b0:a9:01:be:07:7a:
                    13:89:41:db:46:26:ed:6d:f2:e4:6e:b0:02:d8:e1:
                    5b:2f:30:ca:83:cb:46:d2:c1:36:83:a9:80:fc:e2:
                    b9:3e:0d:0c:fd:cf:55:f9:0a:58:7b:c4:df:1b:3c:
                    bb:23:dd:7f:19:a0:ad:31:e4:14:46:ca:a3:ee:0e:
                    df:89:f1:57:02:4e:e6:68:60:80:38:2f:b4:09:28:
                    70:eb:f4:8d:94:60:36:17:a6:e1:01:ec:48:75:45:
                    98:4b:7a:b9:fb:7a:92:71:ad:f7:0f:d6:3e:57:33:
                    8d:12:e1:63:3d:fc:46:a3:1e:2d:9c:45:1a:90:4b:
                    6b:c1:f0:ef:ad:08:ff:39:33:12:8e:fe:53:64:23:
                    07:fe:7f:5f:9a:a3:0e:9c:50:95:72:1f:f4:5e:c1:
                    27:ce:3e:55:52:e5:f0:7f:0b:a3:62:c2:ca:92:4e:
                    58:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:AB:53:9F:9A:C7:BD:F6:66:80:DC:79:95:CB:11:34:D0:25:A0:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2e34b6f6-970c-422b-a50a-c63cbe392aab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:0a:3c:78:55:6e:09:22:56:3c:13:b7:76:fd:86:05:17:3b:
         8d:32:69:ba:ef:17:16:56:d7:3b:28:f4:dd:81:55:30:b4:ad:
         8a:8a:86:b7:dd:5a:6b:d2:73:ef:4e:5a:76:59:f4:e9:12:ee:
         9d:c0:b3:cd:6c:81:9d:74:b9:fb:81:94:aa:ea:fd:76:ac:ce:
         70:e3:1f:af:1b:46:f4:26:6b:bd:56:60:ef:57:bf:a4:bb:0f:
         8a:63:96:a9:6a:52:7a:5f:f8:62:d2:e7:97:7f:0a:77:c6:42:
         ac:c2:63:5b:60:7e:d1:40:60:4d:40:81:34:e7:42:4a:06:07:
         6b:98:d7:50:46:fa:17:29:74:c3:13:63:69:6e:7c:33:ec:b5:
         65:da:93:b3:b1:f6:af:b6:f1:90:85:8a:c8:77:d7:9d:98:76:
         9b:2c:f9:84:96:fc:77:cf:f2:96:c6:f6:f8:5f:84:ba:2c:6b:
         b6:06:91:3a:40:08:1d:03:14:71:cc:f6:4b:79:cf:a4:de:a6:
         4b:97:51:b9:6c:f9:4a:48:85:e8:41:3e:54:c5:a8:09:fe:7a:
         dd:b3:7b:90:ab:5a:8c:e7:01:cd:b6:a4:e9:7d:b1:23:2f:b0:
         5c:68:ef:c3:b0:6d:88:d3:16:02:4b:39:55:bd:c1:a2:06:3e:
         6b:e4:47:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJutq0QZmGkLYqkPrDMfklxEx9+kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc0MjA0WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTQ2NTk2ZDNjY2IxYzI2MjRkNDc1N2JmZTRhZWI5NTFh
ZjE5MDQ1ZjM3ZWMwNjQ2YmYwZjEyYzMyZTQ1MTA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYwHJTvErS20SQnHco3CXeCowcUqiFx0jkMIVprKLJ2l7h
qWR6QAd5kVAE0s7qxAR3RGZDatVdgxYuyO4c3X6Lz8KuxhFMidRtvKsrRU7OsH+g
4rCpAb4HehOJQdtGJu1t8uRusALY4VsvMMqDy0bSwTaDqYD84rk+DQz9z1X5Clh7
xN8bPLsj3X8ZoK0x5BRGyqPuDt+J8VcCTuZoYIA4L7QJKHDr9I2UYDYXpuEB7Eh1
RZhLern7epJxrfcP1j5XM40S4WM9/EajHi2cRRqQS2vB8O+tCP85MxKO/lNkIwf+
f1+aow6cUJVyH/RewSfOPlVS5fB/C6NiwsqSTlhLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSatTn5rHvfZmgNx5lcsRNNAloCMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJlMzRiNmY2LTk3MGMtNDIyYi1hNTBhLWM2M2NiZTM5MmFhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmFUwDQYJKoZIhvcNAQELBQADggEBABMKPHhVbgkiVjwTt3b9hgUXO40y
abrvFxZW1zso9N2BVTC0rYqKhrfdWmvSc+9OWnZZ9OkS7p3As81sgZ10ufuBlKrq
/XasznDjH68bRvQma71WYO9Xv6S7D4pjlqlqUnpf+GLS55d/CnfGQqzCY1tgftFA
YE1AgTTnQkoGB2uY11BG+hcpdMMTY2lufDPstWXak7Ox9q+28ZCFish3152Ydpss
+YSW/HfP8pbG9vhfhLosa7YGkTpACB0DFHHM9kt5z6TepkuXUbls+UpIhehBPlTF
qAn+et2ze5CrWoznAc22pOl9sSMvsFxo78OwbYjTFgJLOVW9waIGPmvkR54=
-----END CERTIFICATE-----