Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2edf8204-bf2c-49e4-b210-cc2b92b584ed.roa
File:                     2edf8204-bf2c-49e4-b210-cc2b92b584ed.roa (raw, json)
Hash identifier:          tUGMSJdHPVxvD07z5VrAmz4b0wYWFUasL1E0um+QsKM=
Subject key identifier:   87:63:25:18:B8:82:DA:E2:7E:56:8E:D6:EC:12:2B:A7:6C:FC:D4:C6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F332BACE11A895576446A501077E62C29D4DA68
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2edf8204-bf2c-49e4-b210-cc2b92b584ed.roa
Signing time:             Sat 11 Oct 2025 00:39:53 +0000
ROA not before:           Sat 11 Oct 2025 00:39:53 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.21.240.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:33:2b:ac:e1:1a:89:55:76:44:6a:50:10:77:e6:2c:29:d4:da:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:39:53 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=f2f928172646a12f6686e2a027f5ff806b52f861e2e4d6c52e191dca3b4d1a38, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:10:ec:e8:18:f2:ab:d0:8f:8b:d9:85:15:1d:
                    39:48:0a:6d:c9:c5:bd:a2:25:53:0c:77:71:2e:92:
                    bc:31:30:3d:8c:d9:d0:a1:2c:53:f3:50:53:db:71:
                    30:a0:79:3a:14:30:d4:79:49:7b:e0:4c:61:9e:a4:
                    fa:6f:c2:e8:f7:6f:32:b0:3d:17:13:0d:2c:79:68:
                    ae:23:b9:a8:93:fc:fe:3e:f6:95:ff:77:f2:b4:0c:
                    87:d1:18:1a:2b:f6:4f:4a:1d:5e:ef:45:3a:02:8b:
                    fa:03:72:1a:17:84:ed:a6:5a:7b:d7:51:aa:9a:bb:
                    f1:37:91:03:43:ff:e9:88:cc:49:b1:9e:16:a1:d5:
                    23:5d:66:be:5e:a6:50:af:98:7d:6b:20:df:f5:89:
                    1c:28:1e:40:e2:f6:3d:2e:01:37:4b:08:e9:01:b7:
                    33:75:b5:6c:28:82:92:f0:dd:0a:ea:a3:ec:27:5a:
                    93:60:45:19:99:eb:ad:1b:37:93:00:d2:ce:5d:cb:
                    26:24:c6:3d:63:9f:23:0a:e0:66:35:5c:f1:a7:b4:
                    54:01:91:ab:02:bc:66:b5:29:8a:7a:52:1f:f8:48:
                    9d:a3:3d:cd:62:6b:f6:43:e6:ca:68:41:43:b0:02:
                    69:c7:d1:6c:9a:7c:05:58:0e:e4:df:fd:db:7b:b9:
                    73:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:63:25:18:B8:82:DA:E2:7E:56:8E:D6:EC:12:2B:A7:6C:FC:D4:C6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2edf8204-bf2c-49e4-b210-cc2b92b584ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.21.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d2:25:f3:16:e2:f2:2c:ec:8a:ce:9e:60:91:a2:cb:4c:25:54:
         95:6e:fa:7b:d4:c2:70:2c:21:ce:c7:1c:45:a4:c8:e2:bc:1d:
         3a:b3:2b:57:b2:9a:d4:c0:ec:d2:c9:3a:9d:23:49:14:58:8e:
         8e:cd:9b:eb:93:b7:11:c4:8f:17:80:a1:c7:1b:62:bf:5b:32:
         f0:6e:72:2d:c1:ef:37:84:30:b9:65:dc:3a:a0:bb:95:06:3f:
         26:4d:74:04:9b:b8:f6:1b:87:9e:c5:ea:cb:26:cc:1f:43:55:
         d3:bf:4a:87:6f:0a:e7:3e:61:c9:80:ac:88:be:d4:39:74:05:
         b3:89:01:d3:f7:44:bb:07:d5:00:19:0b:fc:2b:62:ae:ef:6f:
         f5:bd:62:00:66:01:9f:9e:c8:25:66:9e:f8:45:4c:9f:73:e1:
         0f:07:20:45:81:0c:5c:eb:81:98:8c:1e:a4:91:83:61:e8:c0:
         40:26:a5:b2:0e:55:c9:57:2c:a6:b1:0d:5b:74:ac:5c:12:9d:
         1c:65:bb:4d:53:ab:53:95:69:7f:c7:25:c2:2a:86:96:90:ad:
         92:9f:99:81:42:26:c1:9c:cf:80:44:3e:ce:bd:ac:a1:06:5a:
         7b:57:60:89:80:5f:33:6f:9f:d6:54:46:87:58:50:85:9e:57:
         87:fe:c2:ec
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbzMrrOEaiVV2RGpQEHfmLCnU2mgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAzOTUzWhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMmY5MjgxNzI2NDZhMTJmNjY4NmUyYTAyN2Y1ZmY4MDZi
NTJmODYxZTJlNGQ2YzUyZTE5MWRjYTNiNGQxYTM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUEOzoGPKr0I+L2YUVHTlICm3Jxb2iJVMMd3EukrwxMD2M
2dChLFPzUFPbcTCgeToUMNR5SXvgTGGepPpvwuj3bzKwPRcTDSx5aK4juaiT/P4+
9pX/d/K0DIfRGBor9k9KHV7vRToCi/oDchoXhO2mWnvXUaqau/E3kQND/+mIzEmx
nhah1SNdZr5eplCvmH1rIN/1iRwoHkDi9j0uATdLCOkBtzN1tWwogpLw3Qrqo+wn
WpNgRRmZ660bN5MA0s5dyyYkxj1jnyMK4GY1XPGntFQBkasCvGa1KYp6Uh/4SJ2j
Pc1ia/ZD5spoQUOwAmnH0WyafAVYDuTf/dt7uXPbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh2MlGLiC2uJ+Vo7W7BIrp2z81MYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJlZGY4MjA0LWJmMmMtNDllNC1iMjEwLWNjMmI5MmI1ODRlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALPFfAwDQYJKoZIhvcNAQELBQADggEBANIl8xbi8izsis6eYJGiy0wlVJVu
+nvUwnAsIc7HHEWkyOK8HTqzK1eymtTA7NLJOp0jSRRYjo7Nm+uTtxHEjxeAoccb
Yr9bMvBuci3B7zeEMLll3Dqgu5UGPyZNdASbuPYbh57F6ssmzB9DVdO/SodvCuc+
YcmArIi+1Dl0BbOJAdP3RLsH1QAZC/wrYq7vb/W9YgBmAZ+eyCVmnvhFTJ9z4Q8H
IEWBDFzrgZiMHqSRg2HowEAmpbIOVclXLKaxDVt0rFwSnRxlu01Tq1OVaX/HJcIq
hpaQrZKfmYFCJsGcz4BEPs69rKEGWntXYImAXzNvn9ZURodYUIWeV4f+wuw=
-----END CERTIFICATE-----