Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/352e6ecd-2c56-4d98-bd90-daa78dfcf3c0.roa
File:                     352e6ecd-2c56-4d98-bd90-daa78dfcf3c0.roa (raw, json)
Hash identifier:          K5FSztzkMbIgy0ysq+CrhzQ7P81H034N+5gltojSKY4=
Subject key identifier:   71:4F:CB:86:A9:8F:36:E2:77:B6:9A:A0:9F:27:28:A5:67:76:A9:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       474A6E1754ABB9064C1945E2B2D9B671347D0D6B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/352e6ecd-2c56-4d98-bd90-daa78dfcf3c0.roa
Signing time:             Sun 19 Oct 2025 00:21:22 +0000
ROA not before:           Sun 19 Oct 2025 00:21:22 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        72.44.32.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:4a:6e:17:54:ab:b9:06:4c:19:45:e2:b2:d9:b6:71:34:7d:0d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 00:21:22 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=a8e1472c11670ab6c5a15f0f4076e795938122be1a40e0b77225322db0bea194, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0b:2e:e8:fc:36:ec:60:f2:e6:3f:b7:fa:a2:
                    51:a6:22:8c:da:3f:66:9e:63:1d:a7:47:79:f8:35:
                    11:7d:0a:b0:4e:60:89:71:92:1c:d2:97:db:b5:90:
                    3d:16:47:43:74:2d:41:62:52:71:58:c2:b3:ed:be:
                    3d:40:c5:4a:aa:48:fd:a5:6b:6d:ff:0a:36:79:4c:
                    67:e5:4f:9e:95:bc:02:59:4e:5d:7b:84:74:c7:dd:
                    d9:92:f8:07:6f:04:fa:a3:d3:fd:96:44:8c:64:49:
                    f4:bd:36:5c:0e:b7:91:bb:ed:6f:50:af:f1:ea:f2:
                    9e:c5:e1:f8:a7:67:44:c7:28:fe:d0:3b:d6:aa:62:
                    0c:62:e8:00:2a:36:42:1c:89:37:01:1c:f5:a4:d8:
                    d3:c3:93:bc:1d:cb:ed:d2:6f:fc:8f:6c:c5:61:01:
                    03:b4:66:7c:2d:34:d8:28:90:c8:99:0c:54:70:e4:
                    de:37:fc:97:b9:76:04:30:39:84:3f:9c:40:fa:14:
                    30:a9:75:f3:66:84:ae:25:10:cd:be:28:3d:cb:d9:
                    09:fe:04:00:ab:66:9b:b1:b7:7d:cf:1a:f4:a2:d3:
                    a5:b1:a0:a5:36:99:af:91:c7:78:94:99:3f:7e:85:
                    34:9a:42:f4:29:00:90:64:54:c0:b7:95:bb:2c:a8:
                    fa:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:4F:CB:86:A9:8F:36:E2:77:B6:9A:A0:9F:27:28:A5:67:76:A9:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/352e6ecd-2c56-4d98-bd90-daa78dfcf3c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.44.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:bd:6b:50:39:b8:c7:5e:1f:63:33:f4:e1:e7:e4:c9:8b:90:
         91:4a:b6:b9:d4:73:d2:32:72:10:d8:36:bb:9c:bb:9e:ed:be:
         ac:49:37:27:df:52:a4:7a:41:1d:a2:c7:e1:c4:47:17:76:f8:
         42:ac:05:db:d3:fd:1f:41:45:ac:42:a7:ab:bb:4e:6d:fa:17:
         6b:07:0f:64:25:0a:8f:a8:aa:8e:a8:be:af:89:ed:2b:9e:a3:
         62:88:d0:70:4e:39:d3:47:3d:8b:e4:f8:ba:ab:4a:81:ac:3a:
         75:a0:22:df:ce:8a:61:f9:50:cb:ef:41:ff:00:ce:3d:71:e3:
         4b:b3:3c:83:b5:9d:57:b9:9c:27:ea:1e:6d:5d:38:95:5d:b3:
         2a:10:a3:47:f0:75:41:29:6c:16:91:56:84:28:6f:f1:5d:b7:
         41:f7:65:a6:80:a9:43:b7:a6:8e:b3:fa:f6:e6:e5:7a:76:f7:
         2a:87:32:23:3c:b6:ab:e8:11:78:34:10:75:8e:e7:78:64:4c:
         c4:41:00:6b:cc:6a:e8:37:3c:b0:46:1a:13:09:ab:bb:b7:a7:
         e6:a5:d0:3e:69:bf:19:da:77:eb:b2:38:d8:39:49:1e:eb:7b:
         58:cd:6b:2a:b8:ad:91:ec:08:b6:8c:97:e8:48:17:4a:e5:9f:
         da:ea:28:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR0puF1SruQZMGUXistm2cTR9DWswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDAyMTIyWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOGUxNDcyYzExNjcwYWI2YzVhMTVmMGY0MDc2ZTc5NTkz
ODEyMmJlMWE0MGUwYjc3MjI1MzIyZGIwYmVhMTk0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFCy7o/DbsYPLmP7f6olGmIozaP2aeYx2nR3n4NRF9CrBO
YIlxkhzSl9u1kD0WR0N0LUFiUnFYwrPtvj1AxUqqSP2la23/CjZ5TGflT56VvAJZ
Tl17hHTH3dmS+AdvBPqj0/2WRIxkSfS9NlwOt5G77W9Qr/Hq8p7F4finZ0THKP7Q
O9aqYgxi6AAqNkIciTcBHPWk2NPDk7wdy+3Sb/yPbMVhAQO0ZnwtNNgokMiZDFRw
5N43/Je5dgQwOYQ/nED6FDCpdfNmhK4lEM2+KD3L2Qn+BACrZpuxt33PGvSi06Wx
oKU2ma+Rx3iUmT9+hTSaQvQpAJBkVMC3lbssqPoxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcU/LhqmPNuJ3tpqgnycopWd2qa8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM1MmU2ZWNkLTJjNTYtNGQ5OC1iZDkwLWRhYTc4ZGZjZjNjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABILCAwDQYJKoZIhvcNAQELBQADggEBAF69a1A5uMdeH2Mz9OHn5MmLkJFK
trnUc9IychDYNrucu57tvqxJNyffUqR6QR2ix+HERxd2+EKsBdvT/R9BRaxCp6u7
Tm36F2sHD2QlCo+oqo6ovq+J7Sueo2KI0HBOOdNHPYvk+LqrSoGsOnWgIt/OimH5
UMvvQf8Azj1x40uzPIO1nVe5nCfqHm1dOJVdsyoQo0fwdUEpbBaRVoQob/Fdt0H3
ZaaAqUO3po6z+vbm5Xp29yqHMiM8tqvoEXg0EHWO53hkTMRBAGvMaug3PLBGGhMJ
q7u3p+al0D5pvxnad+uyONg5SR7re1jNayq4rZHsCLaMl+hIF0rln9rqKEk=
-----END CERTIFICATE-----