Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3472f95f-9cea-4d67-bbc5-e00e4ed6dc79.roa
File:                     3472f95f-9cea-4d67-bbc5-e00e4ed6dc79.roa (raw, json)
Hash identifier:          7ecyaCO+xCcdO+KFA+AtGkCQMv+/vf0QamT9fsHKzns=
Subject key identifier:   35:D4:2E:16:43:13:DD:CA:0F:B2:A9:58:9E:44:DA:FF:EB:27:8D:65
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       456BB503CC1317D056B299CBA4DD17F179C0761B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3472f95f-9cea-4d67-bbc5-e00e4ed6dc79.roa
Signing time:             Sat 18 Oct 2025 00:21:49 +0000
ROA not before:           Sat 18 Oct 2025 00:21:49 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.88.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:6b:b5:03:cc:13:17:d0:56:b2:99:cb:a4:dd:17:f1:79:c0:76:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 00:21:49 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=3cabb29c83cc8d654087420a0e1fd0ecb3b81a72f3280cd3b37a3c51bbcc5e38, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b0:d4:d7:b3:82:ff:42:94:1b:4f:e9:2e:fa:
                    8c:69:68:ab:d1:1b:5b:b8:23:ac:ff:7f:f2:3f:52:
                    c2:b5:2a:d1:7e:f6:fc:8b:d4:cc:11:a7:eb:ca:c3:
                    3b:5a:32:8e:c6:e9:f7:1e:ca:b5:cd:31:1b:a1:b4:
                    9f:96:a0:13:da:a1:6d:62:43:83:1c:d7:15:b2:5d:
                    46:00:84:5a:25:af:ab:7f:b3:c6:e7:cb:c4:2f:66:
                    cd:71:f1:b7:4a:87:f1:89:7e:b5:79:a9:53:b1:97:
                    5c:27:ee:63:3c:9a:63:63:66:c0:8b:c4:5f:a8:54:
                    01:9f:ef:0b:0f:d4:5b:84:e0:54:59:d8:6e:3b:fd:
                    3f:0b:99:36:21:bc:bc:10:6b:50:ca:18:1a:1b:28:
                    42:25:0e:21:e7:e5:f7:ff:e2:da:b5:25:21:20:ff:
                    a8:e0:0e:e0:9e:c4:6b:12:24:f7:66:4f:bb:c0:0f:
                    e8:f5:76:7e:b8:49:28:d4:1a:06:2c:88:66:20:3f:
                    c0:8e:68:2e:4c:f4:10:d4:61:a7:07:5e:44:39:5f:
                    8e:40:c0:1b:44:26:2d:97:84:05:67:ef:5d:20:ba:
                    27:2b:bb:ef:2b:76:a1:3a:95:49:36:95:46:60:1b:
                    39:70:1c:b3:b5:c5:03:b1:af:e1:51:0e:d6:84:c6:
                    b9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D4:2E:16:43:13:DD:CA:0F:B2:A9:58:9E:44:DA:FF:EB:27:8D:65
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3472f95f-9cea-4d67-bbc5-e00e4ed6dc79.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:f6:fd:8a:bf:d0:c5:3c:90:09:f0:67:eb:9f:27:13:c0:95:
         4d:2d:50:34:6e:03:59:a1:4c:15:ab:16:c5:01:47:38:a8:ef:
         dc:ea:7e:e7:40:88:83:4a:f6:44:22:4e:5f:d8:92:23:bb:12:
         f0:ea:55:73:33:cb:8e:67:e1:e0:d5:3d:94:c5:87:df:f3:3f:
         41:98:44:16:0a:4f:e4:86:d9:dc:c2:d2:1f:e6:eb:9c:93:02:
         de:a3:ee:f9:84:10:5e:f8:8c:41:c7:b1:6b:e0:9a:fc:ac:0f:
         7b:ad:b1:1f:cf:d3:55:22:21:3c:8d:17:65:82:b4:87:90:2c:
         f0:ed:9e:d7:5e:25:88:fa:5d:cf:44:9f:0a:d4:7a:58:02:d2:
         27:94:22:b4:83:34:33:8d:1b:85:38:b1:a5:40:73:bf:29:a3:
         d5:54:ae:45:87:40:0a:c7:b9:d3:c1:99:0c:7f:99:bc:a0:5b:
         bf:5e:ab:47:08:e6:6e:b2:1d:0d:40:c3:28:55:68:64:39:c3:
         63:2e:cf:54:c7:0e:0a:12:8d:36:ae:ac:d8:c9:13:64:05:fc:
         4b:ca:b4:2c:28:6f:ad:17:b1:7f:be:41:ff:0c:99:47:0f:93:
         0f:a7:2c:3f:1c:b4:bc:e4:da:1b:b5:cc:fc:43:10:0a:36:90:
         c0:b7:79:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURWu1A8wTF9BWspnLpN0X8XnAdhswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDAyMTQ5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2FiYjI5YzgzY2M4ZDY1NDA4NzQyMGEwZTFmZDBlY2Iz
YjgxYTcyZjMyODBjZDNiMzdhM2M1MWJiY2M1ZTM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/sNTXs4L/QpQbT+ku+oxpaKvRG1u4I6z/f/I/UsK1KtF+
9vyL1MwRp+vKwztaMo7G6fceyrXNMRuhtJ+WoBPaoW1iQ4Mc1xWyXUYAhFolr6t/
s8bny8QvZs1x8bdKh/GJfrV5qVOxl1wn7mM8mmNjZsCLxF+oVAGf7wsP1FuE4FRZ
2G47/T8LmTYhvLwQa1DKGBobKEIlDiHn5ff/4tq1JSEg/6jgDuCexGsSJPdmT7vA
D+j1dn64SSjUGgYsiGYgP8COaC5M9BDUYacHXkQ5X45AwBtEJi2XhAVn710guicr
u+8rdqE6lUk2lUZgGzlwHLO1xQOxr+FRDtaExrlhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNdQuFkMT3coPsqlYnkTa/+snjWUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0NzJmOTVmLTljZWEtNGQ2Ny1iYmM1LWUwMGU0ZWQ2ZGM3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFBCVgwDQYJKoZIhvcNAQELBQADggEBAG72/Yq/0MU8kAnwZ+ufJxPAlU0t
UDRuA1mhTBWrFsUBRzio79zqfudAiINK9kQiTl/YkiO7EvDqVXMzy45n4eDVPZTF
h9/zP0GYRBYKT+SG2dzC0h/m65yTAt6j7vmEEF74jEHHsWvgmvysD3utsR/P01Ui
ITyNF2WCtIeQLPDtntdeJYj6Xc9EnwrUelgC0ieUIrSDNDONG4U4saVAc78po9VU
rkWHQArHudPBmQx/mbygW79eq0cI5m6yHQ1AwyhVaGQ5w2Muz1THDgoSjTaurNjJ
E2QF/EvKtCwob60XsX++Qf8MmUcPkw+nLD8ctLzk2hu1zPxDEAo2kMC3eeQ=
-----END CERTIFICATE-----