Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/329ae325-6a02-4f19-ab2d-61e6d5f83285.roa
File:                     329ae325-6a02-4f19-ab2d-61e6d5f83285.roa (raw, json)
Hash identifier:          LvUYlQw6rosYbBFdDDJOV02R2C5F4ZDJ2WgFuP9ELaU=
Subject key identifier:   C0:20:0D:ED:47:2E:BD:26:16:C8:F7:AA:7A:6E:0F:C5:82:3E:C3:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73EC2E33FB8A237070F739518FFA190975CBE486
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/329ae325-6a02-4f19-ab2d-61e6d5f83285.roa
Signing time:             Sat 18 Oct 2025 02:11:43 +0000
ROA not before:           Sat 18 Oct 2025 02:11:43 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.64.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:ec:2e:33:fb:8a:23:70:70:f7:39:51:8f:fa:19:09:75:cb:e4:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:11:43 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=447c7df97db8076a203fadb280d70f4eed7faa20d12fdbebcb2ab452edc33fac, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:98:ba:e1:e5:dd:02:3d:cd:9c:84:a4:51:a4:
                    fa:6b:50:80:18:7d:f6:4b:c2:b7:45:3b:82:07:31:
                    c9:42:a7:d4:7e:4a:53:69:c7:fd:21:29:cd:43:22:
                    a3:7a:9f:ab:fd:b7:7c:4a:ef:f3:86:07:6b:91:bd:
                    fb:46:2f:6b:9e:d9:02:c0:04:6d:a6:16:f2:a3:03:
                    4b:a8:cb:5f:b3:98:d4:18:13:c8:59:1f:df:41:05:
                    43:f8:3f:75:6e:9d:49:e1:35:88:46:2d:ce:ff:d6:
                    50:ea:5c:17:9a:fb:22:56:9f:51:07:11:93:32:04:
                    7f:7e:d2:6a:ab:98:90:07:94:fa:bb:42:9f:71:43:
                    0a:c0:a4:10:5b:74:d9:6e:f6:fd:8d:47:72:82:fa:
                    f3:72:f0:d2:b2:bd:51:18:f8:9b:83:2a:b8:ae:06:
                    9a:e0:de:2c:4c:dd:90:6d:57:7d:92:5d:1c:d6:4b:
                    28:5d:68:67:93:28:09:9b:09:f6:4b:70:0d:c3:33:
                    2f:37:fb:d2:20:ad:28:e6:ca:03:35:29:10:54:78:
                    a2:08:7a:0e:f7:52:b8:f6:d4:b0:f2:36:6f:97:37:
                    3e:32:62:7f:3e:e2:6f:f8:65:bd:48:7e:ea:dc:93:
                    5a:6f:6b:6f:be:b8:b9:a6:bd:5d:31:f2:b2:fd:05:
                    aa:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:20:0D:ED:47:2E:BD:26:16:C8:F7:AA:7A:6E:0F:C5:82:3E:C3:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/329ae325-6a02-4f19-ab2d-61e6d5f83285.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         83:d9:02:bc:32:f7:14:ee:64:4b:d5:0c:48:14:48:62:68:d1:
         8c:da:26:d3:42:61:98:81:8c:69:66:7d:c8:71:f5:34:d8:6e:
         e5:6c:08:7b:f8:32:66:b5:61:e6:d5:ad:ed:3e:17:9d:6e:20:
         64:34:b0:a9:9e:9e:43:9b:9a:f2:56:5a:6f:54:c7:b6:b1:a2:
         48:56:ae:a1:a8:2e:cc:f3:15:0c:d7:4f:c5:f4:2a:cd:9b:66:
         f3:31:18:a0:b6:7e:6b:9e:fc:07:13:ac:d9:b1:c6:87:82:f9:
         de:10:57:d7:0f:9c:a9:2e:1d:b4:c6:7e:21:b3:71:cc:9f:f6:
         5f:03:bc:ef:d5:6c:c1:09:62:b3:d1:9e:52:bd:23:e7:f8:b0:
         32:ab:07:cd:a2:26:6b:e9:99:f9:dc:d8:08:ab:2c:ad:08:6d:
         62:b2:dd:0b:c2:d7:12:c3:fe:94:b9:9d:e7:22:27:7f:97:7d:
         b9:a0:fd:c5:b6:c5:31:5b:b8:46:f3:ed:06:08:de:fa:46:53:
         3a:95:bb:9e:8a:f5:dd:89:39:46:04:a0:82:72:9a:5f:03:7f:
         5b:bf:d3:89:6c:05:8c:f6:08:b0:99:84:66:3b:8e:ef:fd:20:
         48:d6:5b:3e:d0:55:6e:b5:3b:a0:57:f1:bf:10:67:cc:94:ff:
         75:a1:bf:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc+wuM/uKI3Bw9zlRj/oZCXXL5IYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIxMTQzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDdjN2RmOTdkYjgwNzZhMjAzZmFkYjI4MGQ3MGY0ZWVk
N2ZhYTIwZDEyZmRiZWJjYjJhYjQ1MmVkYzMzZmFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPmLrh5d0CPc2chKRRpPprUIAYffZLwrdFO4IHMclCp9R+
SlNpx/0hKc1DIqN6n6v9t3xK7/OGB2uRvftGL2ue2QLABG2mFvKjA0uoy1+zmNQY
E8hZH99BBUP4P3VunUnhNYhGLc7/1lDqXBea+yJWn1EHEZMyBH9+0mqrmJAHlPq7
Qp9xQwrApBBbdNlu9v2NR3KC+vNy8NKyvVEY+JuDKriuBprg3ixM3ZBtV32SXRzW
SyhdaGeTKAmbCfZLcA3DMy83+9IgrSjmygM1KRBUeKIIeg73Urj21LDyNm+XNz4y
Yn8+4m/4Zb1Ifurck1pva2++uLmmvV0x8rL9Bap5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwCAN7UcuvSYWyPeqem4PxYI+w/EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMyOWFlMzI1LTZhMDItNGYxOS1hYjJkLTYxZTZkNWY4MzI4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANBCUAwDQYJKoZIhvcNAQELBQADggEBAIPZArwy9xTuZEvVDEgUSGJo0Yza
JtNCYZiBjGlmfchx9TTYbuVsCHv4Mma1YebVre0+F51uIGQ0sKmenkObmvJWWm9U
x7axokhWrqGoLszzFQzXT8X0Ks2bZvMxGKC2fmue/AcTrNmxxoeC+d4QV9cPnKku
HbTGfiGzccyf9l8DvO/VbMEJYrPRnlK9I+f4sDKrB82iJmvpmfnc2AirLK0IbWKy
3QvC1xLD/pS5neciJ3+Xfbmg/cW2xTFbuEbz7QYI3vpGUzqVu56K9d2JOUYEoIJy
ml8Df1u/04lsBYz2CLCZhGY7ju/9IEjWWz7QVW61O6BX8b8QZ8yU/3Whv2s=
-----END CERTIFICATE-----