Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30fa80f5-9c58-4ec4-a9a5-3e01a86fcad5.roa
File:                     30fa80f5-9c58-4ec4-a9a5-3e01a86fcad5.roa (raw, json)
Hash identifier:          Kb0WF7Tfrghs0esn9EHO/KM5yZAsQ+Tcr/3Js1zkchY=
Subject key identifier:   76:E4:FF:29:D3:FA:C3:EB:2F:A7:E4:63:D5:A7:FC:9B:B6:24:24:1B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7AB593B5D0204BD9CBD472B1C16542F8C265BEF6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30fa80f5-9c58-4ec4-a9a5-3e01a86fcad5.roa
Signing time:             Tue 14 Oct 2025 17:21:11 +0000
ROA not before:           Tue 14 Oct 2025 17:21:11 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.132.12.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:b5:93:b5:d0:20:4b:d9:cb:d4:72:b1:c1:65:42:f8:c2:65:be:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:21:11 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=edd5973dfb3d7839218fdff43eddf1e27eeb5513d0c9a44aefcee4c5039c0b6c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d4:c1:06:a8:7d:87:4d:3f:88:0a:96:64:9c:
                    62:f0:57:ff:38:eb:6c:6f:69:48:19:64:4c:78:5c:
                    c0:6d:da:bd:8b:80:29:ae:8b:15:cb:01:d2:fa:65:
                    0b:97:f9:91:5a:5d:b4:71:64:d9:42:c5:91:3f:c0:
                    28:f6:d1:c1:70:a6:3f:8d:44:b8:d0:41:84:84:99:
                    e1:18:ef:1e:73:34:75:53:8d:4e:ef:5d:0f:68:4c:
                    79:c2:7f:0b:c7:bd:5e:05:5b:43:23:c5:ce:d2:5a:
                    f4:0d:fc:0e:c9:e2:ed:68:8e:b2:e9:23:e0:37:76:
                    af:ca:5b:46:c8:50:cc:48:3a:12:53:c0:d3:67:1f:
                    8d:f3:40:17:c2:8e:25:8f:8e:2d:b3:30:0d:4b:1b:
                    87:45:cc:21:6c:b7:2f:ab:1d:04:64:ca:bb:cb:ef:
                    8f:45:ad:d7:9e:e3:ef:81:18:6d:d2:0f:9c:a9:8f:
                    21:03:50:1e:e1:1a:30:a1:11:c4:42:b0:0d:f8:94:
                    93:2a:d8:a4:87:76:76:56:58:24:a7:59:06:10:87:
                    5a:b7:c5:5f:70:35:43:aa:38:d3:81:b9:30:5b:04:
                    ae:c0:c3:86:2d:f9:39:e7:6b:31:b3:b9:b5:8d:b6:
                    66:2f:32:55:29:37:b1:82:00:7e:24:a0:b4:b7:d4:
                    9e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E4:FF:29:D3:FA:C3:EB:2F:A7:E4:63:D5:A7:FC:9B:B6:24:24:1B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30fa80f5-9c58-4ec4-a9a5-3e01a86fcad5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.132.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:88:44:e5:87:7a:64:06:db:aa:59:93:3b:e3:e2:96:f8:24:
         8a:b7:18:10:d2:75:b7:b2:15:07:44:cd:a6:9f:c6:a0:05:6a:
         5d:42:76:18:3f:f9:62:3d:23:6f:4c:75:29:db:ee:ce:a2:77:
         b6:e2:d6:81:12:1d:7d:b7:4d:ac:c6:ea:2b:aa:4e:1f:66:27:
         5a:91:a6:ee:2d:0c:e9:11:be:2e:f6:2c:12:18:9c:af:d4:83:
         5e:ae:22:59:a6:c6:ac:50:da:bc:df:b7:eb:1d:a6:11:3e:83:
         5f:2c:3c:b0:00:4d:9e:ec:0a:e4:b4:5f:a4:35:7b:bf:c4:16:
         f3:0a:59:d3:53:f9:f7:17:d4:c5:4f:bd:1a:d3:be:21:e0:65:
         4d:26:14:b0:8d:57:21:b1:9e:b0:bc:6e:1c:55:83:59:5a:9d:
         99:bf:55:a4:58:15:36:74:a9:7c:a8:f4:e2:34:d0:42:ae:20:
         ac:15:53:f6:52:25:17:7a:06:90:ba:16:d9:f1:a7:fb:f0:9d:
         7d:6c:a2:a9:90:aa:17:7f:6a:42:ae:45:cd:63:b7:04:ae:ab:
         17:c1:24:e8:25:81:c6:3c:19:59:80:77:b9:bc:cd:3e:43:a9:
         2e:78:c0:70:fe:fe:3e:d0:65:eb:6b:77:ae:01:52:0e:f3:a5:
         87:ad:e0:75
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUerWTtdAgS9nL1HKxwWVC+MJlvvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTcyMTExWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGQ1OTczZGZiM2Q3ODM5MjE4ZmRmZjQzZWRkZjFlMjdl
ZWI1NTEzZDBjOWE0NGFlZmNlZTRjNTAzOWMwYjZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDA1MEGqH2HTT+ICpZknGLwV/8462xvaUgZZEx4XMBt2r2L
gCmuixXLAdL6ZQuX+ZFaXbRxZNlCxZE/wCj20cFwpj+NRLjQQYSEmeEY7x5zNHVT
jU7vXQ9oTHnCfwvHvV4FW0Mjxc7SWvQN/A7J4u1ojrLpI+A3dq/KW0bIUMxIOhJT
wNNnH43zQBfCjiWPji2zMA1LG4dFzCFsty+rHQRkyrvL749Frdee4++BGG3SD5yp
jyEDUB7hGjChEcRCsA34lJMq2KSHdnZWWCSnWQYQh1q3xV9wNUOqONOBuTBbBK7A
w4Yt+TnnazGzubWNtmYvMlUpN7GCAH4koLS31J4BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUduT/KdP6w+svp+Rj1af8m7YkJBswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMwZmE4MGY1LTljNTgtNGVjNC1hOWE1LTNlMDFhODZmY2FkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABGhAwwDQYJKoZIhvcNAQELBQADggEBAL2IROWHemQG26pZkzvj4pb4JIq3
GBDSdbeyFQdEzaafxqAFal1Cdhg/+WI9I29MdSnb7s6id7bi1oESHX23TazG6iuq
Th9mJ1qRpu4tDOkRvi72LBIYnK/Ug16uIlmmxqxQ2rzft+sdphE+g18sPLAATZ7s
CuS0X6Q1e7/EFvMKWdNT+fcX1MVPvRrTviHgZU0mFLCNVyGxnrC8bhxVg1lanZm/
VaRYFTZ0qXyo9OI00EKuIKwVU/ZSJRd6BpC6Ftnxp/vwnX1soqmQqhd/akKuRc1j
twSuqxfBJOglgcY8GVmAd7m8zT5DqS54wHD+/j7QZetrd64BUg7zpYet4HU=
-----END CERTIFICATE-----