Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/382ea034-1760-4f7d-9696-46829dbcbd76.roa
File:                     382ea034-1760-4f7d-9696-46829dbcbd76.roa (raw, json)
Hash identifier:          8nn4sF0jCfNGzoB9Q4GZCPR//skxn5oPocbwcfcLsX4=
Subject key identifier:   CC:98:5D:44:57:15:6D:77:D3:8D:80:F8:42:17:94:ED:7A:A9:6C:E1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A873C51068EE7ED5BC5BC15E309F56CC7FCA343
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/382ea034-1760-4f7d-9696-46829dbcbd76.roa
Signing time:             Tue 14 Oct 2025 17:52:41 +0000
ROA not before:           Tue 14 Oct 2025 17:52:41 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.107.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:87:3c:51:06:8e:e7:ed:5b:c5:bc:15:e3:09:f5:6c:c7:fc:a3:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:52:41 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=109b013840187373d300553db8091662712d7217b7374e294bfa7923e0d7de06, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fc:73:80:c5:b5:15:2d:66:43:82:cf:e7:a5:
                    30:2b:cb:fb:84:7a:31:d7:b5:bf:16:a5:83:33:a1:
                    db:13:38:81:ec:30:89:bf:a8:08:2f:50:70:99:75:
                    b4:45:ac:86:9d:67:d7:94:ae:58:a0:4d:12:9a:15:
                    e8:39:dc:19:e3:c6:7f:35:08:5e:9e:14:6e:57:55:
                    8d:66:90:eb:c3:a7:a6:b1:09:2f:65:b6:54:1d:09:
                    a9:79:86:77:a4:34:88:76:b9:58:7f:52:18:a8:b6:
                    53:58:d6:f9:0c:23:41:25:e1:27:9e:61:9f:a9:57:
                    33:00:6f:60:f5:f7:e9:60:aa:9f:6f:9b:a5:09:6a:
                    1b:c7:4c:03:a3:5b:4b:44:2d:93:49:f5:ec:44:94:
                    14:42:f6:d7:03:09:9e:63:e6:c7:f1:fe:ba:fd:56:
                    32:36:77:d9:15:c1:4b:a3:5b:f9:95:40:ac:88:7d:
                    8f:bd:7c:c6:81:f0:fc:7d:b2:c5:d4:71:50:ef:04:
                    0d:48:50:99:d5:8b:73:d3:44:79:fa:31:9c:d3:a8:
                    bb:ec:50:ac:1c:43:a0:96:16:1f:10:f0:23:33:97:
                    0f:1d:a9:6c:79:58:03:f9:1a:fb:0c:bc:a7:2e:7d:
                    a1:33:ef:63:e3:9c:25:a4:c9:33:04:b1:d3:83:73:
                    60:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:98:5D:44:57:15:6D:77:D3:8D:80:F8:42:17:94:ED:7A:A9:6C:E1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/382ea034-1760-4f7d-9696-46829dbcbd76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:5f:1f:68:0d:62:1d:28:36:33:b6:0c:45:19:c6:f4:df:de:
         c7:c6:74:9d:0a:8a:46:2f:39:cc:c4:7b:5c:f3:f0:b4:54:42:
         86:a4:98:0c:fe:03:74:6a:5b:a0:2b:26:51:08:16:15:61:ee:
         cd:cf:33:e4:6c:52:22:27:63:00:1a:45:5a:27:cc:5c:73:4e:
         86:a9:0c:7f:c8:8e:ed:03:ac:63:e4:a5:76:52:ec:b9:fa:fa:
         15:7e:22:16:64:73:64:bc:1c:cc:9f:4e:5b:e8:aa:c3:d4:32:
         51:3f:73:62:c6:7c:e3:1c:7a:b3:d4:a1:3e:2c:5a:97:c7:00:
         da:f3:2e:64:6a:c6:6f:30:ed:ed:39:6b:31:e9:a6:fe:9e:b6:
         db:26:f4:79:4b:4a:a3:29:a3:c0:f8:5a:23:56:a9:4a:24:1f:
         da:77:50:0c:83:e4:eb:87:44:fd:0b:1f:c0:94:2e:de:b4:bc:
         5d:09:73:db:15:dd:ec:db:a3:1a:65:cf:af:5c:20:a0:00:90:
         e2:9b:ac:bd:d1:1a:3b:ec:8d:ed:36:3f:22:7b:ec:ba:f1:d7:
         c3:28:62:75:06:e0:2d:0e:eb:66:0f:5d:f2:e8:cf:ff:a9:5e:
         06:14:59:a7:67:51:d5:50:1e:25:8a:99:a9:2e:27:01:09:25:
         26:14:f0:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWoc8UQaO5+1bxbwV4wn1bMf8o0MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc1MjQxWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMDliMDEzODQwMTg3MzczZDMwMDU1M2RiODA5MTY2Mjcx
MmQ3MjE3YjczNzRlMjk0YmZhNzkyM2UwZDdkZTA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd/HOAxbUVLWZDgs/npTAry/uEejHXtb8WpYMzodsTOIHs
MIm/qAgvUHCZdbRFrIadZ9eUrligTRKaFeg53Bnjxn81CF6eFG5XVY1mkOvDp6ax
CS9ltlQdCal5hnekNIh2uVh/UhiotlNY1vkMI0El4SeeYZ+pVzMAb2D19+lgqp9v
m6UJahvHTAOjW0tELZNJ9exElBRC9tcDCZ5j5sfx/rr9VjI2d9kVwUujW/mVQKyI
fY+9fMaB8Px9ssXUcVDvBA1IUJnVi3PTRHn6MZzTqLvsUKwcQ6CWFh8Q8CMzlw8d
qWx5WAP5GvsMvKcufaEz72PjnCWkyTMEsdODc2AXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzJhdRFcVbXfTjYD4QheU7XqpbOEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4MmVhMDM0LTE3NjAtNGY3ZC05Njk2LTQ2ODI5ZGJjYmQ3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmGswDQYJKoZIhvcNAQELBQADggEBAGZfH2gNYh0oNjO2DEUZxvTf3sfG
dJ0KikYvOczEe1zz8LRUQoakmAz+A3RqW6ArJlEIFhVh7s3PM+RsUiInYwAaRVon
zFxzToapDH/Iju0DrGPkpXZS7Ln6+hV+IhZkc2S8HMyfTlvoqsPUMlE/c2LGfOMc
erPUoT4sWpfHANrzLmRqxm8w7e05azHppv6ettsm9HlLSqMpo8D4WiNWqUokH9p3
UAyD5OuHRP0LH8CULt60vF0Jc9sV3ezboxplz69cIKAAkOKbrL3RGjvsje02PyJ7
7Lrx18MoYnUG4C0O62YPXfLoz/+pXgYUWadnUdVQHiWKmakuJwEJJSYU8Lg=
-----END CERTIFICATE-----