Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31470cb8-6ea1-435e-a6e9-1282a8f6f416.roa
File:                     31470cb8-6ea1-435e-a6e9-1282a8f6f416.roa (raw, json)
Hash identifier:          w+09FQK1uxSXXuroO/syj/aLFlgJD8tOG5yAXep5Ym0=
Subject key identifier:   32:1D:95:A3:B0:9A:85:BA:59:80:55:08:27:20:CA:D0:EA:8D:89:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       466B66B8C55FA72089E80A61888D356810E6335D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31470cb8-6ea1-435e-a6e9-1282a8f6f416.roa
Signing time:             Tue 14 Oct 2025 16:41:10 +0000
ROA not before:           Tue 14 Oct 2025 16:41:10 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.148.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:6b:66:b8:c5:5f:a7:20:89:e8:0a:61:88:8d:35:68:10:e6:33:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 16:41:10 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=68ef17a2d5912409430626b30bfe9b819a4787be1d71985589b375b4c8f6bf61, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a2:f6:9e:1a:03:1c:28:9c:cc:4d:74:b0:9a:
                    b3:1f:29:c5:fc:17:00:00:84:92:76:d5:99:fc:22:
                    af:7c:20:c7:af:44:82:4a:9c:ea:d0:dd:9f:78:22:
                    29:b6:13:e1:db:2d:de:59:dd:fc:31:93:0e:ca:79:
                    5e:48:b5:02:a3:53:f1:24:1d:00:53:d6:f4:e8:70:
                    b5:20:4c:32:f3:b4:b9:78:a2:3b:c1:c6:74:71:be:
                    f9:80:8a:f8:43:9b:df:eb:69:e6:da:da:7f:32:76:
                    2b:c5:8c:6f:e5:7e:5c:d9:4c:38:c7:63:35:d7:1b:
                    d1:ee:ef:c3:02:42:74:8c:2d:31:49:97:6a:c8:ed:
                    7a:ec:d8:05:0a:03:b1:6f:f7:c5:13:d4:1e:64:79:
                    fc:bc:9b:35:e4:44:8e:09:be:72:8e:ea:fc:c0:6e:
                    e2:fa:95:f4:6b:31:33:91:5e:28:d1:48:c4:b5:ec:
                    35:72:96:da:7f:64:15:19:c7:31:13:79:fa:12:cf:
                    73:da:c1:bc:62:e6:6b:ef:e1:7e:d5:cd:ad:54:9b:
                    d6:66:13:82:77:49:b3:cc:2f:5a:88:ff:2f:98:cb:
                    c7:f1:c9:ea:ef:7f:82:90:cb:1c:c8:7e:5b:ff:4b:
                    31:79:ad:e9:9e:0e:d3:93:ac:9a:d6:85:7d:fe:fa:
                    c7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1D:95:A3:B0:9A:85:BA:59:80:55:08:27:20:CA:D0:EA:8D:89:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31470cb8-6ea1-435e-a6e9-1282a8f6f416.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:07:8b:dd:14:53:a1:4e:af:1c:e2:5e:b2:e8:21:25:6a:a1:
         d1:26:7e:b8:72:f3:07:12:52:1e:6a:4b:33:47:55:10:94:cb:
         f0:96:26:b7:03:54:7a:55:3b:af:53:51:a0:75:79:8f:8b:3c:
         f8:6a:81:32:9e:83:93:0c:f9:5e:ec:8f:d4:72:2d:97:37:42:
         a7:be:2c:8a:62:2d:7d:f5:c0:43:85:fa:12:7e:5d:95:6f:1a:
         d0:e3:d6:c6:a8:23:59:db:69:e2:8d:54:a6:82:8f:22:a0:29:
         4d:0d:0d:ac:e0:6c:bc:df:64:c3:f1:e7:aa:36:83:2a:8d:36:
         3e:55:c2:97:d6:ef:51:85:0b:36:9e:7b:53:8a:b8:7c:49:db:
         bc:62:34:2e:f7:ac:d7:25:f6:64:fd:d2:e5:f3:5f:c0:a4:de:
         f0:b9:29:60:c0:6d:54:2b:0e:5a:08:7d:2a:1c:e6:fc:a4:4f:
         4f:34:18:52:10:18:b4:9e:7c:cb:82:6e:00:bb:44:4b:8b:4a:
         a4:eb:25:f2:67:32:c2:9b:57:ea:52:a6:de:d8:7d:23:d0:28:
         f7:f6:91:0d:99:59:58:d7:52:56:cc:45:b6:a4:b3:2f:e6:5e:
         51:b2:f1:0b:c5:c7:4a:37:29:6f:26:9f:75:fa:8b:10:28:c9:
         cf:a0:eb:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURmtmuMVfpyCJ6AphiI01aBDmM10wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTY0MTEwWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OGVmMTdhMmQ1OTEyNDA5NDMwNjI2YjMwYmZlOWI4MTlh
NDc4N2JlMWQ3MTk4NTU4OWIzNzViNGM4ZjZiZjYxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ovaeGgMcKJzMTXSwmrMfKcX8FwAAhJJ21Zn8Iq98IMev
RIJKnOrQ3Z94Iim2E+HbLd5Z3fwxkw7KeV5ItQKjU/EkHQBT1vTocLUgTDLztLl4
ojvBxnRxvvmAivhDm9/raeba2n8ydivFjG/lflzZTDjHYzXXG9Hu78MCQnSMLTFJ
l2rI7Xrs2AUKA7Fv98UT1B5kefy8mzXkRI4JvnKO6vzAbuL6lfRrMTORXijRSMS1
7DVyltp/ZBUZxzETefoSz3Pawbxi5mvv4X7Vza1Um9ZmE4J3SbPML1qI/y+Yy8fx
yervf4KQyxzIflv/SzF5remeDtOTrJrWhX3++scnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMh2Vo7CahbpZgFUIJyDK0OqNiVswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxNDcwY2I4LTZlYTEtNDM1ZS1hNmU5LTEyODJhOGY2ZjQxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/JQwDQYJKoZIhvcNAQELBQADggEBANQHi90UU6FOrxziXrLoISVqodEm
frhy8wcSUh5qSzNHVRCUy/CWJrcDVHpVO69TUaB1eY+LPPhqgTKeg5MM+V7sj9Ry
LZc3Qqe+LIpiLX31wEOF+hJ+XZVvGtDj1saoI1nbaeKNVKaCjyKgKU0NDazgbLzf
ZMPx56o2gyqNNj5VwpfW71GFCzaee1OKuHxJ27xiNC73rNcl9mT90uXzX8Ck3vC5
KWDAbVQrDloIfSoc5vykT080GFIQGLSefMuCbgC7REuLSqTrJfJnMsKbV+pSpt7Y
fSPQKPf2kQ2ZWVjXUlbMRbaksy/mXlGy8QvFx0o3KW8mn3X6ixAoyc+g68I=
-----END CERTIFICATE-----